Eset Software's NOD32 v. 2.5

Network Protection

Eset sent a beta of NOD32 2.5 to my office/lab in Gainesville, Fla. Installation included simple network configuration and server assignment work for updates. The update function may seem odd for a program that bases its performance on heuristics, but the combination of behavioral and signature detection is intended to make NOD32 faster and more complete in its malware detection. After installation, NOD32 reminds you that it needs to check for current signatures, installs them and then sets up its five modules for operation.

In my tests, I had NOD32 perform a complete scan on the hard disk of a workstation that until moments before NOD32's installation had been used for testing another antivirus package. On its first pass, the package flagged a file for containing "Probably unknown NewHeur_PE virus." After prompting me to leave, delete or rename the file, NOD32 asked if I would like to submit the file for analysis. This process is part of Eset's ThreatSense.Net, a system for gathering data on new malware and distributing information and data on protection and remediation. It turns out the file was infected, and its information was added to the ThreatSense database.

Profile Creation

A tree structure in the left-side pane provides access to details that show up in the right-side panel, where the profile-creation feature is found. You can set up profiles with different levels of protection based on time, user, location or other criteria, and fill the profile with information on scanning targets, actions taken on positive results, alert types and log entries generated during operation.NOD32's spyware and adware real-time protection, new to 2.5, sends alerts when malware is detected or when any program that could take control of computer actions or data streams, such as a spambot, is found. I downloaded three files known to contain adware, and NOD32 successfully alerted on all three.

If your network uses programs such as Timbuktu for remote access and SpectorSoft for key- logging, you'll need to tell NOD32 to ignore that software, but the "ignore" list is easy to establish and keeps intrusions to a minimum.

Information Access

NOD32 offers configurable alerting, logging and reporting capabilities with both detected event and malware logs sent to administrators using SMTP or network messaging alerts. Additionally, logs can be configured to be stored on the local machine or forwarded to a central console. Remote administration consoles are similar to the individual computer-management screens, with a mirror function available to replicate report changes made by an administrator to the local user.Central management also includes automated updating of enterprise hosts from a central company server, as well as administrator-scheduled updates of signature rollouts and software updates. As with most enterprise antivirus software, local machine settings can be password-protected to prevent users from changing profiles without authorization.

Eset submitted NOD32 to Checkmark for certification evaluation, and Checkmark gave version 2.5 antivirus Level 1, Level 2, Trojan and Spyware Checkmarks. NOD32 is effective protection that's now easier to use and administer than previous versions, and a realistic anti-malware option for large and small organizations.

Curtis Franklin Jr. is a senior technology editor for Network Computing. He has been writing about the computer and network industries since 1985. Write to him at [email protected].