NOD32 Antivirus System
Date: December 18th 2001
I have to confess that until a couple of months ago I had never heard of an
antivirus program called NOD32. I've used a number of antivirus programs more
or less successfully over the years, and most recently was using GriSoft's AVG
6.0, when I received an e-mail from Rod at NOD32 which lead to an interesting
exchange of data about virus protection in general, and the so far unfamiliar
to me antivirus software NOD32. Curious about this software and the bold claims
about its capabilities I agreed to take it for a test drive.
The first thing I noticed when downloading NOD32 was its cross-platform availability.
NOD32 is available for all major operating systems including DOS, Windows, Novell,
Linux and various flavors of BSD. The second thing I noticed was its small footprint.
The setup file was only 2.5MB in size, which is very small compared with similar
apps like AVG 6, Norton Antivirus, or McAfee VirusScan. Of course this might be
due to the fact that for some reason the manual is not included in the download.
Should you want a manual you will have to download another 4MB worth of data,
and I recommend you do. For some reason the POP3 scanner manual is not included
in the regular manual, so make sure you download that as well. Installation was
pretty straight forward - follow the setup wizard and reboot.
NOD32 consists of three components that all utilize the same antivirus scanning
NOD32 On-Demand scanner is integrated into Windows Explorer. Available via
the right-click menu it scans drives, folders, or files upon request.
Amon On-Access scanner runs in the background and checks files as they are
Configuration is logical and easy to understand, and once Amon is configured
properly, there is usually no need to change anything.
Should Amon encounter an infected file it displays an alert window.
NOD32 for POP3 is an e-mail scanner that inserts itself between the mail server
and your e-mail client to check downloaded e-mail for nasty attachments.
Configuration is easy if you use Outlook or Outlook Express because you can
import your e-mail account settings with the push of a button. If you are using
a different e-mail client you will have to configure it manually. Should you have
multiple e-mail accounts configuration is a little trickier because you'll have
to assign different port numbers, and here is where the manual will definitely
come in handy.
NOD32 comes with an automatic update feature that retrieves the latest virus
definition updates every so many hours to ensure maximum protection without you
having to think about it. This is an extremely important feature that any antivirus
software must have, because without the latest updates the software is virtually
Fast Scan Engine
I was very impressed with NOD32's fast scanning engine. The program was able
to scan entire hard drives with tens of thousands of files in just a few minutes.
This of course varies depending on a number of factors, e.g. the number of compressed
archives to scan, but overall this is probably the fastest virus scanner I've
seen so far. Updates for NOD32 have been coming very regularly, new definitions
are released on almost a daily basis.
NOD32 offers the ability to password-protect software settings of the individual
components to prevent users of the workstation from tampering with the settings
or disabling the software - a useful feature if additional users that cannot be
trusted use the workstation.
Another useful feature is the built-in notification functionality. You can
configure the program to send alerts via SMTP e-mail or over the network to inform
other users or administrators of virus intrusions or program errors.
NOD32 is licensed to users on an annual basis. After purchasing a license
for the first year, the user can renew the license on an annual basis for 70%
of the original license price. This is actually pretty affordable because licensing
not only includes virus definition updates, but also program updates. This means
that as long as you own a license, you can download new versions of the software
for your operating system when it comes out.
Does it work ?
How do you determine whether antivirus software works? The main purpose of
antivirus software is to identify and block viruses and trojans that are circulating
in the wild. It doesn't matter which virus software can recognize "the most" viruses,
or whether it detects all viruses in a test collection consisting mostly of non-functional
viruses, viruses that haven't been in circulation for years, or artifical viruses
that were created solely for testing purposes. Neither does it matter how many
copies the software has sold or how many companies are relying on its protection.
Antivirus software only works if it can deal with real-life viruses that make
their way into your inbox, your browser, or your network right now.
Virus Bulletin magazine is a technical journal on developments in the field
of computer viruses and anti-virus products. VB test antivirus software on a monthly
basis and awards products that that detect all "In the Wild" viruses during both
on-demand and on-access scanning in certain Virus Bulletin tests with its VB100%
award. More details on what this award is all about can be found at http://www.virusbtn.com/100/whatis.html
The WildList - http://www.virusbtn.com/WildLists/
- that is used to test the antivirus programs is a cumulative list of viruses
that are active and in circulation as reported by 64 virus information professionals,
therefore representing a real-world environment of virus threats that any antivirus
program should be able to deal with effortlessly.
What's really interesting are the comparative results of the VB 100 tests as
you can see at
http://www.virusbtn.com/100/vb100sum.html. This statistic shows how many times
an antivirus program was submitted for testing, how many times it succeeded to
detect all "In the Wild" viruses during both on-demand and on-access scanning,
and how many times it failed. To make the results easier to interpret, I created
a small table with each program's stats, and calculated the success ratio of each
software by figuring out the percentage of how much the program succeeded out
of all the times it was tested. Check out the results:
It's interesting to see that not a single program was able to take care of
all viruses any time it was tested. But the scary part is to see the success ratios
of the programs tested. NOD32 stands out with a success ratio of 93%, failing
only once in the 16 times it was tested, making it by far the most reliable antivirus
software in this round-up. Other known software like PC-Cillin, AVG, Panda, McAfee,
and InnoculateIT look pretty pathetic in comparison.
Of course this is only one possible test scenario of many, and it is not the
ultimate test, but it is a very good and realistic representation and gives a
good indication of antivirus software capabilities.
As far as virus detection is concerned, NOD32 so far has worked very well for
me. All 3 components did reliably and consistently identify and block known viruses
such as Sircam, Anset, and Badtrans, as well as the Eicar test virus that came
in via Outlook 2000, were saved on my hard drive, or were attempted to be downloaded.
Like any other software, NOD32 is not perfect. During my testing I ran into
several issues, oddities, and things that could use some improvement.
At one time, the Amon on-access scanner stopped functioning for no reason.
Even though it was supposedly running, I was able to launch an infected attachment.
Rebooting fixed the issue. This was on my main workstation while running numerous
other programs, and I was not able to reproduce it again.
Amon does have a noticeable overhead when accessing files, opening programs,
etc. I noticed that applications were loading a tad slower, and that MP3 playback
skipped momentarily when opening certain applications and files. While it did
not cause any problems, it did affect performance a little bit.
Most antivirus programs offer a scheduled scan feature, allowing you to automatically
scan your machine on a regular basis, but NOD32 does not offer this option. One
could argue that NOD32 prevents the machine from getting infected to begin with,
and in case of infection a manual scan will take care of things, making the scheduled
Weakest Link: The POP3 Scanner
The POP3 scanner was the component that in my opinion could use the most improvement.
First off, it is not automatically configured during installation. It requires
varying degrees of manual configuration, depending on which e-mail client you
use. For users of Outlook and Outlook Express, e-mail account information can
be imported automatically with the push of a button. Users of other e-mail clients
like Eudora or Netscape need to configure each account manually, which can be
a bit confusing for beginners. The manual, again a separate download, for the
POP3 scanner is definitely needed for initial configuration. Since it requires
also modification of the e-mail client settings, it's important to record the
original settings before making changes.
Once the POP3 scanner is up and running, it monitors all incoming e-mail for
viruses. While it performs that function well and consistently offers a pop-up
window with a warning if a virus-infected e-mail is downloaded, it does not offer
the option to delete or quarantine the item.
It also does not monitor out-going e-mail, which in my opinion is an important
feature in this age of self-propagating worms. Again, one could argue that NOD32
prevents a virus or worm from launching in the first place, but virus protection
should always consist of several layers.
The most important function of antivirus software is to detect and block viruses.
NOD32 does this very well, and proves its reliability in the tests detailed above.
It also has superior heuristic scanning abilities, making it very effective in
detecting unknown viruses. NOD32 claims that not only did it detect and block
big-gun viruses like CIH, Melissa, LoveLetter, etc. a long time before any competitor,
but also the "gnomes" in the ESET virus lab are extremely fast and good in analyzing
viruses and releasing blocks and fixes well before competitors do. This degree
of protection makes NOD32 a clear winner in my book.
While the weak points mentioned above are mostly minor issues, enhancement
requests, etc., fixing those would really put the cherry on the pie. Ease-of-use,
easy setup and configuration is important for the user. Nowadays these attributes
are almost a requirement. As sad as it might sound, good software can fail if
it is tough to use, while bad software can succeed if it looks good and is easy
Overall, NOD32 is a first-rate antivirus
program that offers several levels of superior protection combined with ease-of-use.
That makes it a winner in my book.
Submitted by: Alex "crazygerman" Byron
here for comments about this review . . .