Press Kit

The following are FAQs as they relate to the latest release of ESET's NOD32.

1. What are the new features in ESET's NOD32 v2.7?

Support for Windows Vista
ESET was one of the first Anti-virus vendors to offer comprehensive 64-bit support to both home and enterprise users in June 2005. ESET is also one of the first to offer full Windows Vista compatibility with Version 2.7. Despite the highly publicized disagreements between some security vendors and Microsoft, ESET has found little difficulty in preparing a product for Vista. ESET core developers worked closely with Microsoft HQ in Redmond to ensure that NOD32 would be compliant with the new security measures in Vista and fully compatible with the platform when it is released.

Anti-Stealth Technology (Rootkit removal)
Rootkits are now frequently used to hide malicious processes and files. The Anti-Stealth technology in ESET NOD32 v2.7 helps the on-demand and startup scanners to see the "real world" instead of false one presented an active rootkit. NOD32's ThreatSense can then use signatures and heuristics to detect and remove these threats. It is transparent to users, and it is turned on by default.

New Categorizations of Malware objects
NOD32 v2.7 takes new steps to control Adware and Spyware, in the form of an overhaul of our malware classification system to provide more granular threat assessments: The renamed Potentially Unsafe Applications and a new classification, Potentionally Unwanted Applications, added to identify low-risk threats. There is an arguable distinction between Adware and Spyware, one that can pose tricky legalities for anti-malware companies. By redefining "Grayware" to more generally account for this distinction, NOD32 provides greater granularity of control to customers while more accurately defining this increasingly foggy area.

2. What is the cost for upgrading from the current version of NOD32 to v2.7?

NOD32 v2.7 is being offered free of charge to all of existing customers with a valid NOD32 license. NOD32 v2.7 can be downloaded from our web site and reinstalled over your current version, It will also be delivered automatically as a program component update in about three to four weeks, in mid-December, 2006.

3. How does NOD32 v2.7 compare to other Vista compliant solutions in the market?

Vendor	Compliance	Status (sources of information publicly available on the Web)
Avast	1	Available on all antivirus editions
CA	0	CA Anti-Virus 2007 in Beta
ESET	1	Now available in NOD32 v2.7
F-Secure	0	F-Secure antivirus for Windows Vista 7.00 beta, F-Secure corporation available for Vista
Grisoft	1	AVG Anti-Virus 7.5 and AVG Anti-Virus Free Edition - Vista ready
Kaspersky	0	No date yet, developers working on it
McAfee	½	VirusScan Enterprise Release Candidate 8.5i
Microsoft	0	Windows Live OneCare 1.5 now in Beta
Softwin	0	BitDefender Internet Security 10.1 now in Beta
Sophos	0	Couple weeks after Vista release (Sophos antivirus v6.5)
Symantec	0	Enterprise edition-30 days after Vista release, Home users - beginning of 2007
Trend	0	PC-cillin for Windows Vista still in Beta (5/23 - 12/31)

4. Do I need to uninstall the current version of NOD32 v2.5 before upgrading to the new v2.7?

No, you do not need to uninstall your previous version of NOD32. NOD32 v2.7 installs seamlessly over NOD32 v2.5. Alternatively, you can simply wait for the PCU in December.

5. Is antivirus software needed for Microsoft Windows Vista?

Microsoft Windows Vista is Microsoft's first consumer operating system built from the ground up with security in mind and also introduces a least privilege security model (called "User Account Control" under Windows Vista.) These methods will only reduce the risk of malware under Vista compared with previous versions of Microsoft Windows, not prevent it entirely.

Anti-virus software will still be required for Microsoft Windows Vista. For more information, please visit the "Security in Windows Vista" page on Microsoft's web site.

6. Is ESET running any special deals for the purchase of NOD32 v2.7?

Yes, for the gaming industry we are currently running a 2-for-1 license purchase. Existing 2.5 product boxes are available at a 35% discount: 2-year business licenses can be purchased before 12/31 and you receive an extra 6-months. Purchasing a 3-year license provides you with an additional 9-months. Contact your Channel Manager.

7. I have an inventory of 2.5 boxes - what do I do with it?

ESET will supply all of the distributors of ESET NOD32 with stickers for their remaining NOD32 2.5 inventory. They indicate that there is a FREE upgrade to v2.7. Distributors interested in securing stickers should contact their Channel Sales Manager.

8. Do I have to teach my users about rootkits to protect them?

No, rootkit protection takes place seamlessly, under-the-covers. Switched on by default, the Anti-Stealth technology finds and protects against infections automatically. Users are notified that a new threat has been detected and are asked to confirm cleaning procedures, just like their current NOD32 protection.

You can also educate yourself by reading this white paper Whitepaper-Rootkit_Root_Of_All_Evil.pdf

9. Is a new version of Remote Administrator required to manage NOD32 v2.7?

NOD32 v2.7 can be managed by the current release of Remote Administrator (v1.0.11); however, anti-stealth technology and more granular malware classification settings cannot be managed through it. By default, the anti-stealth technology in NOD32 is enabled. If you use the current version of Remote Administrator to deploy or manage computers running NOD32 v2.7, anti-stealth is automatically enabled on them. See next question, below.

10. When will a new version of Remote Administrator be available?

This new version of Remote Administrator to manage NOD32 v2.7's new features is currently in beta test and will be available approximately two weeks after NOD32 v2.7 is released at the end of November.

11. Are the new anti-stealth technologies in NOD32 v2.7 implemented into existing modules, as new modules or through a companion product?

NOD32 v2.7's new anti-stealth rootkit detection technologies are integrated right into the existing program as part of ThreatSense, are enabled by default, and can be managed through the NOD32 Control Center interface.

12. Do other AV solutions have Rootkit protection now?

Many AV vendors claim to have protections against rootkits. Most either detect that a rootkit already known to them is trying to install, or that a number of obscure processes may be hidden rootkits, without any way of removing them. That is, they can protect against some rootkits as they're being installed, but not against active rootkits already on the system. Active, already installed rootkits were usually impossible to detect from inside the operating system.

NOD32 v2.7 technology now works against Active rootkits, which was difficult before. On-demand/on-access scanners have a real view of all processes, regardless of the stealth activity of the rootkit. NOD32’s integrated Anti-Stealth Technology allows NOD32 to bypass rootkit hooks, seeing the real program output. It is also transparent for users – Users don’t have to understand how it works, or learn new habits to combat the newest rootkit threats.

13. Does NOD32 work with Microsoft Windows Vista?

I've heard that other antivirus programs are not compatible with it. The key issue with Vista for most AV vendors is the enhanced restrictions of Kernel Patch Protection (sometime referred to as PatchGuard). Kernel Patch Protection is not a new security feature in Vista - it was originally implemented in the first Windows 64 bit systems. This is not a problem for ESET and NOD32, since these issues were addressed for the first NOD32 versions compatible with 64-bit Windows in 2005. Other, mostly larger AV companies rely on patching the kernel directly, or "kernel hacks," to operate. This has ALWAYS been discouraged by Microsoft as inherently unsafe.

As NOD32 does not require taking over or bypassing the Windows Security Center, as do other AV products, Windows Security Center integration will pose no additional problem for v2.7. NOD32 is compatible with the Windows Security Center in Microsoft Windows Vista. It does not take over, bypass or otherwise interfere with it as do some other anti-virus products.

ESET has a working relationship with Microsoft, unlike some other anti-virus companies. NOD32's architect and core developers worked directly with Microsoft to ensure compatibility with Vista's new security model. In fact, ESET is already in the process of applying for "Certified for Vista" compatibility.

14. Does NOD32 appear in the Windows Security Center?

After it has been installed, NOD32 will appear in the Malware Protection section of the Windows Security Center:

15. Is NOD32 v2.7 faster or slower than previous versions? What about memory usage?

There is only a negligible increase in size. The v2.7 installation will typically consume 23/24MB of RAM and installed package size is comparable with the current versions of NOD32. Note that other competitors have recently reported smaller memory footprints, but those claims ignore the larger impact they put on page-pull memory. And in testing based on Canon, Inc, performance test methodology, NOD32 still remains the best product for low performance impact on the system.

16. In some cases, NOD32's anti-stealth technology may not be fully compatible with your system. Listed below are messages you may receive from NOD32 when this occurs, and steps to take to troubleshoot them.

Here is a list of new messages in NOD32 v2.7, along with troubleshooting information:

Message: "Anti-Stealth technology is enabled.
Reason: This message is displayed if the NOD32 On-Demand Scanner is operating using anti-stealth technologies.
Steps to troubleshoot: None. It is normal for NOD32 to display this message.

Message: "Anti-Stealth technology initialization failed. The Anti-Stealth technology is working in restricted mode."
Reason: This message is displayed if the NOD32 On-Demand Scanner is started from an account with restricted privileges. In order to operate correctly, NOD32's anti-stealth technology must run with SYSTEM privileges.
Steps to troubleshoot: Reinstall NOD32 from an Administrator account and re-run the scan.

Message: "Anti-Stealth technology initialization failed. The Anti-Stealth technology is working in limited mode."
Reason: This message may be displayed when the NOD32 On-Demand Scanner is run under Microsoft Windows 95, 98SE or Me. Some of the anti-stealth technologies used by NOD32 are not compatible with these operating systems and NOD32 will display a warning message when run under them.
Steps to troubleshoot: None. These operating systems are not compatible with all of the anti-stealth technologies used by NOD32.

NOTE: If NOD32 is run in a virtual environment or used in conjunction with security tools designed to quarantine, sandbox or otherwise virtualize access to the operating environment then warning messages may be displayed saying the Anti-Stealth technology cannot be initialized. This is normal behavior for NOD32 when used in conjunction with these types of programs.

17. How does NOD32's Anti-Stealth technology work?

NOD32's anti-stealth technology uses a variety of techniques to bypass the changes made by rootkits to operating systems to mask their presence. API hooks, Interrupts, SysCalls and other techniques used by rootkit authors to wrest control away from the operating system are negated, allowing NOD32 to see the rootkit using its On-Demand and On-Access (AMON) scanners.

18. What new command-line options are available in NOD32 v2.7?

NOD32 v2.7 introduces two new command line options for the On-Demand Scanner, /UNWANTED and /ANTISTEALTH.

Adding /UNWANTED to the command-line tells NOD32 to check the target being scanned for Potentially Unwanted Applications (or PUwA, for short). By default, NOD32 does not check for Potentially Unwanted Applications because they are a classification for low-risk threats.

Adding /ANTISTEALTH+ to the command-line tells NOD32 to use Anti-Stealth technology when checking the target. By default, NOD32's On-Demand Scanner does check targets using Anti-Stealth technology. To disable it, specify /ANTISTEALTH- on the command line.

19. What Rootkits does NOD32 v2.7 protect against?

NOD32 protects against a variety of rootkits, including FU, HackerDefender, AFXRootkit, and Vanquish. A comprehensive report discussing NOD32 v2.7's ability to protect against specific rootkits will be available in a few weeks.

20. What kind of a threat is a rootkit?

A rootkit is a program (or set of programs) designed hide itself and possibly other, companion programs from being detected on an infected computer. Originally the term was used to describe existing binary program files on UNIX-based systems which had been modified to hide the presence of unauthorized users, allowing them to re-enter the system at any time with "root" privileges (the highest level allowed on a UNIX system). Today, the term rootkit is most often used to describe discreet programs for Windows-based systems that use "stealth" techniques to mask their own presence as well as that of other software such as adware, keyloggers, remote access tools, spyware and other forms of malicious software. While this technique is not new, it has become more prevalent today. Rootkits allow attackers to stay in control of affected computers longer, which means increased access to information from the compromised host and possibly a better revenue stream from adware and browser hijacking.

21. Does NOD32 have to be specifically able to identify a rootkit to protect against it, or can they be proactively dedicated by NOD32's heuristics?

A combination of both, actually: NOD32's anti-threat technology works against both known and unknown rootkits. During its creation, the technology was successful in proactively detecting new, previously-unknown rootkits. However, just like the other components in NOD32, the anti-threat technology will be updated as the threat landscape evolves.