Some antivirus vendors have huge name recognition because they come preloaded on many brand-new computers. Norton and McAfee come to mind. Other high-quality products aren’t as well known.
ESET claims 100 million customers, but it’s probably not the first name that comes to mind.
That’s a shame, as ESET NOD32 Antivirus 10 is a dandy product.
It’s full system scan runs quickly, it gets good scores from the independent labs, and it scored well in most of our hands-on tests.
You pay $39.99 per year to install NOD32 on one PC.
That seems to be the going rate—more than a dozen of the antivirus products I’ve examined cost roughly the same.
F-Secure Anti-Virus 2016 and G Data give you three licenses for that price; three NOD32 licenses will run you $59.99.
That same $59.99 would let you install McAfee on every device in your household.
The installer checks your system for conflicts and downloads the latest code.
During installation, you must tell it whether to include detection of potentially unwanted applications.
For testing purposes, I enabled this detection.
After installation, it immediately launches a scan.
The main window includes quite a bit of whitespace, along with a large image of ESET’s blue-eyed cyborg mascot.
To launch a scan or an update, you can use either the left-side menu or a pair of large blue panels near the bottom of the window.
If there’s a problem with configuration, the green security banner changes to red.
And if there’s something needing your attention—the results of a completed scan, for example—you see a little number next to the corresponding menu item.
In addition to the expected full antivirus scan, you can configure NOD32 to perform a custom scan.
The custom scan lets you choose which local and network drives to scan, and choose whether to scan the boot sector and operating memory.
A full scan of my standard clean test system with NOD32 took just over 20 minutes.
That’s quite good, considering that the average scan time for current products is more than 45 minutes. On subsequent scans, NOD32 skips scanning programs that it already identified as safe, which dramatically cuts down the scan time. On my test system, a repeat scan finished in just 30 seconds.
Mostly Good Lab Results
All the testing labs that I follow include NOD32 in their regular evaluations, and it earns good scores from most of them.
In the latest report from AV-Test Institute, NOD32 took 5 points for Protection, 5 for Performance, and 5.5 for Usability, for a total of 15.5 points.
That’s decent, but not enough to get it recognized as a top product. Kaspersky, Trend Micro, and Bitdefender all earned a perfect 18 points in the same round of testing.
In the tough real-world testing performed by Simon Edwards Labs, products can receive certification at five levels: AAA, AA, A, B, and C.
Along with Kaspersky and Norton, NOD32 received AAA certification.
As for the RAP (Reactive and Proactive) test by Virus Bulletin, NOD32’s score of 84.56 percent beats the current average.
Out of the many tests performed by AV-Comparatives, I follow five.
This lab assigns Standard certification to products that pass a test.
Those that do more than the minimum receive an Advanced or Advanced+ certification. NOD32 took three Advanced and two Advanced+ ratings.
That’s good, but Kaspersky and Bitdefender received Advanced+ in all five tests.
The tests run by researchers at MRG-Effitas are a little different from the rest. Most products fail the banking malware test, the comprehensive malware test, or both.
Indeed, NOD32 failed both.
But since there’s no distinction between a product that absolutely bombs and one that’s just a hair below the passing grade, I give this test less weight when calculating an aggregate score. Only Kaspersky Anti-Virusand Norton passed both of this lab’s tests.
NOD32’s aggregate score, 8.8 of 10 possible points, is quite good. Only four products have a higher lab score. Quick Heal AntiVirus Pro 17 also earned 8.8 points, but that score is based on just two of the five labs that reported on NOD32.
Very Good Malware Blocking
When I opened the folder containing my current malware collection, NOD32’s real-time scanner quickly began eliminating those it recognized. Rather than pop up separate notification windows, NOD32 stacks them in a single popup, with an option to dismiss items one at a time or all at once.
NOD32 wiped out 68 percent of the samples on sight.
That percentage is the same as Avira’s, but Avira spent 15 minutes wiping out these static, never-launched malware samples.
Trend Micro Antivirus+ Security eliminated 94 percent of these samples at this stage, which is quite impressive.
I also maintain a folder containing hand-modified versions of the same samples.
I change the filename, append nulls to change the file size, and tweak the values of a few non-executable bytes.
If an antivirus misses a lot of these, it can indicate a too-rigid signature system. NOD32 threw me for a loop in this test.
Five of the modified samples that it wiped out on sight corresponded to originals that were not caught at this stage.
I assume some type of heuristic detection was involved.
When I tried to launch those five samples, NOD32 eliminated them before they could execute.
In fact, it caught almost all the surviving samples either before or shortly after launch.
Its overall detection rate of 97 percent matches that of Norton and Trend Micro, and its score of 9.5 points is quite good. Webroot SecureAnywhere AntiVirus holds top honors in this test, with a perfect 10 points.
The best time to stop a malware attack is before it even reaches your computer.
To test this level of protection, I attempt to launch 100 recently detected malware-hosting URLs in the browser.
For each URL, I note whether the antivirus prevents all access by the browser, eliminates the payload during or immediately after download, or totally misses the attack.
NOD32 steered the browser away from 46 percent of the URLs.
It identified most with a red-bordered warning about dangerous content, but in a few cases, it used a yellow-bordered warning that mentioned uncertain reputation and potentially unwanted content.
It caught another 43 percent at some point during the download process.
For some, the download cut off before it started. NOD32 whacked others immediately on completion of the download. Here, too, it flagged most as threats.
In a few cases, it popped up a window stating that it found a potential threat, and asking permission to delete it.
NOD32’s combined detection rate of 89 percent is quite good, though several programs have done better. Norton holds the current top score, 98 percent protection, and Avira Antivirus Pro comes next with 95 percent.
When you click an email link to check a problem with your PayPal account, do you look at the address bar to make sure you’re visiting the real PayPal? If not, you might be giving up your PayPal password to a phishing website.
Fraudsters troll for victims by putting up fake sites of all kinds, banks, email, even online gaming. Once they’ve duped a few saps, they absquatulate before the site shows up in antiphishing blacklists.
To test a product’s ability to detect phishing URLs, I use the freshest ones I can fine, typically sites that have been reported as fraudulent but that haven’t yet been analyzed.
I compare the product’s detection rate with four other antiphishing systems simultaneously.
Symantec Norton AntiVirus Basic is my touchstone here, as it dependably earns a high detection rate.
The other three are the antiphishing components built into Chrome, Firefox, and Internet Explorer.
Few products come close to Norton’s detection rate, and even fewer surpass it. Webroot, Kaspersky, and Bitdefender Antivirus Plus 2017 are the only recent products to beat Norton.
Coming close to Norton’s score is pretty good, and NOD32’s version 9 did that, lagging just 8 percentage points behind.
The phishing URLs must have been trickier this time around, as NOD32 and all three browsers missed quite a lot of pages that were visibly fraudulent. NOD32’s detection rate was a full 33 percent lower than Norton’s, yet it did better than the three browsers.
Host Intrusion Prevention System
ESET’s suite products add firewall and network protection, but even the standalone antivirus has a Host Intrusion Prevention System (HIPS). New in this edition is special protection against script-based attacks.
To get a feel for this component, I hit the test system with 30 exploits generated by the CORE Impact penetration tool. Naturally it didn’t stop any of them at the network level, but the HIPS detected and blocked many of the malware payloads that the exploits tried to drop.
None of the exploits cracked security, since the test system is fully patched. NOD32 detected more than half of the attacks, and identified more than half of those by the specific exploit number.
That’s a better score than Kaspersky Internet Security, which blocked precisely half, and also better than Bitdefender Internet Security, which didn’t quite reach the halfway mark. Norton is the current exploit-fighting champion.
It blocked two-thirds of the attacks at the network level, before they could even try to sneak malware onto the test system.
See How We Test Security Software
Device Control is a feature more often seen in security products aimed at businesses.
Its purpose is twofold.
It prevents exfiltration of company data onto unauthorized external drives.
And it blocks USB-based malware attacks by completely preventing the use of unauthorized external drives.
Quick Heal’s Data Theft Protection lets you block use of all external drives, or force them to open in read-only mode. You can also set it to allow authorized USB drives, but it doesn’t whitelist authorized drives. You must enter the administrator password each time you insert a drive.
Device Protection in Avira lets you whitelist or blacklist specific devices, and you can password-protect settings so nobody can mess with the lists. However, even when password protection is active, any user can whitelist a new, unknown drive.
G Data Total Security and TrustPort Total Protection offer more advanced device control, and they do properly block unknown drives.
The Device Control system in NOD32 is the most elaborate of any I’ve seen. You can create rules for a wide variety of devices, including card readers, imaging devices, and Bluetooth devices, as well as more traditional external drives.
Each rule sets an action for a device type, an individual device, or a group of devices.
The actions include blocking use of the device, opening it in read-only mode, and allowing full read/write privileges. You can also set it to warn the user that mounting the device will create an entry in the log, and offering an opportunity to cancel.
For example, you might start with a rule banning all external disk storage devices, but then add one or more rules permitting access for specific, authorized devices. You can define a device using any or all of its vendor name, model, and serial number.
Clicking a button brings up a list of attached devices, to help you get the necessary information.
There’s also an option to define different rules for different users of the system. However, NOD32 relies on the awkward “Select Users or Groups” dialog from Windows itself, rather than providing a more user-friendly selection method.
NOD32 is a consumer product—ESET has a separate product line for business.
I’m sure there are some tech-happy parents who will set up Device Control to ban the kids from connecting possibly infected thumb drives.
But most users should leave this feature turned off.
On the Tools page, there are several ways to examine what NOD32 has been doing.
A protection statistics chart shows how many files the antivirus has examined, how many infected files it found, and how many it successfully cleaned. You can view logs of malware detections, HIPS events, and more.
And you can dig into quarantine to see any viruses or other types of malware caught by the antivirus.
Other items on the tools page aren’t for the average user.
A tech support agent engaged in a remote-control troubleshooting session might well want a list of all running processes and their prevalence, as reported by ESET’s cloud-based LiveGrid system. Likewise, a live graph of file system activity might provide the agent with clues.
On the other hand, every user should run ESET SysInspector, at least once.
This separate program logs details about your PC, things like active services and drivers, critical system files, and important Registry entries. More importantly, it can compare two logs and report what changed.
So, run it when everything is hunky-dory to create a baseline.
If you encounter a problem, you can focus your troubleshooting efforts on just the things that changed.
A tech support agent could do the same remotely, but only if you already created that baseline.
Most independent testing labs give ESET NOD32 Antivirus 10 high marks, and it scored well in most of our hands-on tests.
Its full system scan is one of the fastest I’ve timed.
It’s worth consideration, especially if you’re that rare individual who understands Device Control and has a need for it.
But while you’re considering NOD32, don’t forget to also consider our Editors’ Choice antivirus utilities. Out of the huge field, we’ve identified five with special merit.
Bitdefender Antivirus Plus and Kaspersky Anti-Virus get better lab test scores than NOD32. Pay once for McAfee AntiVirus Plus and you can install it on every device in your household. Webroot SecureAnywhere Antivirus aced our hands-on malware test, and it’s the tiniest antivirus around.
And Symantec Norton AntiVirus Basic adds password management and powerful intrusion prevention to top-scoring antivirus protection.