updates to scan the files but also heuristic and advanced heuristic scaning engines are available to scan , even though it is not up to date (virus signature database ).
its user interface in removing viruses,worms......etc is very good . It automatically cleans files by showing an intimaiton at the end of the bottom right corner. It take
very less CPU usage to run on the PC's .
Strong Against Viruses
ESET's NOD32 antivirus gets accolades from all the major independent testing labs. It's certified for virus detection by ICSA Labs and for detection and cleaning by West Coast Labs—WCL also gives it several other checkmark certifications, including antispyware and anti-Trojan. NOD32 has grabbed the VB100% brass ring in every test by Virus Bulletin for the past five years. And Andreas Clementi's AV-Comparatives rated it ADVANCED + (the top rating) for both on-demand virus cleanup and nonsignature virus detection.
Virus and spyware protection are completely integrated, though the advanced setup tree lets you adjust their configurations individually. The standard scan examines memory, disk boot sectors, and all files on all local drives. You can define a custom scan that performs a subset of the standard scan. A powerful scheduling utility automates tasks such as looking for updates, maintaining the logs, and checking files that launch at start-up. In advanced mode, you can use the scheduler to run a scan or even a third-party application on a daily or weekly basis, at a specified interval from 1 to 43,200 minutes (30 days), or whenever a certain trigger event occurs, such as computer start-up or user log-on.
Note, however, that by default the only scheduled scan is the automatic start-up file check. ESET reasons that, because no file can launch without being vetted by the real-time scanner, a scheduled scan isn't strictly necessary. That's a reasonable position. If a regular full scan makes you feel warm and happy, switch to Advanced mode and fire up the scheduler. Here's an unusual touch: You can configure ESS to send a notification via e-mail or the network Messenger service if a virus removal or other security event takes place. ESS scans incoming POP3 e-mail for viruses and malware, but doesn't scan outgoing mail.
So-So Against Spyware
I installed ESS on a collection of test systems infested with malware samples, including adware, spyware, Trojan horses, rootkits, and rogue antispyware. As often happens, I had trouble with one system due to a malicious program that interferes with the installation of security software. On advice from ESET technical support, I ran the company's online scanner—it cleaned up the mad-dog malware and allowed me to complete the installation.
ESS scanned my standard clean test system in 20 minutes; a repeat scan took only 16 minutes. That's speedy—other products generally take from about 24 minutes to an hour on the same system. The test system is a virtual machine with limited disk space, so the timings are only useful as a relative measure. On the other hand, scanning was horrendously slow on one of the test systems, due to all the entrenched malware. After more than an hour, I rebooted into Safe Mode and ran ESS. This launched the Safe Mode scan, which is a stripped-down command-line process—after returning from Safe Mode, you have to check the log to see what it did.
On another system, the scan hung up at the exact same file over and over again, and this time scanning in Safe Mode didn't help. ESET tech support asked a few questions and requested a copy of the offending file. It turns out I discovered a bug in the product, but the very next day they pushed out an update that allowed the scan to finish. ESS's frequent signature updates are very fast, and even this program update took only a minute or so.
ESS distinguishes several categories of non-virus malware. Detection of Adware/Spyware/Riskware is enabled by default, and at install time I chose to detect "Potentially unwanted applications." I didn't realize immediately that detection of "Potentially unsafe applications" (keyloggers, for example) is a different feature, one not enabled by default. I had to turn on that option by changing the ThreatSense parameters in four separate places. And of course I had to repeat all the scans I had run before making this change (sigh). ESET could benefit from a little interface tweaking in this area.
During scanning on several systems, ESS repeatedly popped up notification that it had quarantined one threat or another—but in many cases it reported the same threat again and again. That's not very encouraging; it suggests that the program sees a threat but can't manage to remove it. The quarantine pop-ups warned that cleanup wouldn't be complete until reboot, as did many of the lines in the manual scan log, so I made sure to reboot before checking for successful cleanup.
Out of a possible 10 points, ESS scored a disappointing 7.1. It did remove all the rootkits and Trojans, but it tried and failed to remove many threats, and completely missed several others. In a number of cases, files that it claimed to have quarantined were still present. And even when it did successfully remove all executables associated with a threat (as it must to get full credit from us for removal), it left behind tons of data files and Registry debris. Norton Internet Security 2008 scored 9.3 on this same test, while Panda Internet Security 2008 swept the field for a score of 10.
I made sure to turn on the many "Potentially unsafe applications" options before running a parallel scan using commercial keyloggers. ESS managed 2.0 out of 10 on this test, taking the low-score no-prize away from Panda. It completely ignored the majority of the samples. Even when it recognized and attempted to quarantine other samples, it didn't succeed; most of them kept running despite ESS's efforts. It's definitely possible to identify and remove these products—NIS 2008 scored 10 of 10 on this same test. On the other hand, someone would have to enter your office and physically install the keylogger, so I give less weight to this test. No single security app is going to stand up to spies who are that determined.
I tested the program's ability to prevent malware from infesting a clean system, hoping for better results. ESS's first line of defense is "Web access protection"—blocking the download of known malware. I tried re-downloading all of my malware samples to see if WAP would catch them. It didn't block any of the commercial keyloggers. Among the other malware samples whose URLs were still valid, WAP caught just over half. That's a good start, but McAfee's SiteAdvisor and Trend Micro's TrendProtect blocked almost all the still-present threats.
When I opened the folder containing my already-downloaded samples, ESS quarantined about a third of them on sight. That's not so hot compared with McAfee Total Protection or Trend Micro Internet Security Pro 2008. MTP killed off all but two samples on sight, and TIS 2008 got all but one. For reasons unknown, ESS reported each quarantine action five or six times, but in the end it did eliminate the malware installers that it recognized. And when I teased it with hand-modified versions of those files, it whacked them just the same.
As in the cleanup test, ESS was most effective against the worst malware, perhaps reflecting its antivirus roots. It completely missed several samples, though, and failed to remove a number of those it did recognize. In this case, failure means that it allowed one or more executable files to be installed on disk. Even its successes were messy, with tons of data files and Registry items installed. Overall, it scored 7.4 out of 10 for spyware blocking. In this same test, MTP scored 9.3, TIS 2008 got 9.8, and Panda once again swept completely with an impressive 10 of 10.
In a separate test using commercial keyloggers, ESS recognized only half the samples and didn't manage to block the installation of any it recognized. All but one of the samples it tried to block managed to install and run, and several were visibly logging keystrokes and monitoring other activities. Trying and failing seems almost worse than not trying at all (though I give half-credit for trying). ESS scored 2.5 of 10 in this test, taking the low-score prize for keylogger blocking away from Panda. NIS 2008 blocked all the commercial keyloggers and scored a perfect 10 of 10.
The product's performance in getting rid of malware and keeping it out of a clean system is about the same as that of its previous NOD32 2.5—meaning it's not so great. In theory, the tight integration of antivirus, antispyware, and firewall should provide muy macho protection. In practice, it just doesn't.
Basic Firewall
ESET doesn't sell a firewall product separately from ESS—it's designed as an integrated part of the whole. The firewall notices when you connect to a new network and asks whether or not to allow file sharing. In your home office, sure, you'll allow it; at the Internet cafĂ© you won't (if you're smart). It's completely effective at hiding your computer from outside attack by putting all its ports in Stealth mode. None of my Web-based port scan attacks could get through, and it specifically logged several as port scan attacks. Of course, Windows Firewall does just as good a job of stealthing the ports. Still, not every suite firewall was able to ace these tests.
In its default Automatic filtering mode, the firewall doesn't attempt to control which programs can access the Internet—it just watches Internet traffic and blocks all incoming packets that weren't requested. If you set the firewall for interactive filtering, you get simple user-confirmation program control. Each time a program tries for Internet access, the firewall asks you the first time whether to allow it. Where some firewalls preconfigure access for hundreds—or thousands—of known programs, ESS asks about every single program—including those built into Windows. And where most other firewalls add all programs that access the Internet during a limited "training period" to the trusted list, ESS's automatic filtering does not. Your choice, then, is no program control at all, or old-school, plenty-o-pop-ups program control. While control freaks may enjoy the endless allow/deny power trips, the average user will quickly become annoyed.
After tuning on Interactive filtering, I tried to get around the firewall's program control using a dozen-odd "leak test" programs that exercise techniques used by malware. ESS's real-time protection quarantined all but the newest of these, identifying them as—surprise—leak test programs. But, with real-time protection turned off, the firewall didn't see that these sneaky programs were evading its filter. ESET representatives pointed out that the product is meant to be used as a whole, and that turning off portions of the protection is not advised. I say that if some zero-day Trojan gets past signature-based protection, I'd be happier if my firewall could keep it from "phoning home."
I tried my best to put ESS's firewall protection out of action by using common malicious program techniques. Killing off the user interface in Task Manager was a snap, but the kernel providing the actual protection just wouldn't die. I couldn't stop the product's essential Windows service, but by setting its status to Disabled and rebooting I managed to keep it from launching. This caused ESS to hang at its splash screen, but the firewall protection was unaffected. And I found no way to turn it off by tweaking the Registry. The only attack that worked was my Rube-Goldberg utility that sends fake mouse clicks to simulate a user turning off protection—a very unlikely attack.
You can get the same degree of protection from one of the popular free personal firewalls such as ZoneAlarm or Comodo. The main advantage here is that the firewall is totally integrated with the suite's other protective elements. The disadvantage is that, at the level of protection I recommend, you're going to get a lot of pop-ups for a while.
Smooth Spam Stopper Many spam filters work directly on the POP3 e-mail stream, so if they don't support your e-mail client, you can just define a message rule to sort the spam. ESS's antispam module works only with Outlook, Outlook Express, or Windows Mail, but it will filter POP3, IMAP, Exchange-based mail, or any e-mail account that's compatible with one of its supported e-mail clients. If you're among the vast majority who rely on one of the supported clients, ESS's antispam is more flexible than most. But if you use Thunderbird, Eudora, or The Bat!, you'll have to look elsewhere for antispam.
To avoid filtering out valid mail, ESS whitelists everyone in your address book, checking for new additions each time you launch the e-mail client. It also whitelists any address to which you send mail, as well as the sender of any message you actively mark as Not Spam. A toolbar integrated into the supported e-mail clients offers quick access to antispam settings, plus buttons to mark a message as Spam or Not Spam and to add the sender to your whitelist or blacklist.
Refreshingly, even in the advanced setup tree, there's very little to configure in the antispam realm. The default settings are all sensible, and no significant adjustment is necessary (or possible).
The antispam is clever; the question is, is it tough? To find out, I configured Outlook Express to download mail from two spam-infested real-world accounts and let it process about 2,000 messages. Before starting, I cleared the whitelist, forcing it to evaluate each message based solely on its content. Where a POP3-based solution can slow the download of mail, ESS had no effect whatever on performance. Afterward I sorted the inbox into valid mail from individuals, undeniable spam, and newsletters (valid bulk mail), discarding anything not clearly matching one of these categories. I did the same for the ESET Antispam folder. Then I crunched some numbers.
Spam accounted for over half the messages, and ESS caught nearly 80 percent of it. The majority of the valid messages were newsletters, and it marked less than half a percent of those as spam. That's impressive, as many antispam products have trouble distinguishing between valid bulk mail and spam. But it tossed over 13 percent of valid mail from individuals into the spam folder, which isn't good. Yes, if I had left the whitelist in place, none of those messages would have been blocked. It does seem, though, that this spam filter might occasionally toss valid mail coming from contacts that you've never communicated with before. Keep that whitelist updated!
ESET Smart Security 3.0 is definitely a highly integrated security suite with a solid AV component. If you don't need parental control and want a small-footprint solution, it may do the job. If ESET wants to climb to the top of the security suite heap, however, I'd like to see significantly better accuracy in detecting non-virus malware and in successfully handling the threats it does detect.
Sub-Ratings:
Antivirus: 
Antispam: 
Antispyware: 
Firewall:
Parental/Privacy: N/A
No comments:
Post a Comment