Eset’s Nod32 2.7: Best Antivirus Product of 2007

A number of people criticized my selection last year of F-Secure’s Anti-Virus 2006 as the Best Antivirus Product of 2006 for Windows. And now I’m going to have to eat crow, because in 2007, those people are right.

Eset’s Nod32 2.5 came in second last year, despite the fact that I had several criticisms of it. My assessment last year was based on a series of factors. But the most important criterion was that the utility run without bogging down the system and, basically, do no harm to your computer. Of course, catching the bad stuff was very important too.

Even though F-Secure’s 2006 product skirted the primary requirement pretty finely, the user interface and the included anti-spyware module combined, in my mind, to make it a great value. What’s more, F-Secure took me through a real-world test — one that I didn’t plan — with flying colors. (Nod32 got other people through the exact same real-world test, by the way.)

But F-Secure has an Achilles’ heel. It doesn’t play nicely with other security apps. It has a tendency to create a mess if other security products are present — even if they’re not running. It has a tendency to pop up dialogs informing you that it can’t install unless you uninstall this or that specific program. This was something I came across with F-Secure Anti-Virus 2006 only when I purposely installed it while AVG was running. And the process of uninstalling AVG worked so well in my test, that I felt comfortable recommending F-Secure.

I stand by last year’s assessment, even though a couple dozen Scot’s Newsletter readers had problems with F-Secure Anti-Virus 2006 or F-Secure Internet Security 2006 (which I did not recommend). That’s more than I would have liked to see with my top product pick. Still, far more people wrote me that they’d had no trouble with F-Secure and were delighted with it as compared with the Norton, ZoneAlarm, or McAfee antivirus products.

A couple months after my recommendation, and after F-Secure officials promised me that they were working to make the product more tolerant of other security apps, the company released F-Secure Anti-Virus 2007. Overall, the product is marginally better in most regards. But in one very significant way, it’s markedly worse. The first time I installed it, it forced me to remove the LiveUpdate online-updating module for Symantec’s PartitionMagic before it would install. This is sheer stupidity. PartitionMagic isn’t even a security utility. F-Secure’s programmers must have unilaterally decided that because Symantec’s security products use the same program-updating module, F-Secure won’t co-exist with any instance of LiveUpdate. That was the moment that I finally gave up on F-Secure.

But the fun didn’t stop there. Even though F-Secure Anti-Virus 2007 doesn’t contain a real firewall, I began to get reports about conflicts with software firewalls with which F-Secure Anti-Virus 2006 had co-existed just fine. One of those programs is Kerio from Sunbelt Software, which is still one of my personal favorites among firewalls, even though some other products, such as Comodo Group’s Comodo, have better test ratings. (For those of you wondering, I’m still working on a low-cost, outbound-oriented software firewall recommendation, but it’s still a ways out. Comodo is a top contender in my evaluations, and I love Kerio’s interface.)

Bottom line: I can accept an antivirus product gracefully preventing co-existence with another antivirus product. It’s just good common sense. But when a product stupidly enforces the removal of products that it has no business conflicting with — I’m done.

I am now reversing my recommendation on F-Secure. The 2007 product is not a good one. If you have F-Secure 2006 and it’s working well for you, you’re safe to ride out its license. But you should plan on making the switch then.

Nod32. 2.7
So why didn’t I pick Nod32 last year? There were three main reasons:

1. It has a terrible interface. Part of the reason that’s the case is that it’s a lot more configurable and powerful than other AV products. Still, I knew that some of my readers were going to have a hard time setting it up properly. It’s even easy to miss settings. Eset is planning to heavily revise the user interface in an upcoming release. My initial inclination was to wait for that revision, which will probably be called Version 3.0. (The 2.7 release’s interface is nearly identical to the 2.5 version I reviewed last year.) But with F-Secure falling out of the running, Nod32 2.7 is the best choice, despite the user interface issues.

2. A lot of smart people disagree with me on this point, but I prefer an AV product that has outbound mail scanning. It’s true, the most important scan is the inbound scan — and Nod32 does that just fine. So why then does Nod32 offer an outbound scan for Microsoft Outlook clients but no others? I didn’t (and still don’t) like the double standard. Eset intends to eventually add outbound scans for other email programs, but Eset officials have told me that the company doesn’t plan to do so until some time after the forthcoming 3.0 release.

3. As a Eudora user, I wasn’t thrilled that Nod32 doesn’t scan Eudora’s text-based mailbox files on disk scans. (Other AV products have no trouble scanning Eudora mailboxes.) Nod32 just skips them, and if you force it to scan them, it will give you error messages. Eset has no intention of fixing this problem. While that doesn’t mean Eudora users are unprotected (Nod32 scans everything that comes into your computer — before it even gets to your mailbox files), it’s not a good thing. Why does the product even offer a scheduled disk scan then? The best approach to security is not to rely too much on any one method of protection. Again, there’s a double standard, and I dislike double standards.

Nod32’s Shining Flip Side
What’s good about Nod32 grows on you the more you use it, though. I have it running on four computers, and I’ve come to greatly admire it and trust it implicitly (though none of those PCs currently has Eudora on them.)

What makes Nod32 a great security utility? First, it’s a tight application with a very small footprint. You will not notice any performance hit with Nod32. Second, once you figure out how to install and configure it properly, it operates silently. Third, it’s extremely effective at its job. You will be protected. For more about Nod32 2.7, check out the Eset Nod32 Web site. (Plus, check out this story that explains how to configure harder-to-find settings in Nod32.)

Another aspect of Nod32 that I like is that it’s inexpensive, and the company offers small multiple-license deals that are aimed at techies like us who may have multiple computers in their homes. As I did last year, you can buy four two-year Nod32 licenses for $148. That works out to $18.50 per year per PC (renewals are less expensive, so that’s part of the savings). As an existing 2.5 license holder, the upgrade to Version 2.7 was free to me.

If the company’s claims for the 2.7 are to be believed, it’s even more effective against malware than 2.5 was. Eset’s Nod32 2.7 marketing language claims it protects against viruses, spyware, malware, and rootkits. I know this to be true of the product, although in the past its makers stopped short of claiming it. I’m running 2.7 as my only virus/spyware/malware protection, opting to remove Spy Sweeper. Version 2.7 also supports Vista. I’ve had it running on a Vista machine for a couple of months.

Finally, one of the best things about Nod32 is its advanced architecture. Along with a handful of other AV products, Nod32 is out in front on a new, more advanced way of protecting against computer threats: the use of heuristics or behavioral modeling. This technology, though not new, is finally becoming significant. It watches for potential threats based on actions and tendencies. Nod32 doesn’t rely solely on heuristics, but that type of protection makes it more likely to catch new variations or types of threats before anti-malware signatures are created for them.

There’s no doubt in my mind that in 2007, Nod32 is the very best lightweight antivirus/anti-malware product you can buy for Windows XP, Vista, or Linux/BSD. My decision to crown it the Best Antivirus Product of 2007 came without hesitation — even for Eudora users. No, it’s not perfect. But it’s clearly your best choice.

 
  Fact Box
The Best Antivirus Product of 2007 | Nod32 2.7, Eset, 866-343-3738, $39
 
 

2 Responses to “Eset’s Nod32 2.7: Best Antivirus Product of 2007”

  1. macsband Says:

    Scot,
    Thank you for pointing me to Nod32. Norton and McAfee were signficantly slowing my three Dell dual core 1.83GHz PCs. AVG and Ad-aware failed to protect me from spyware that corrupted dozens of Windows files. You saved me a LOT OF WORK trying to find an efficient and robust piece of software. And I guess the Eset engineers have been listening because I find the version 3.0 interface clean and intuitive. Thanks again. Mac

  2. Steve3456 Says:

    Scot,
    I am curious – do you use the Virus Bulletin http://www.virusbtn.com to help with your anti-virus evaluations? They have useful information on their site with histories back to 1998. Many people disparage Symantec, yet Symantec Anti-virus is one of the best at catching viruses and not generating false positives – similar to NOD32. These two antivirus apps are the only two that caught 100% of the viruses thrown at them by VB. All the other vendors missed some of the viruses. However, NOD32 is twice as fast as Symantec at scanning for viruses according to VB. This puts NOD32 a big notch ahead of Symantec, though Symantec has it over NOD32 in ease of use for “average” users. So the data at VB confirm your excellent call on NOD32.

    Regarding Anti-spyware, Spywarewarrior (spywarewarrior.com) has the most comprehensive site I have seen. From this site I have learned that to protect against spyware, a multi-level approach works best. Use a program like Spybot S&D (www.spybot.info/en) and/or Spyware Blaster (javacoolsoftware.com/spywareblaster.html) to set kill bits to prevent execution of malware code. Use a IP blocker like IE-SPYAD for ZonedOut (http://www.spywarewarrior.com/uiuc/resource.htm) to block thousands of IP addresses known for spreading malware. On top of this use your favorite anti-spyware, a firewall and text-only email. You will need to monitor your logs for anti-virus and anti-spyware compatibility issues and set exceptions to allow these two to get along. You will also need to edit the white list for ZonedOut to allow access to a few sites you do use but for whatever reasons may have been placed on the blocked list by the editors (like some *.MSN.com or *.microsoft.com or *.yahoo.com or com.com sites).

Leave a Reply

You must be logged in to post a comment.