Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 09, 2016, 09:24:15 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: NOD32 Technical Support - Interesting response  (Read 3470 times)

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 7,986
    • View Profile
    • Dales Computer Services
    • Donate to Member
NOD32 Technical Support - Interesting response
« on: December 03, 2006, 05:08:42 AM »
Following my recent issues with Netgear SC101 drivers and NOD32 I got an interesting suggestion from NOD32 support - switch of the IMON module and see if that cures your problem. I tried it and no more problems but I was worried that by turning off IMON I was leaving a security hole in my AV solution ... here is their response to my concerns ...

Quote
The next version of NOD32 will be sans IMON. It's being totally eliminated from the program for this very reason.

In 1992, when NOD32 was introduced, very few programs operated at the winsock level. Today, in addition to Google and Microsoft, 100's of other developers are creating software in this manner. That would be fine, except for the fact that any app that operates here, needs the top spot in the stack, and only one program can have it.

As it is now, it can't be enabled at all, on a server.

IMON was just the first layer of defense, a supplement. The strengths of NOD32 are AMON, which scans every file that performs an action, as it performs that action, and the advanced heuristics which is stopping 90+ % of all new threats, before a definition is even written.

By quitting IMON now, you'll not only allow both programs to operate together, but you'll also lose no coverage.

Thank you,
Eset Tech Support

So there you have it - IMON does nothing useful so you may as well switch it off and forget it (and save a few CPU cycles presumably in the process) !!

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,421
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: NOD32 Technical Support - Interesting response
« Reply #1 on: December 03, 2006, 07:00:01 AM »
cool - thanks for sharing that carol.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: NOD32 Technical Support - Interesting response
« Reply #2 on: December 03, 2006, 11:15:58 AM »
Hummm...

what they're basically saying is that they can't write a stable socket filter driver?
- carpe noctem

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,092
    • View Profile
    • Donate to Member
Re: NOD32 Technical Support - Interesting response
« Reply #3 on: December 03, 2006, 11:39:10 AM »
an interesting suggestion from NOD32 support - switch of the IMON module
Quote
As it is now, it can't be enabled at all, on a server.

 

So there you have it - IMON does nothing useful

Did not Eset point out that this talk is about a server?
- or did I read something that is not there?

Are you running a normal pc at home, or some server?

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 7,986
    • View Profile
    • Dales Computer Services
    • Donate to Member
Re: NOD32 Technical Support - Interesting response
« Reply #4 on: December 03, 2006, 12:15:40 PM »
Home PC - but given that they say it doesn't really achieve anything and that it won't even be in the next release ...

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: NOD32 Technical Support - Interesting response
« Reply #5 on: December 03, 2006, 12:28:56 PM »
I dunno about their claim that "it doesn't really achieve anything"...

I don't really know how they implement the stuff, but a filter driver could detect an incoming buffer overflow (or other exploit) attempt before it activates. Keep in mind that you don't necessarily need to write anything to disk - there's been at least a couple of worms that only ever lived in memory.
- carpe noctem

dk70

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 269
    • View Profile
    • Donate to Member
Re: NOD32 Technical Support - Interesting response
« Reply #6 on: December 03, 2006, 12:46:40 PM »
As I understand HTTP scanning the one and only unique feature is drive by protection where code is executed in memory - or through browser exploits perhaps. As soon as good old files are involved default module kicks in. More or less the same for email filter though such a thing often does a lot more than just look at attachments/files. Free Avira is doing quite well without any of these.

Sounds like a bad excuse from someone who aims at optimal protection. Could be disabled by default perhaps.