ESET NOD32 7.0.325.1 versus version 8.x

[RNFolsom 5]

On my 64-bit Windows 7 sp1 Professional laptop, running NOD32 v7.0.325.1 with no problems until today, earlier today I had to restore a backup image of my Partition C: (created on 12 November) to deal with some problems from my Internet Service Provider.  (Those problems were fixed by installing the backup image of my Partition C:.)

When I did that, of ESET noticed that my downloads were out of date, and with red wording told me that "Maximum protection is not Insured" followed by a link to "Update virus signature database".  Of course I used the link to update the database.

 

But when I did so, I received a larger window which said in red "Virus signature database update ended with an error" followed by a black notice "Undocumented serious error (0x1106)".  And there was a note that accurately said that the last update was done on 11 November, which was the day before I had created the update image that I restored earlier today.

 

I tried several attempts to get my database updated, with the interesting results that the first one was 57.7kb and and the next one was 74.5kb --- but nothing was actually installed.  I repeated my efforts and the same 57.7kb and 74.5kb pattern continued until I gave up.

 

Then I re-installed NOD32 v7.0.325.1 (on top of the existing installation) but the same problem continued.

 

Farther down in the Eset NOD32 window was the usual invitation to check for a product update.  When I had clicked on that, I had learned that Eset NOD32 version 8.0.304.0 was available.  But I did not follow that invitation, because I had seen here a month or so ago that some people had problems with version 8, and my Windows7 laptop had been working well with version 7.0.325.1.

 

I have been using 7.0.325.1 with no problems until today, after I installed the Partition C: backup image.

And as an ESET NOD32 user since beginning with version 2 from many years ago, I am VERY disappointed IF Eset is trying to stuff a later version onto me.  That has never happened before.  Adopting it likely would be a huge time sink trying to learn how to use version 8, even if there were no problems.  I am not a talented software creator or fixer.

 

Especially since I will never use any version of Windows 8, I am hoping that someone here will tell me how to continue using NOD32 version 7.0.325.0.

 

Sadly, with a mix of exasperation and anger (trying to use 7.0.325.0 and then writing this post has chewed up several hours of my time),

R.N. (Roger) Folsom

Edited November 29, 2014 by RNFolsom

[Marcos 5,074]

1, As for the problem with update, did you try clearing update cache by clicking the appropriate button in the advanced update setup? Failing this, try using the Uninstall tool and installing v8 from scratch.

2, There are almost no visual differences between v7 and v8. In the new version, it was basically just a box enabling/disabling Botnet protection and HIPS Smart mode which were added.

[rugk 397]

Sorry, for your inconveniences. As Marcos said try to clean your update cache and then try to reinstall ESET NOD32.

Here is a detailed knowledgebase article about it: Undocumented Serious Error and cannot update the virus signature database in ESET Smart Security or ESET NOD32 Antivirus

[RNFolsom 5]

Marcos and rugk:

 

Thanks very much for the help.  I should have thought of cleaning the update cache, but I didn't.  I didn't literally uninstall NOD32 7.0.325.1;  instead I simply cleaned the update cache, rebooted, and used the Eset icon in the notification area to download and install 39997 kb of updates.

 

Tomorrow there will be additional updates, and I will see if they install routinely.

 

For the longer run, if there is a thread here that describes the benefits of version 8 that are not in 7.0.325.1, I would appreciate knowing where it is.  That there are almost no visual differences between v7 and v8 was interesting, but I am interested in actual differences.  For example, maybe v8 does more with social media (e.g. facebook) and/or smart cellphones, but I don't use any of them (I do have ancient voice-only cell phones in my cars), so if v8 has features for which I have no need, there would be no reason for me to switch to v8.  I try to minimize my use of unneeded bloatware.

 

Thanks again for your essential help that solved my problem.

 

R.N. (Roger) Folsom

 

P.S.  Today (Sunday 30 November) Eset 7.0.325.1 updated with no problems.

Edited November 30, 2014 by RNFolsom

[rugk 397]

OK, great that it worked.

 

And yes there are not many visual changes in ESS v8, but there are some in the "back-end"...

Here is the threat were it's all explained: ESET Smart Security Version 8 Has Been Released Worldwide

 

And BTW: ESS has nothing to do with mobile phones. For mobile phones ESET has ESET Mobile Security.

[RNFolsom 5]

rugk:

 

Several years ago I compared ESET Smart Security with ESET NOD32 Antivirus, and discovered that Smart Security had additional features that I did not need.  Today I went to Smart Security (hxxp://www.eset.com/us/home/products/) and I discovered that the Smart Security features that NOD32 does not have are the following:

Anti-Spam (my Internet Service Provider [redshift.com], and my SeaMonkey browser, deal with Spam),

Anti-Theft (Intel deals with that),

Personal Firewall (Windows7sp1 provides a firewall for my computer and I don't need it to be personal;  my wife is welcome to use my computer if hers is misbehaving or even if it isn't), and

Parental Control (my grown-up married daughter doesn't need parental control on a computer that she doesn't use).

 

So I will stick with NOD32.  But thanks for the suggestion that I take a look at Smart Security.

 

I still need comparisons of NOD32 version 7.0.325.1 and NOD32 version 8.  But there's no rush since 7.0.325.1 is now accepting updates with no problems.

 

R.N. (Roger) Folsom

Edited November 30, 2014 by RNFolsom

[rugk 397]

Well... this topic wasn't in the the NOD32-section, so I didn't read your original post again and thought you mean ESS.

 

However here is the topic you need for the new features of NOD32 v8:

ESET NOD32 Antivirus Version 8 Has Been Released Worldwide

 

And of course NOD32 has also nothing to do mobile phones.

[RNFolsom 5]

rugk:

 

Thanks for pointing me to ESET NOD32 Antivirus Version 8 Has Been Released Worldwide.  The new features listed there

    Enhanced Exploit Blocker

    ESET SysRescue Live

    HIPS Smart mode

    ESET Cybersecurity Education (North America only)

are interesting, but for  Enhanced Exploit Blocker  and  HIPS Smart mode  I am going to have to do some studying to figure out what they do.  (For example, I don't know what lockscreens and/or ransomeware are and do and when they do it, and I don't know what pre-defined rules in Automatic mode are or why weakening Host-based Intrusion Prevention System is useful --- I've never had a HIPS problem.)

But that's because of my technical ignorance, and not at all ESETs fault.

 

Thanks again.

 

R.N. (Roger) Folsom

Edited December 1, 2014 by RNFolsom

[Arakasi 549]

Hello Roger,

 

lockscreens and/or ransomeware - are trojans that will prevent you from using your system entirely by injecting a full screen application upon login followed by disabling crucial services that allow you to operate your own computer.

Lockscreen because your system is locked, and ransomware because you have to pay money to have the trojan removed and regain the use of your computer entirely.

 

pre-defined rules in Automatic mode - are rules that ESET has already embedded into the software, rules that were created automatically when it was being setup, or rules that you put in place. One of these or similar.

 

weakening Host-based Intrusion Prevention System - would be a security risk, but any good points that may come of it would be directed at actions such as remote access, or applications that really change the OS around. There is a higher chance of successful exploitation or intrusion if you weaken it, or disable the features or predefined rules set etc.

Hips will watch things like crucial system changes that would come from the registry, or services, or common windows files etc. If there is an account or application (permissions etc) other then you that are making changes, Hips will make sure it was called or that it isnt damaging to the PC etc.

 

Hope this helps

Edited December 2, 2014 by Arakasi

[rugk 397]

weakening Host-based Intrusion Prevention System - would be a security risk, but any good points that may come of it would be directed at actions such as remote access, or applications that really change the OS around. There is a higher chance of successful exploitation or intrusion if you weaken it, or disable the features or predefined rules set etc.

Hips will watch things like crucial system changes that would come from the registry, or services, or common windows files etc. If there is an account or application (permissions etc) other then you that are making changes, Hips will make sure it was called or that it isnt damaging to the PC etc.

Yes, that wouldn't be good, but in NOD32 the new is the smart mode of HIPS. It is placed between the "interactive" and the "automatic" mode and it's for users that don't want to get "annoyed" by many message (which would show up in the interactive mode), but even want to see some messages if there are potentially critical changes in the system.

If you know how to react to such messages you can switch to this mode and enjoy it. (I already made good experiences with it - fortunately I was able to allow all HIPS messages from the smart mode, because I could explain why they showed up)

 

About Enhanced Exploit Blocker: Well... Exploit Blocker was also there in v7, but in v8 it was (like the description says) enhanced. Now (in v8) it additionally blocks exploits in Java.

More information you can also find here (it's very easy explained there): Infographics about ESETs software and "ESET Technology From the Inside"

Edited December 4, 2014 by rugk

[RNFolsom 5]

My Dell Precision M4700 laptop and my wife's Lenovo ThinkPad T530 both use 64-bit Windows7sp1 and ESET NOD32 version 7.0.325.1, and we have no intention of replacing 64-bit Windows7sp1 until it expires in 2020.

I have finally found time to find out whether we want to replace our laptops with the latest ESET NOD32 version 8.

A) I now understand (at a very beginning level) that ESET NOD32 version 7.0.325.1
does nothing to prevent lockscreens and/or ransomeware trojans that could prevent us from using our laptops by malware injecting a full screen application upon login followed by disabling crucial services that allow us to operate our own computer, but that ESET NOD32 Version 8 prevents those attacks.

B) With regard to HIPS (Host-based Intrusion Prevention) Smart mode, I am puzzled.  Arakasi above (apparently he was describing NOD32 V8) wrote that "weakening Host-based Intrusion Prevention System would be a security risk, but any good points that may come of it would be directed at actions such as remote access, or applications that really change the OS around. There is a higher chance of successful exploitation or intrusion if you weaken it, or disable the features or predefined rules set etc."

But since we never have experienced HIPS (unless we didn't know it had functioned in our NOD32 v7.0.325.1 laptops), I don't understand why NOD32 version 8 apparently weakens HIPS.  There must be some reasons that I don't understand, being very much a technical ignoramus.

With regard to Version 8's inclusion of ESET SysRescue Live, I think I have that in version 7.0.325.1, although I am sorry to say that I never got around to using it.

And I don't know what ESET Cybersecurity Education (North America only) would teach me.  I am an economist, not a technology expert.

With regard to items A) and B), upgrading from NOD32 7.0.325.1 to the latest NOD32 Version 8 looks like a tradeoff:  If we stick with 7.0.325.1 we apparently have the risk of an A) attack, with the benefits of a not-weakened B) attack.  If we replace NOD32 7.0.325.1 with the latest NOD32 version 8, we apparently have less risk of an A) attack, but more risk of a B) problem.

I would very much appreciate any suggestions and reasons for staying with NOD32 7.0.32.1 or upgrading to the latest NOD32 Version 8.

Roger Nils Folsom
 

[rugk 397]

A) Well... not exactly. All ESET version of course can detected cryptolockers (with virus signatures, heuristics or similar technologies), but they don't have a specific feature to block Cryptolockers.

They have an Exploit Blocker (which was enhanced in v8) which can block many attacks, so Marcos only mentioned cryptolockers and ransomware as an example in his post.

 

B) Simple answer: V8 won't weaken HIPS. The smart mode is (or can be) in fact protect you better, but you have to know how to react to the messages from ESET. So basically you can just stay with the automatic mode which is the same in v7 and v8.

 

As for ESET LiveRescue you can use it if you want, but don't have to. You can download it here without need to upgrade to v8.

 

ESET Cybersecurity Education: This is a kind of "training" for you and it's really easy to use and to understand so you don't need to be a techy. You can already try it out without upgrading to v8.

You can finds more information about this training in this thread: "Training" at the left side in ESET programs?

Edited June 7, 2015 by rugk