How is ESET the lightest?

[Super_Spartan 56]

Despite some ups and downs and previous versions like v7 and v8, overall, ESET has been known ever since I started using it since v2 to be one of the most secure and lightest Antivirus at the same time

 

My question is, what is this magic? how does it achieve this great security level, no false positives AND be the lightest?

[novice 20]

3 hours ago, Phoenix said:

Despite some ups and downs and previous versions like v7 and v8, overall, ESET has been known ever since I started using it since v2 to be one of the most secure and lightest Antivirus at the same time

 

My question is, what is this magic? how does it achieve this great security level, no false positives AND be the lightest?

On AV Test for Sep-Oct2017, ESET  has a performance score of 4 from 6 .

https://www.av-test.org/en/antivirus/home-windows/windows-10/october-2017/eset-internet-security-10.1-174090/

I wouldn't say is the lightest.

[persian-boy 22]

Av test!? Ese is the lightest av! hardcoded for best performance.according to av test Bitdefender is one of the lightest av!but this is not true lol. 

[0xDEADBEEF 43]

I think ESET's lightweight is from dynamic binary translation and extensive caching and whitelisting.

Generally in-product sandbox (and heuristics) can hardly be lightweight as there are pre-exec unpacking analysis. However, with some engineering effort, one can optimize for common cases. Most users will not generate tons of new binary/archive in a short period of time, therefore by skipping known good files, the performance impact can be reduced significantly. I noticed ESET recently has further optimization on this by caching the DBT-ed data of binary to further accelerate the scanning. https://support.eset.com/ca6626/

However, if you hit the "corner case", like doing huge compilation job, ESET is no longer the lightest weight product (perhaps this is the case in AV-TEST). The lightest weight solution is -- not to scan anything, so no extra instructions to execute 

Edited December 22, 2017 by 0xDEADBEEF

[TJP 143]

10 hours ago, John Alex said:

On AV Test for Sep-Oct2017, ESET  has a performance score of 4 from 6 .

https://www.av-test.org/en/antivirus/home-windows/windows-10/october-2017/eset-internet-security-10.1-174090/

I wouldn't say is the lightest.

AV-Comparatives says otherwise...

 

 

[novice 20]

29 minutes ago, TJP said:

AV-Comparatives says otherwise...

 

 

Maybe because AV Comparatives testes ESET Internet Security 11.0, while AV test , ESET 10.1

[TJP 143]

35 minutes ago, John Alex said:

Maybe because AV Comparatives testes ESET Internet Security 11.0, while AV test , ESET 10.1

We can therefore ignore AV Test because they are testing a defunct version.

[novice 20]

12 minutes ago, TJP said:

We can therefore ignore AV Test because they are testing a defunct version.

V 10 is fully supported and not a "defunct version"

 

[peteyt 393]

16 minutes ago, John Alex said:

V 10 is fully supported and not a "defunct version"

 

But 11 is the latest. You wouldn't trust a protection test if it was based on an old version. Newer versions fix things. What this shows is eset is always making improvements to make it's product better  

[Super_Spartan 56]

20 hours ago, 0xDEADBEEF said:

I think ESET's lightweight is from dynamic binary translation and extensive caching and whitelisting.

Generally in-product sandbox (and heuristics) can hardly be lightweight as there are pre-exec unpacking analysis. However, with some engineering effort, one can optimize for common cases. Most users will not generate tons of new binary/archive in a short period of time, therefore by skipping known good files, the performance impact can be reduced significantly. I noticed ESET recently has further optimization on this by caching the DBT-ed data of binary to further accelerate the scanning. https://support.eset.com/ca6626/

However, if you hit the "corner case", like doing huge compilation job, ESET is no longer the lightest weight product (perhaps this is the case in AV-TEST). The lightest weight solution is -- not to scan anything, so no extra instructions to execute 

thanks a lot. that's the kinda answer I was looking for

[TJP 143]

15 hours ago, peteyt said:

But 11 is the latest. You wouldn't trust a protection test if it was based on an old version. Newer versions fix things. What this shows is eset is always making improvements to make it's product better  

There has always been an interesting difference between AV-T and AV-C in performance tests; Eset fares far worse with AV-T than it does with AV-C. I have asked the forum admin to look into the AV-T results as they are often quoted in print magazines and on tech websites. I think this is largely because AV-T have an easy to copy & paste report format whereas AV-C make you read the test results.

Moreover, I have used and/or trialled KIS, Bitdefender, Avira, Avast, AVG, Norton and Sophos. I found each more resource heavy on my PC and at least two blue screened my PC.

Anyone who has followed AV testing knows there are test darlings that acsend and fall; I don't read too much into these tests but YMMV

[Marcos 5,074]

AV-Test results have nothing or very little to do with changes between v10 and v11. If you compare the methodology, you'll find out that the one employed by AVC is more realistic and users' experience confirms this as well.

[cyberhash 188]

The real issue with these tests are they never actually specify how long a timescale they use when producing these reports either. Would probably take an end user a few days to a week running different applications/games etc to draw their own conclusion as to what suite performed better for them. Not everyone has the same software installed that these tests use, or will run the same test pattern. I too over the years have experimented with trying other suites to see how they perform for me , and have given them a week after installation and have always observed that overall they all perform worse that ESET's products do. Plus some of these suites also have a memory footprint 3 or 4 times that of which ESET products use,  something that these tests fail to mention.
 

[novice 20]

33 minutes ago, cyberhash said:

 Plus some of these suites also have a memory footprint 3 or 4 times that of which ESET products use,  something that these tests fail to mention.
 

Memory footprint shouldn't be an issue nowadays , when you cannot buy a PC with less the 4GB of RAM and 8GB is very common.

My PC has 8GB of RAM, but never uses more than 3.5GB

ESET it is light, however the difference compared with next ones is not measurable for a common user . I run NOD32 on my PC for a while, after that I switch to MBAM+MSE+PCTools  firewall . The difference in speed , if there is any, is insignificant .

[cyberhash 188]

8 minutes ago, John Alex said:

Memory footprint shouldn't be an issue nowadays , when you cannot buy a PC with less the 4GB of RAM and 8GB is very common.

My PC has 8GB of RAM, but never uses more than 3.5GB

ESET it is light, however the difference compared with next ones is not measurable for a common user . I run NOD32 on my PC for a while, after that I switch to MBAM+MSE+PCTools  firewall . The difference in speed , if there is any, is insignificant .

So you can run MBAM+MSE+PCTools firewall and say the performance difference is negligible, versus only running NOD32 on its own ?

I think there is something wrong with your computer and its not down to your choice in security product.

 

[novice 20]

17 minutes ago, cyberhash said:

I think there is something wrong with your computer

Could be, however  I do not have any noticeable browsing lag using MBAM+MSE+PCTools firewall  ( Web protection off in MBAM) compared with NOD32 v11.

Browsing is the main factor, as I am not concerned about download/install  speed.

[peteyt 393]

20 hours ago, John Alex said:

Could be, however  I do not have any noticeable browsing lag using MBAM+MSE+PCTools firewall  ( Web protection off in MBAM) compared with NOD32 v11.

Browsing is the main factor, as I am not concerned about download/install  speed.

Didn't PCTools close many years ago. If so the Firewall hasn't been updated for many years. While a Firewall doesn't receive definitions with new signatures daily like AVs, I'd be reluctant myself to use a security product that is out of date. With many bugs, backdoors etc. often found in products, there is always the risk that something will have a flaw. The issue is that flaws for PCTools Firewall may exist but not be documented, known yet etc. and being unsupported now they will not be fixed.

Which brings me on to another question. Are you an Eset user? I've seen quite a few posts where you have claimed you no longer use Eset e.g. too slow, not good enough but then some posts with questions regarding Eset e.g. quarantine etc. If you don't use it, I just wonder why you seem to regularly post about what you consider bad Eset results.

Also as I mentioned in a previous post, if you do ever come across an issue with Eset e.g. using too much resources, it is recommended that you open a support ticket, submit logs etc. There are many possibilities, possible conflicts and so on. Sometimes these issues can be unique for example a user a few months back had problems with Eset being very slow at startup but it turned out it was due to another program conflicting with Eset. As there are many possibilities due to there being numerous programs available, logs are recommended otherwise the Eset team cannot identify the issue.

[cyberhash 188]

21 hours ago, John Alex said:

Could be, however  I do not have any noticeable browsing lag using MBAM+MSE+PCTools firewall  ( Web protection off in MBAM) compared with NOD32 v11.

Browsing is the main factor, as I am not concerned about download/install  speed.

Turning off the web protection(like you have on mbam) on any suite will speed up browsing. But the risks of doing so outweigh the 1 second or so delay that may be present in having it enabled. Browsing with no A/V installed or parts of the protection switched off will always be quicker.

There is always some impact on browsing performance regardless of what vendor it comes from, but the trade off for 0.5s of loading time is not worth taking the risk of having it disabled.

[novice 20]

2 hours ago, peteyt said:

Are you an Eset user?

I have an "on again off again" relationship with ESET.

I reinstall it every time there is a new version, but somehow I end up being unhappy and I go back to MSE+MBAM

For example, in the latest version :

"If I have an infected file, let's say "C / Program files / infected.exe" , and ESET is able to disinfect it.

Now , being disinfected, will be left in the same location as "C / Program files / infected.exe" . At the same time , the original file will be moved to Quarantine , as "C / Program files / infected.exe "

I will end up having 2 identical files, one "disinfected" in original location and one "infected" in Quarantine. Will be hard to say , after a while, why the same file is in 2 locations ."

"But why this complicated approach????

When I press "Clean" I should be informed what exactly happened with that file: has been cleaned, has been deleted, has been quarantined.

An user shouldn't be forced to navigate to the original location to see if the file has been cleaned or deleted.

Why is so difficult to implement????"

MSE has a very elegant solution to this: in History , you have  three distinct categories: "detected items" , "quarantined items" and "restored" items  

59 minutes ago, cyberhash said:

Turning off the web protection(like you have on mbam) on any suite will speed up browsing. But the risks of doing so...

SmartScreenFilter offers adequate protection in IE11, in my opinion.

[Marcos 5,074]

55 minutes ago, John Alex said:

"If I have an infected file, let's say "C / Program files / infected.exe" , and ESET is able to disinfect it.

Now , being disinfected, will be left in the same location as "C / Program files / infected.exe" . At the same time , the original file will be moved to Quarantine , as "C / Program files / infected.exe "

I will end up having 2 identical files, one "disinfected" in original location and one "infected" in Quarantine. Will be hard to say , after a while, why the same file is in 2 locations ."

1, Users should not look into quarantine unless they know that the AV detected a false positive and need to restore it.
2, The current system of quarantining files has been in place since NOD32 v1 or v2, ie. it's worked that way for at least 15 years already. Alternative options would be dangerous:
a) A file infected with a virus would be deleted and we would not attempt to clean it.  The original infected file would be placed in quarantine. As a result, the oper. system might stop working due to a critical file missing.
b) The infected file would be cleaned but the original copy would not be placed in quarantine. As a result, if the file was cleaned improperly, the oper. system could stop working or crashes would occur. There would be no option to restore the original file from quarantine and to check why cleaning failed. 

In my opinion, the current system is the best and most reliable in terms of cleaning and restoring original files if something goes wrong. Would you rather prefer option A or B? Or what do you expect from cleaning and quarantining files given that you don't like the way it's worked for ages?

[peteyt 393]

1 hour ago, John Alex said:

I have an "on again off again" relationship with ESET.

I reinstall it every time there is a new version, but somehow I end up being unhappy and I go back to MSE+MBAM

For example, in the latest version :

"If I have an infected file, let's say "C / Program files / infected.exe" , and ESET is able to disinfect it.

Now , being disinfected, will be left in the same location as "C / Program files / infected.exe" . At the same time , the original file will be moved to Quarantine , as "C / Program files / infected.exe "

I will end up having 2 identical files, one "disinfected" in original location and one "infected" in Quarantine. Will be hard to say , after a while, why the same file is in 2 locations ."

"But why this complicated approach????

When I press "Clean" I should be informed what exactly happened with that file: has been cleaned, has been deleted, has been quarantined.

An user shouldn't be forced to navigate to the original location to see if the file has been cleaned or deleted.

Why is so difficult to implement????"

MSE has a very elegant solution to this: in History , you have  three distinct categories: "detected items" , "quarantined items" and "restored" items  

SmartScreenFilter offers adequate protection in IE11, in my opinion.

I dont understand what you mean. When a file is placed in quarantine you do not  see that file in the original location. If something has been quarantined i never see it anymore until i restore.  If a file is cleaned as Marcos states having a quarantined file is good for if the clean caused issues. If the clean went okay just delete the file in quarantine 

[novice 20]

7 minutes ago, Marcos said:

In my opinion, the current system is the best and most reliable in terms of cleaning and restoring original files if something goes wrong. Would you rather prefer option A or B? Or what do you expect from cleaning and quarantining files given that you don't like the way it's worked for ages?

I would prefer to know what exactly happened when I press "Clean" ; the information should be somewhere present to tell the user if:

1. file was deleted from original location and placed in Quarantine

2. file was cleaned , the "clean" file is in the original location and the  infected one is in Quarantine

This info should be accessible when somebody would interrogate the "Quarantine"  in ESET.

 

[novice 20]

3 minutes ago, peteyt said:

I dont understand what you mean

OK, read this explanation:

13 minutes ago, Marcos said:

b) The infected file would be cleaned but the original copy would not be placed in quarantine. As a result, if the file was cleaned improperly, the oper. system could stop working or crashes would occur. There would be no option to restore the original file from quarantine and to check why cleaning failed

 

[Marcos 5,074]

Information about the taken action is found either in the Detected threats log or in the appropriate on-demand scanner log. It cannot be listed in quarantine because there's only one instance of each detected file although in fact there might have been several instances of the file detected and the action that was taken may differ from file to file (e.g. some might have been locked and could not be cleaned). All these actions are logged in the appropriate log and quarantine is not the right place for this information.

I'd like to emphasize that we are open to constructive and reasonable suggestions and listen to our customers when it comes to deciding about new features or changes for new versions.

[peteyt 393]

1 hour ago, John Alex said:

I would prefer to know what exactly happened when I press "Clean" ; the information should be somewhere present to tell the user if:

1. file was deleted from original location and placed in Quarantine

2. file was cleaned , the "clean" file is in the original location and the  infected one is in Quarantine

This info should be accessible when somebody would interrogate the "Quarantine"  in ESET.

 

I persume the filename would be different so just delete the old one once you know everything works okay