Ram and Reason A Darn Good Antivirus: NOD32
by Rob Rice February 2004
So let’s say that you are shopping for new antivirus software. You could just grab the usual copy of Norton or McAfee. Everybody seems to use one or the other. But is Norton or McAfee really any good? Just what are the qualities of good antivirus software? You would want something that will stop viruses, yet not slow down your system. It should protect your e-mail, your Web surfing and your files. The price should be reasonable and it should run in the background without distracting your work.
But how does one tell if an antivirus system really stops viruses? Perhaps the best way is to rely on the test results of independent laboratories. Four independent labs of note are Checkmark, ICSA Labs, the Virus Bulletin and the AV-Test.org. The first three labs do testing which is paid for by the vendor. The AV-Test.org is usually paid by corporations, publications and researchers. Among the antivirus software tested by these laboratories we find an antivirus with an odd name that simply excels. NOD32 by Eset software has won more Virus Bulletin 100% Awards than any other product available. And better yet, it satisfies all of the criteria we outlined above!
Integrated into the new Dell PowerVault 775N System and promoted across the globe by such companies as Canon, NOD32 version 2.0 is an excellent antivirus system that deserves notice.
At first glance, you might say that NOD32 is “old school.” There is no firewall, it does not block spam, spyware, or download your MP3s. This is an antivirus and a darn good one at that.
Gamers and system performance junkies have used NOD32 for years. The reason being is that it uses very little in the way of system resources and it is very fast when scanning local drives. For example, using, an Athlon XP 1700+ system with 512 megabytes of RAM on Windows 2000, NOD32 scanned a 40-gigabyte hard drive in 4 minutes and 48 seconds. This is with Word, Opera and Mozilla open and connected to the Internet. Deep Scanning Heuristics was also enabled. While this may not be a very dramatic test it might provide insight into what one may expect in regards to speed on a home system.
NOD32 version 2.0 is a much friendlier version that its predecessor. Now in its fourth generation, the first time I used NOD32 I had trouble getting it to scan e-mail with anything other than Outlook Express. Not so with version 2.0. I tested with Pegasus, Secure Bat and Mozilla and it was happy with all of them. And if there is any doubt that it is working just have a look at the big notice at the end of your e-mail that says, “This message was checked by NOD32 Antivirus System. part000.txt - is OK part001.htm - is OK http://www.nod32.com”. Some may find this notice a bit intrusive as I did at first, but it does assure your recipients that you scan your e-mail.
There are four main modules to NOD32 which bring about the only other complaint – their names; these go by the un-intuitive acronyms of AMON (Antivirus MONitor) which is the "on-access" antivirus monitor, IMON (Internet Monitor), EMON (E-mail Monitor), and finally NOD32 (yes it is a module in itself) the “on-demand” scanner. Ok, so they make sense up to a point, but when you first lay eyes on them you may be wondering what in the world is going on. From the Help file:
AMON (Antivirus MONitor) is a memory-resident (working in the operating memory after each restart of a computer), file scanning program.
The IMON module serves as an anti-virus monitor of traffic between the system and the outside world (Internet).
The EMON module scans for infiltrations in MAPI compatible e-mail clients, such as MS Outlook® or MS Exchange.
Regarding the NOD32 “On-demand” scanner, this bit of advice is helpful,
A convenient short-cut to trigger the on-demand scanner is available using the right button of the mouse. This feature needs to be selected during installation of the NOD32 system. If enabled, a file may be scanned by right-clicking it, and selecting NOD32 Antivirus System from the pop-up menu.
Some of the key features include:
· Automatic, internet/LAN Update module
· Flexible task scheduler and planning module
· Supports frequent incremental updates and upgrades of the executable components.
· Most updates are performed ‘on-the-fly’ (no reboot is required).
· Unprecedented heuristic analysis capable of exposing DOS, Boot, Win32, macro, script and other viruses and worms in the wild.
· Built-in powerful virtual emulator enables detection of the most sophisticated polymorphic and metamorphic viruses.
· Virus detection in compressed or protected executable files, such as Pklite, Lzexe, Diet, Exepack, CPAV, UPX, AsPack, FSG, Petite and Neolite.
· Support of many archive formats, e.g., ZIP, RAR, ARJ, LZH, LHA, including self-extracting files.
· Detection of viruses in encrypted, password-protected databases and documents.
· Easy-to-use graphical user interface with an alternative, command-line execution.
· Integrates into Windows Explorer’s context menu, allowing quick selection of a scanning target using the right mouse button.
· Scans operating memory and checks its own integrity.
· Cleans, removes and quarantines infected objects.
· Removes infiltrations from files that are locked for writing (e.g., loaded DLL file).
· Removes viruses, worms and Trojans that are running.
· Scans Outlook and Outlook Express e-mail databases.
· Can be scheduled and executed using various users’ profiles.
· Contains a detailed, interactive on-line help.
One should not be put off by the acronyms. These oddly named modules do the work so you don’t have to. The options are what you would expect to find. The interface is intuitive and nicely centralized. Updates are frequent, automatic and painless. A feature that I really like is the right-click menu options, just right-click on a file to scan it for viruses. Another nice feature is being able to password protect the Setup via password protection. Just in case you have someone around who “Just knows better.”
NOD32 supports Microsoft DOS through XP and yes there are Linux and BSD versions available as well. A 30-day trial version can be downloaded from the Web.
As a final note, you may want to test NOD32 yourself, or even your current antivirus for effectiveness. You can do this with the EICAR test file. This is a file in ZIP, TXT, and COM, formats that mimic a virus without using any viral code or fragments. It is used by researchers to test antivirus products and they have made it available to the public. However, it is best to read the accompanying article with the test files just to gain a little perspective of what is actually going on. It is safe to use and I highly recommend it.
NOD32 version 2.0 is a fine piece of work. Many of the rough spots that were present in earlier versions are gone and equally important; it is still excellent at virus detection. I like this product because it focuses on doing what I want it for - killing viruses! At $39 you can’t beat it.
http://www.eicar.org/anti_virus_test_file.htm
Rob Rice is a member of the Oklahoma City PC User’s Group and a computer specialist in Anchorage Alaska. Rob can be reached a: t articles@isp.com.