X

First Look: NOD32 antivirus version 3

Running NOD32 antivirus through some paces.

Michael Horowitz

Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.

Disclosure.

Michael Horowitz
6 min read

Although it has it's annoyances, in general, I like NOD32 antivirus vesion 2, from ESET. But a new version was recently released and new software scares me. As I wrote about in November, I hold this truth to be self-evident:

All new software contains bugs and design mistakes.

I recently worked on a Windows XP computer whose copy of NOD32 version 2 had expired the day before. If it's possible to renew a copy of NOD32 v2, then finding out how eluded me. After clicking around everywhere in the user interface, and not being able to learn anything about renewing, I gave up and un-installed it.

ESET

The only indication I found, that the software had expired, was a single message buried in the middle of one of the log files. It would seem that a novice user could continue on their merry way without a warning that their software had expired.

But, that's a version 2 issue and I moved on to version 3, hoping that it was ready for prime time. Since the initial release, NOD32 version 3 has been revised three times.

Here is a first look.

The first thing any anti-malware (malicious software) program has to do just after it's installed is update itself with new malware definitions. This has been true since the product category was invented.

At this point in the game, it's reasonable to expect some sort of notice that the virus definitions are old and need to be updated. But NOD32 is mute. After installation, the user interface just sits there. It doesn't say anything or ask anything. In fairness, it might have triggered a warning from the Windows Security Center, but I turn off the Security Center because it is next to useless.

Turns out that NOD32 is smart enough to determine that an update is needed, and it performs the update in the background. But, just like Spyware Doctor, this is kept secret while the update is in-flight.

Despite the web site touting a 30 day free trial, I installed the trial software on January 1, 2008 and the license was only valid until January 19, 2008. Doesn't inspire confidence.

One of the first things I did was run some scans and then view the scan log. The difference here between Spyware Doctor and NOD32 was night and day. Whereas Spyware Doctor hardly logs anything about each scan, the NOD32 logs are very detailed and a pleasure to review (if you like that sort of thing).


In the course of running some custom scans, I noticed that each new scan included the files and folders selected for the prior scan (great activity logging). This turned out to be a small bug in the display of files/folders selected for the scan.

As the screen shot on the right shows, the selection tree view is pretty standard stuff. What is not standard however, is the checkboxes next to folders with sub-folders. As you can see, all the checkboxes are white, which normally means that no files or folders under that folder are selected. The bug is that there were some selected sub-folders but since the checkboxes were not the standard gray color, I didn't realize it.


While a scan is in-flight NOD32 shows the percent completed so far. During one scan, however, a second percentage was displayed underneath the main one. Adding to the confusion, the bottom percentage went up, then down, then back up, then down again, etc. etc. etc. I think this is because a large zip file was being scanned and my guess is that the bottom percentage is within the zip file. But other files didn't show a processing percentage, and it doesn't explain why the percentage kept going up and down.


Like version 2, a full scan with NOD32 version 3 generates oodles of messages, many of them errors. Again, I appreciate the level of detail, but some of the errors seem avoidable. The first one, as shown above, was an error opening the Windows page file. Windows has had a page file for a very long time. You would think ESET could have learned to deal with it by now.

The second error above was a problem opening a file. I mention it because the file, CACHE.NDB, belongs to NOD32. One part of the product is protecting files from being scanned by another part of the product.

Not to be too negative, the revised user interface in version 3 is an improvement. One thing in particular stands out, the option to use the product with a simple or advanced interface. I think this is a great idea, as it lets both non-technical and technical people use the software with an interface they are comfortable with.

But, there is more

This should have been the end of the story. When I first started writing this, it was. But the next morning (January 2nd), the computer owner contacted me about an error from NOD32. As the screen shot below shows, it complained about a userid and password.


To understand the error message you need to know that instead of simply getting a serial number as proof of ownership, ESET gives their customers a userid and password. When you install the free trial, a default userid and password is generated for you. The password is obscured, on one computer the userid was eavtrial48.

When you install the version 3 trial, none of this explained. All you are told is to enter the userid/password that ESET provides after you pay for the software. Nowhere in the instructions does say what trial users are supposed to do.

In this case, the same user/password that worked on New Years day, was now invalid.

Since I no longer had direct access to the computer in question, I downloaded the trial version of NOD32 v3 another Windows XP computer.

The download procedure had also changed overnight. On the first computer, I had to fill in a form on a web page and provide an email address before I could download the trial software. Not any more.

The basic installation of NOD32 on the second machine went fine, but then this copy too, couldn't update itself. It failed with the same error about an invalid userid/password. And, like the first computer, the trial expired on January 19th rather than in the advertised 30 days.

I contacted technical support at ESET and they responded fairly quickly:

"... In regards to your inquiry, the user name and password that was provided during installation has expired on our end and is not your fault. We are currently working on this issue. As soon as a new user name and password has been issued for the trial version you will be able to download and/or update your trial version of NOD32. If you have additional questions regarding your case or if the issue continues to persist please let us know by replying to this email..."

Three revisions to version 3 were apparently not enough. This is all too typical. As I mentioned earlier, new software scares me. It should scare you too.

Update: January 4, 2008. The problem with the invalid userid/password cleared itself up with no action on my part. The issue was on an ESET server, not on my computer. Added the simple and advanced interfaces.


FYI: CPU magazine just gave NOD32 an excellent review. They also tested the core anti-virus functionality, which I didn't. I'm just a blogger.

Technical information about NOD32 version 3 on the second computer
Product version 3.0.566.0
Virus signature database: 2658 (20071114)
Update module: 1019 (20071030)
Antivirus and antispyware scanner module: 1100 (20071112)
Advanced heuristics module: 1066 (20070917)
Archive support module: 1065 (20071109)
Cleaner module: 1021 (20071101)

See a summary of all my Defensive Computing postings.