RNFolsom

Swex: You wrote: "Hi Roger, "FYI, Here is that EMET thread of yours: https://forum.eset.c...rience-toolkit/ " Thanks for your response to my confusion. Roger

At least for now, I will ignore the opportunity to install version 8. My concerns are in a different thread, at https://forum.eset.com/index.php?app=core&module=search&do=search&fromMainBar=1 R.N. (Roger) Folsom

I gather that ESET NOD32 version 7.0.317.5 (which was replacing version 7.0.302.26) is now being replaced by version 8. But version 8 worries me, because according to each of the two ESET links below, "Important: Before the installation we recommend you uninstall all other security solutions, including older versions of ESET. Click here to learn more." I am fussy about my ESET NOD32 settings, and uninstalling an older version before installing a newer version will require going through all of the settings from scratch. The two links are: hxxp://www.eset.com/us/download/home/detail/family/2/ and hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN146 For previous versions, I recall previous debates about whether a newer version could be installed on top of a current version, or the current version had to be uninstalled before the new version was installed. Different places in Eset's documentation would say contradicting statements about that. Are we going to have to go through that confusion again for version 8? ---------------------------------------------------------------- I also wonder: For a 64-bit Windows7sp1 Dell Precision M4700 laptop (now running version 7.0.302.26), and no smartphones and other gadgets, what are the benefits of ESET NOD32 version 8 compared to version 7.0.302.26? And for a 64-bit Windows7sp1 Lenovo Thinkpad T530 laptop (now running version 7.0.317.5), and no smartphones and other gadgets, what are the benefits of ESET NOD32 version 8 compared to version 7.0.317.5? I am hoping that someone more knowledgeable than me will clarify these issues, or tell me where in these forums to find the answers. R.N.(Roger) Folsom

On my two computers, one (the older) is using ESET NOD32 version 7.0.302.26 The newer is using 7.0.317.4 I think I will stick with those, until the Product Update "Check for Update" reports that the newest version (8.x) is available. That way I have some confidence that if version 8.x has a bug or two, it will have had time for ESET to fix it. And I will have more time to learn whether version 8.x will be compatible with Microsoft's "Enhanced Mitigation Experience Toolkit 5.0." There is a recent thread about that, started by me, but now I can't find it. The very helpful responses that I got both were very enthusiastic about Microsoft's "Enhanced Mitigation Experience Toolkit 5.0," but now I can't find that thread. R.N. (Roger) Folsom

SweX and Proactive Services: Thanks for the information that EMET works nicely with ESET (although not with some badly-written software). I was hoping for that answer. I don't use Adobe Reader (although I do use Adobe Flash Player, recently installed version 15.0.0.152). Instead, I use Tracker Software's PDF-XChange Viewer and PDF-XChange Editor. P.S. to SweX: Thanks for the information that "Your Dell Precision notebook does not find the latest 317. build as it has not been released as a PCU (program component update) via the in-built updater in the GUI, so you have to download that version from the ESET website . . . " As a genuine ignoramus, I am curious about the following: I assume that GUI is Graphical User Interface, and that ESET at some point will release the latest 317 build as a program component update that uses a "in-built updater" in my Dell laptop's GUI. Or is the "in-built updater" something that ESET will eventually install? For now, I am comfortable with my Dell's ESET NOD32 version 7.0.302.26. [Today I corrected that number in my original post.] But if version 7.0.317.4 is worth downloading and installing, I will do that. A Google search gave me the following download site for an Offline installer (my usual behavior) for 64-bit computers [for me, laptops]: hxxp://www.eset.com/us/download/home/detail/family/2/#offline,137,ENU In any case, thanks very much to both of you for all of the information I have received here. R.N. (Roger) Folsom

Last Thursday, 25 September 2014, the Windows Secrets Newsletter (and also the Windows Secrets Lounge) included a message by frequent contributor Susan Bradley about a new version (5) of Microsoft's Enhanced Mitigation Experience Toolkit (aka EMET) as additional protection from malware. For people who are not Windows Secrets Newsletter subscribers, it can be read (probably after a log-in) at hxxp://windowssecrets.com/newsletter/enhance-windows-online-security-with-emet-5/ I had never before heard of EMET, so I downloaded it and have studied it. It looks worthwhile, but I don't want it conflicting with my use of ESET NOD32. With regard to that issue, Ms. Bradley's post included the following statement: "EMET is a free, standalone security application, but it’s not an all-purpose anti-malware tool. It works alongside Microsoft and third-party anti-malware apps to protect against attacks that target common software such as Internet Explorer, Office, Acrobat, and Java. It’s compatible with all supported versions of Windows, from Vista SP2 and Windows Server 2003 SP2 through Windows 8.1 and Windows Server 2012 R2. "A common misconception is that EMET is an enterprise IT tool. Though it’s well suited for that environment, Microsoft clearly states that it’s also applicable for home-PC security." If anyone reading this has found that Microsoft's Enhanced Mitigation Experience Toolkit --- either the latest version 5, or previous versions --- works successfully with ESET (or doesn't work with ESET), please let me know. I would also be interested in whether or not installing EMET would be redundant. Thanks. R.N. (Roger) Folsom ________________________________________________________________ P.S. My two Eset versions (different laptops, both 64-bit and running Windows7 sp1) are 7.0.302.26 on a Dell Precision M4700 laptop and 7.0.317.4 on a Lenovo Thinkpad T530 (acquired after I acquired the Dell). Why the Dell keeps telling me I have the latest version, I know not. But that's not the issue here.

I am sorry to have to say that Private Internet Access has a serious problem: It works only on Administrator accounts. A link that makes that clear (including my own unhappy contribution) is available at https://www.privateinternetaccess.com/forum/index.php?p=/discussion/2209/pia-windows-client-does-not-work-for-non-admin-windows-users/p1 So today I will be investigating Arakasi's suggestion (11 August 2014 - 03:09 PM) of using vpnsecure.me (https://www.vpnsecure.me/). (I definitely would want 2048 bit keys.) Another alternative that I am considering is VikingVPN (https://vikingvpn.com/) R.N. (Roger) Folsom

Personally, after using Eset beginning with its version 2 (I'm now on 7), I have always had very good support --- with one annoying exception. From time to time Eset warns me of a possible threat on my computer, and asks me to "Please submit this object to ESET for analysis." But the message never includes an option (i.e. a button) to click on to submit the object! Instead one must struggle to figure that out, or else give up. That button is essential, and I can't figure out why it isn't included. After studying an Eset message about a threat (copy below) that I received today, I essentially gave up, and deleted the message window. Then I remembered that I had a similar threat earlier this year, and had taken the time to find how to submit a threat for analysis. The link is: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141, and I had downloaded and saved its instructions, but had forgotten that I had done that. Unfortunately, my recollection was too late to submit today's threat (The instructions included that I should get an image of Eset's message --- easy to do using Thornsoft's Clipmate --- but I couldn't do that because I had deleted the window.) There should have been an option to submit today's threat, without uninstalling software that I installed in 01-Dec-13, and have used successfully. R.N. (Roger) Folsom ================================================================ On my computer, today's threat was the following (the items in all caps are my add-ons): Warning Potential Threat Found Object: C:\Program Files (x86)\Raxcp\PerfectUpdater\perfectupdater.exe Threat: a variant of Win32/Systweak.H Potentially Unwanted Application Please submit this object to ESET for analysis. [Clean] [No action] (Advanced options) Show alert window Copy to Quarantine Submit for analysis Exclude from detection ALL OPTIONS ARE CHECKED I CLICKED ON NO ACTION, BECAUSE I DO NOT WANT THIS RAXCO SOFTWARE REMOVED.

I am not complaining, but today I experienced a surprise. I have four Eset NOD32 accounts (for use while I was still using a WinXPsp3 Dell C840 and setting up a Win7sp1 64-bit Dell M4700 laptop, and my wife is still using an IBM-A31 WinXPsp3 laptop while I am still setting up her new Win7sp1 64-bit Lenovo Thinkpad T530). Today I decided it was time to install Eset NOD32 onto her T530. But when I tried to install NOD32 7.0.302.26 --- my M4700 laptop Eset's "Check for update" says 7.0.302.26 is up to date --- the Thinkpad's screen said that there was a new version, and it installed 7.0.317.4 without asking my permission. In this thread, seeing some complaints about 7.0.317.4 is a bit unnerving, but I am hoping that all goes well on my wife's Thinkpad. I do think that there ought to be some consistency. I'm guessing that 7.0.302.26 would have been a safe install on the Thinkpad, and I'm hoping that all goes well, so that I don't have to uninstall 7.0.317.4 and then struggle to install 7.0.302.26. (I always save the installation file even after the software is installed, but 7.0.317.4 didn't let me do that. Of course, I could download it separately.) I do expect to install 7.0.317.4 on my Dell M4700, but not until its "Check for update" agrees that 7.0.317.4 is safe. With some worries, R.N. (Roger) Folsom P.S. I very much appreciate that the installer for 7.0.317.4 let me type in my account password and actually gave me an option to see what I was typing, instead of putting in a black dot for each letter or number. (That courtesy goes back to early 1980s operating system software that came out of Columbia University; I forget the name.) Maybe Microsoft will take a hint. And maybe Eset will stop claiming --- at the top of the window that opens by clicking the Eset system tray icon --- that "The virus signature database is up to date" regardless whether or not a database update is available. With that heading, some novice users of Eset might never update the database!

Arakasi: Thanks for telling me about vpnsecure.me. (I already knew about openvpn, because apparently is the foundation for many Virtual Private Networks, including WiFiConsulting's hxxp://hotspotvpn.com/ when I hadn't yet moved from WinXP to Windows7 and could not manage to install it on my Windows7 laptop.) But vpnsecure.me has an interesting note on its website: "Dedicated IP's are separate plans at a different price to our $9.95 shared IP plans, however are shown above as available for use with OpenVPN only. Choose your dedicated IP package under the OpenVPN & PPTP drop down in the checkout." I think I understand that IP stands for Internet Protocol, but I don't know what a Dedicated IP is. Dedicated to what? I have posed that question on vpnsecure.me's website, and I hope I get an answer by email. Thanks for the information. R.N. (Roger)

Arakasi: Thanks very much for the feedback. Re your last two lines: I don't think I will need to exclude filtering, given my good experience with WiFiConsulting's hxxp://hotspotvpn.com/ (when I was able to install it use it on Windows 2000 and XP. In any case, I'm glad to know that on NOD32 the only filtering you can think of is http(s), pop3(s), and imap(s) protocols. SeaMonkey and my ISP (a local, redshift.com) use http(s) and pop3(s), so that's encouraging. Imap I've heard of but never have used. The rest of this post is to let you and anyone else interested to know about some interesting VPNs. Private Internet Access is a VPN company's name. Annual cost: $40. It's "Home" website is at https://www.privateinternetaccess.com/ To get more information click on the other columns there. The most useful one (my opinion) is Contact Us, which is a collection of FAQs. Each one is separate, so I for my own use I created an "open" collection by copying each FAQ into Thornsoft's ClipMate, and then pasting them into Mozilla-SeaMonkey's HTML Composer. Some interesting reviews of Private Internet Access are: PCMagazine, at hxxp://www.pcmag.com/article2/0,2817,2414799,00.asp FreedomHacker, at hxxp://freedomhacker.net/private-internet-access-vpn-review/ An alternative is VikingVPN, $120 annual cost. Website is https://vikingvpn.com/ As nearly as I can see, it's only disadvantage is expense. But my recollection is that roughly $120 is what I paid when I was using WiFiConsulting's hxxp://hotspotvpn.com/, so that price isn't unreasonable. And it might be simpler to use than Private Internet Access is. For a very favorable review of Viking VPN, see FreedomHacker, at hxxp://freedomhacker.net/vikingvpn-review/ The prices I mention above are rounded up to the nearest dollar. Some of my efforts to decide what VPN to use are at Windows Secrets Lounge, at hxxp://windowssecrets.com/forums/showthread.php/163638-Virtual-Private-Network-%28VPN%29-Choices Roger P.S. I also considered ExpressVPN at https://www.express-vpn.com/?a_aid=zpeti, with a favorable review at https://www.bestvpn.com/blog/9405/expressvpn_review/ But my wife and I use only laptops; I don't use ExpressVPN's capabilities for multiple devices.

Arakasi: Please excuse my belated reply. (My excuse is a long boring story.) I very much appreciate your explanation of Two-Factor Authentication, and the hxxp://www.eset.com/us/business/products/secure-authentication/ link. That link made me realize that I can use Two-Factor Authentication on internet websites, but that Two-Factor Authentication is not appropriate for my end of internet connections. I do some economics consulting (mostly I am retired), but my communications with clients are by voice (in person or by land-line At&T telephone) or email. I don't have a website, much less a business website. For someone who has two cellphones (neither qualifying as a smart cellphone; they are roughly ten years old), I am a weirdo. Each cellphone lives in an automobile, and is used very occasionally, and only for talking. Consequently no one calls me using my cellphone numbers, because if they happened to call me on one of my cellphones (probably only my wife and me know the number; it's written on the back of the phone), I would eventually hear it, probably weeks later. Nevertheless, your description of how to use a smart cellphone for Two-Factor Authentication was interesting. Someday I may get a smartphone, and I am happy to know about the Eset's mobile app. Related different issue: I am trying to improve the security of my home office (and of using a computer when in a hotel) by installing a Virtual Private Network. When using Windows 2000 and XP, my own favorite VPN was WiFiConsulting's hxxp://hotspotvpn.com/, and it provided excellent protection. But I found it impossible for me to install successfully (after what I think of as trying for 100 hours or more, due to useless correspondence with WiFiConsulting) on my new Windows7 sp1 64-bit laptop, because my requests for assistance got incomplete and/or generalized answers that weren't specific enough for a non-geek economist (me). So I gave up. Over the past week I have been considering other VPN providers, and I tentatively have settled on Private Internet Access. I had a "chat" with one of their representatives, and asked whether Private Internet Access would interfere with Eset, or vice versa. Unfortunately he hadn't heard of Eset. But he said that there were some cases where security software interfered with Virtual Private Access. If any Eset user knows of any conflicts between Eset NOD32 version 7.x and Private Internet Access, please let me know. I will come back to this page in a day or so. R.N. (Roger) Folsom

Given that I am a complete ignoramus, I don't know what Two Factor Authentication is. First, what does "Authentication" mean in this context? Second, what is being Authenticated? There are hints in earlier posts in this thread, but I need a lot more than those to understand Two Factor Authentication. Examples would help. Maybe Two Factor Authentication protects Eset's NOD32 and/or Smart Security, or maybe it protects my access to the financial websites that I use? Or maybe unexpected email that contains malware? Or maybe Two Factor Authentication is an alternative to using a Virtual Private Network, even when a computer's internet access (e.g. mine) is totally wired and not wi-fi? R.N. (Roger) Folsom P.S. An extraneous but related issue is that on 05-June-2014, Eset sent me an email requesting that I change my password for this website (Eset's Security Forum). Since I wasn't currently using this website, I put that email into my ToDo folder. But now I want to comply with Eset's request that I change my password, but although Eset's email gave me a link to how to create strong passwords (I have four different password generator utilities that I switch whenever I need a password, so I didn't need that), but it didn't explain where and how to persuade a new password to replace the old one on this website. I would appreciate instructions about how to do that. Please remember that I am an ignoramus, and need detailed step-by-step instructions. Thanks.

Marcos: I never before heard of Securi, but I very much appreciate their cleaning up the New World Investor website. And your statement that "the website was eventually unblocked more than a week ago" is consistent with my experience, since I now have been able to access New World Investor today and last week and the week before that. I am sorry that you could not find my messages in early April inquiring why I could not access New World Investor. The probable reason is that I didn't post them here. On reflection, the instructions I received for responding to a blocked website were very confusing (I did not have nearly enough background to understand them, because I had never before had a blocked website), and I have no idea where I posted them. My previous message mentioned that I have no idea how to find my posts on this website. But in this case the reason apparently was that I posted them somewhere else, or emailed them as replies to the blocked website instructions. I did save the contents of one of my messages, so here it is: "R.N. Folsom's computer is a Dell Precision M4700 laptop, running Windows7 sp1. "You request registry data, and I would be comfortable doing that, but I have absolutely no idea what registry data you want. "You also request that I send standard information, without a clue about what you mean (other than the top line in this document)." I don't know where I sent that message. But I am sure that I did not get a response. R.N. (Roger) Folsom P.S. FYI, I have four Eset accounts: On a Dell C840 and on an IBM-A31 laptop, each is still using WindowsXPsp3 and NOD32 5.x because they are enroute to being replaced. But almost all of my computing has been done since early 2013 on my current 64-bit Dell Precision M4700 laptop, running Win7sp1, and NOD32 v7.0.302.26. The fourth account will be used on my wife's new Lenovo ThinkPad T530 Laptop with Win7sp1 (and NOD32 v7.0.302.26), as soon as I can get the time to set it up.

My response to Eset's decision earlier this year --- I discovered it on 01 April 2014 --- to block access to the New World Investor financial newsletter is in this thread's message #5, although there may be a few other responses elsewhere in this website. (I have no idea how to find my own posts in this Eset Security Forum website.) My response pointed out that I had been subscribing to Michael Murphy's New World Investor financial newsletter for many years, and I have used his earlier financial news letters going back many many years. And although my response notes that Eset NOD32 scans of my computer "discovered" 70+ New World Investor newsletters with the HTML/Scrinject.B.Gen virus, more recent scans "discovered" the HTML/Scrinject.B.Gen virus in only 32 New World Investors saved newsletters, all downloaded and saved in 2009! No one at Eset ever responded to my complaints, posted here and maybe elsewhere on this website. So when I received a New World Investor email that a new financial report was available on the NWI website, to access the NWI website I had to exit my standard user account, open my Administrator account, temporarily disable Eset's NOD 32 v7.0.302.26, download the financial report, re-enable Eset's NOD 32 v7.0.302.26, and print and read the report (which typically are almost 20 pages in length). Like other financial newsletters, Michael Murphy's New World Investor recommendations sometimes are bad ones. Maybe someone unhappy with some of New World Investor's worse recommendations got access to the list of sites that Eset used to protect against genuine HTML/Scrinject.B.Gen virus websites, and in revenge added NWI to that list. But now I have good news: A miracle happened. As of last week, I now can access the New World Investor website, and download its newsletters, without disabling Eset's NOD 32 v7.0.302.26. I do not know what caused that problem to get fixed. I do have two guesses of causes of the miracle. One is that someone at Eset finally discovered my posts (there weren't many) and acted to stop being frightened of New World Investor's website and financial reports. The other is that one of the Wall Street Journal's financial columnists --- Mark Hulbert --- recently wrote a column that mentioned Michael Murphy's New World Investor (and also other financial newsletters), and someone at Eset reads the WSJ. In any case, I sincerely thank whoever removed New World Investor from Eset's HTML/Scrinject.B.Gen virus list. My use of Eset's NOD32 goes back to version 2.x and maybe earlier than that. I really didn't want to have to give it up. R.N. (Roger) Folsom

On the night of Tuesday 01 April 2014 (this is NOT an April fool test), when I was trying to download a financial document from New World Investor, NOD32 v7.0.302.26 (which I have been using almost since it first came out) blocked the attempt, with the statement "Access to the web page was blocked. Show URL "[hxxp://newworldinvestor.com/access-for-members-only] "The web page is on the list of websites with potentially dangerous content. "Open ESET KnowledgeBase | www.eset.com" In response to that block, I received a request from ESET Nod32 for more information, and I did my best to reply, but several of the questions were much too vague to answer. Unfortunately, I didn't keep a list of the questions and my attempts to respond. But I did get a message that I would be contacted by email. So far, that hasn't happened. This blockage was the first time that ESET has claimed to me that New World Investor was an evil website. Since I have been using Michael Murphy's New World Investor newsletter since May 2006, and have used his previous newsletters since September 1996, I was very surprised to read that ESET thinks that Michael Murphy is a malware source. In order to download last week's NWI file (I was late), I had to switch from my Standard user account to an Administrator account, disable Eset NOD32, and then download the file. After I enabled Eset NOD32 and had returned to my Standard user account, I could not find any problems in the downloaded file. But just to be on the safe side, today I did a full InDepth scan of my entire laptop computer (all four partitions; the last two are storage from previous laptops), and discovered that the alleged malware was the ScrInject.B.Gen virus. The scan uncovered 70+ threats with that virus, all being New World Investor downloads, as early as 2009. But it did not include yesterday's downloaded file (unless I missed it in the pile of 70+ threats), perhaps because I usually edit the NWI weekly download file, deleting material in which I was not interested, but I have not yet edited the file I downloaded yesterday. So maybe my edits made the past documents (each almost certainly edited, because my edits include some minor formatting) look like they had a virus. On the other hand, the last two sentences in my previous paragraph may be nonsense, because previous Eset NOD32 InDepth scans had never before seen a virus in my NWI downloads. Today I also did a Google search for ScrInject.B.Gen, and discovered this thread. And the Google search came up with a substantial quantity of other complaints about that Eset's faulty blockings. But perhaps ESET's NOD32 is right to block ScrInject.B.Gen. If so, has Michael Murphy's New World Investor website been captured? Is the sender of his emails, nwiactive@aweber.com, a malware site? [i went to www.aweber.com, and it sure looks legitimate.] The Block's statement that "The web page is on the list of websites with potentially dangerous content" isn't very useful information for me, or anyone else who gets that message. What list is Eset talking about? One that Eset owns, or one owned by some third party? Do I have to disable NOD32 every week when I want to read the latest New World Investor report (known as a Radar Report)? PLEASE DO THE FOLLOWING: 1) Contact Michael Murphy at New World Investor and tell him that his paid customers can't access his website (unless they disable Eset, or other anti-virus software). If NWI documents really are ScrInject.B.Gen malware carriers, help him fix the problem. I can't tell him what is wrong (because I don't know what is wrong), but Eset can. If NWI documents are not ScrInject.B.Gen malware carriers, tell him so, and if there is some way to prevent NWI documents from wrongly appearing to be ScrInject.B.Gen malware carriers, either fix it at Eset, or tell him how to fix it on his website. 2) Meanwhile, please tell me what I can do to safely access New World Investor. FYI, my laptop is a Dell Precision M4700, running Windows7sp1, with all Windows Updates installed (except for kb2862330 which has a bad reputation). R.N. (Roger Nils) Folsom

Aryeh Goretsky: Thanks for your answer. R.N. (Roger) Folsom

I don't see any need for Eset to get into the backup business, because Acronis and other backup services can be found easily by doing a Google search for Acronis. Eset's NOD32 v7.0.302.26 installation file of only 71,072kb, or Eset's Smart Security installation file of about 80,000kb, would be swamped by adding into it a full backup images program. Backup image software is much larger than Eset's software. For a new 64-bit Windows7 Sp1 Dell laptop, for more than a year I have been making backup images of my partitions C: and D: onto an external USB 3.0 Western Digital "My Passport" disk, using WesternDigital's Edition of Acronis True Image Backup (which came with the WesternDigital disk at no extra cost). My WDEdition Acronis software is from 2012, version 14192; its installation file is 151,529kb. But the latest version became available sometime in 2013; its installation file is 265,729kb, and it probably is necessary for Windows8. Western Digital Edition Acronis software works only if the backup location is a Western Digital disk. But standard Acronis itself (which has more features that are unnecessary for me) of course doesn't have that requirement. I am very happy with the backups I have made using WDEdition Acronis 14192 onto the Western digital "My Passport," including numerous restorations when I had installed experimental software that I decided I didn't want, and I had restored a Partition C: backup. And I appreciate Acronis ability to check the validity of a backup, either after making the backup or before restoring it. After reviewing the documentation for the WDEdition Acronis 2013, I didn't see any reason for me to adopt the new version. Whether the 14192 version is still available, I know not. But based on a search for Acronis 14192, with result hxxp://www.wdc.com/wdsearch/Search.aspx?sc=&sl=en-US&sq=acronis&x=0&y=0, I think that it probably still is available for download. And there is a large collection of other Western Digital Acronis versions, about which I know nothing, at hxxp://www.wdc.com/wdsearch/?sc=&sl=en-US&sq=acronis&x=0&y=0 To get to either of the two Western Digital locations above, first go to the Western Digital Community, at hxxp://community.wd.com/ and register to set up an account. R.N. (Roger) Folsom

Aryeh Goretsky: Thanks very much for your post, and the information there. Given the Christmas season, I have not had time to check out the trial Raxco's PerfectGuard, but I do intend to try it. I will post my results here. (Incidentally, before I try PerfectGuard, I will have made a backup image of my partition C:, so I can restore that rather than trust the completeness of Microsoft's Win7sp1 uninstall procedures.) You wrote that you would ask Eset's "QA department if they can test it [PerfectGuard] for compatibility with ESET's software." Of course that would be very useful, and I hope they can do it. In your post of 13 December in this thread, you wrote that "ESET's software detects keyloggers using both conventional signatures (which detect many as part of the Win32\Keylogger family) and technologies like heuristics and HIPS. There is however, no particular feature such as a specific anti-keylogging module." Your first sentence there was good news, and it would be interesting to know if Eset's software --- even without a "specific anti-keylogging module --- makes other anti-keylogger software such as PerfectGuard unnecessary. Cordially, R.N. (Roger) Folsom

Mr. Goretsky: Thank you for answering my questions. Re your "I am unsure of why requiring a Ctrl-Alt-Delete to logon would prevent a keylogger from being installed on a system": I am unsure also. My understanding is that requiring Ctrl-Alt-Delete before a logon prevents malware from capturing the login name and password (David Pogue's Windows 7, the Missing Manual, O'Reilly publisher, page 771). Since I don't understand how malware keyloggers work, I thought that maybe Ctrl+Alt+Delete might not only prevent a malware keylogger from capturing a password but might also block other keystrokes. (I also don't understand how anti-keyloggers work.) FYI Re Raxco's PerfectGuard anti-keylogger and also anti-clipboard logger: By email I asked Raxco's customer service whether their PerfectGuard anti-keylogger would work with Eset's anti-virus, and they answered back that PerfecctGuard would not interfere with Eset's software. But I haven't tried PerfectGuard myself. I may try PerfectGuard on a trial basis. I did just now ran their simulator anti-keylogger test at hxxp://download.raxco.com/keylogger-simulator, and it claimed that I was vulnerable to a malware keylogger. Of course, Eset's NOD32 v7.x was running on my computer. But since I wasn't typing anything (just watching the screen), I am a bit skeptical that the simulator was actually giving Eset's presence an actual test. Other Raxco software --- PerfectDisk (defragger) and PerfectUpdater (driver updates) --- has worked well for me, although I've only been using the latest versions for less than a month. Later this week I will try to find time to do a more through test of PerfectGuard, and I will then report my findings here. R.N. (Roger) Folsom ________________________________________________________________ P.S. Raxco's response to my questions was the following email: -------- Original Message -------- Subject: RE: Raxco Software Case # 00025676:- Form submission from: Contact Us [ ref:_00D301FVTK._500a0d2CgN:ref ] Date: Thu, 12 Dec 2013 15:24:42 +0000 (GMT) From: Susie Colon <consumersupport@raxco.com> To: rnfolsom@redshift.com <rnfolsom@redshift.com> R.N., Thanks for contacting support. Without the webcam logger, PerfectGuard still scans for keyboard & clipboard loggers. It is compatible with ESET. You can find more information here: hxxp://www.raxco.com/home/products/perfectguard#antivirus-compatibility Susie

Maybe posts #11 and #12 are trying to say that NOD32 7.x has a Realtime Filesystem protection setting that would block (or uninstall) any malware Keylogger, and that even if that setting were disabled a NOD32 7.x Memory Scanner feature would catch it. If so, that's good news. I definitely would prefer not having to install and use either PrivacyKeyboard or Raxco's PerfectGuard. In any case, after this post I will check and see if my NOD32 7.x has an enabled Realtime Filesystem protection setting. Nevertheless, I definitely would like explicit answers to my three questions posted in post #10: 1) Does Eset NOD32, v7.x (and possibly 6.x and 5.x) include an anti-keylogger component? 2) If not, does anyone know of an anti-keylogger program known to not interfere with NOD32? 3) Does setting up Win7sp1 to require Ctrl-Alt-Delete before logging onto a computer with a password make an anti-keylogger program unneeded? I hope someone does answer those three questions. R.N. (Roger) Folsom

"Keyloggers" has two meanings. 1) Apparently --- as in this thread --- a program that monitors what members of the family do. 2) Alternatively, an Anti-Keylogger, a program that prevents malware keyloggers. Today I learned of the existence of two such programs: Raxco's PerfectGuard (hxxp://download.raxco.com/perfectguard ) Privacy Keyboard (hxxp://download.cnet.com/PrivacyKeyboard/3000-8022_4-10906849.html ) and there probably are others. My questions are: Does Eset NOD32, v7.x (and possibly 6.x and 5.x) include an anti-keylogger component? If not, does anyone know of an anti-keylogger program known to not interfere with NOD32? Does setting up Win7sp1 to require Ctrl-Alt-Delete before logging onto a computer with a password make an anti-keylogger program unneeded? The answers to those questions are very important, as indicated by a different thread here: "2 million stolen passwords to Web accounts" (Started by TomFace, Dec 05 2013 05:37, at https://forum.eset.com/topic/1487-2-million-stolen-passwords-to-web-accounts/ ) [see also: hxxp://www.reuters.com/article/2013/12/05/us-cybercrime-pony-idUSBRE9B400W20131205 ] I hope that someone can answer those questions. R.N. (Roger) Folsom

In case anyone is interested, two Eset websites are confusing users (e.g. me) about whether it is necessary to uninstall a previous NOD32 version with the latest 7.x version. The first website is hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN146 If you scroll down to the Eset instructions, you will find the link below hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2788 That location to me implies that it IS necessary for an Eset user who is NOT dealing with a problem in his older version, but is merely replacing an older but completely functional Eset version with a newer version, to first uninstall the previous Eset version before installing the latest version. The first website should mention the built-in installer in NOD32 v7.x. And I think the second website needs major repair. I gave the second website a one star ranking (I tried giving it zero stars, but it insisted on at least one), and in my comments pointed out that that website was contradicted by this thread in the forums. And I included a link to this thread. I hope that someone cleans up the confusion.

Mr. Randziak: Please excuse me for being confused, but what is "it" in your statement? Did you mean that using the Offline Installer (download of 71,072kb) is a bit more complicated than using the Live [Online] Installer? If the answer to that is yes, that would be consistent with my previous experiences with earlier NOD32 versions --- my recollection is that I have always used the Offline Installer for previous installations --- so I would be comfortable with using the Offline installer (which I have already downloaded but not yet used). Or, did you mean that something else would be more complicated? If so, what would that be? My apologies for not seeing the probably obvious meaning of your statement. Cordially, R.N. (Roger) Folsom

Is the uninstaller of the previous version (in my case, NOD32 64-bit 6.0.316.0) available in the NOD32 64-bit v7.0.302.26 Online download and also in the NOD32 64-bit v7.0.302.26 Offline download (71,072 kb)? In other words, can I install NOD32 64-bit v7.0.302.26 (71,072 kb) "on top of" NOD32 64-bit 6.0.316.0? Or do I first have to uninstall NOD32 64-bit 6.0.316.0? Thanks for any comments, suggestions, or help. R.N. (Roger) Folsom