At a bare minimum, every antivirus utility must ruthlessly exterminate any malware infestations that took root before its installation and then maintain vigilance to prevent any further attacks. Some products stick to those essential activities; others, like ESET NOD32 Antivirus, go quite a bit beyond them. Among other bonus features, NOD32 includes a Host Intrusion Prevention System, a scanner for your PC’s firmware, and an elaborate device control system. It scores well in lab tests and most of our own tests, though some of its advanced features may be too complex for the average user.
A NOD32 subscription costs $39.99 per year; additional licenses, up to a total of five, add $10 per year. Kaspersky, Bitdefender Antivirus Plus, Webroot, and quite a few others come in at or near that $39.99 price point for one license. McAfee costs $59.99 per year, but that lets you install McAfee protection on every device in your household, including devices running Windows, macOS, Android, or iOS.
It’s not immediately obvious, but your NOD32 subscription offers its own kind of cross-platform security. You can use your licenses to activate an installation of ESET Cyber Security (for Mac), if you wish. If you have more licenses than you need, you could even install ESET NOD32 Antivirus for Linux Desktop (though Linux malware is rare).
Just about every antivirus program includes the ability to detect and remove potentially unwanted applications (PUAs)—programs that, while not actively malicious, cause problems that outweigh any virtues they may have. Some default to removing these PUAs, while others leave them alone by default. NOD32 makes you actively choose whether to remove PUAs during installation. I enabled PUA detection, and I advise you to do the same. After installation, NOD32 launches a scan, but for testing purposes I halted this initial scan, saving a full scan for later when I could time it.
The main window includes plenty of whitespace, along with a picture of ESET’s blue-eyed cyborg mascot. To launch a scan or an update, you can use either the left-side menu or a pair of large blue panels near the bottom of the window. If there’s a configuration problem, the green security banner changes color. And if NOD32 needs your attention—to show the results of a completed scan, for example—you see the number of notifications next to the corresponding menu item.
Like Norton AntiVirus Plus, NOD32 gives you a ton of settings for tweaking its configuration. As with Norton, you don’t have to page through all those options to find the one you want—you can just start typing in the search box. This may not become an issue, though, as the product’s default configuration is tuned for optimal security.
Very Good Lab Results
All four of the independent testing labs I follow include NOD32 in their testing, and its scores range from good to excellent. Only a third of the products I follow pass both tests performed by MRG-Effitas; NOD32 is among those success stories. This lab’s broad malware protection test offers Level 1 certification to products that completely prevent all attacks, and Level 2 certification if the product misses some initially but eliminates them within 24 hours. ESET’s technology achieved Level 2 and also passed the separate banking Trojans test, as did Avast Free Antivirus, Bitdefender, and Norton.
Researchers at London-based SE Labs capture real-world malicious websites and use a replay system to give all tested products the same malware attack experience. Products can receive certification at five levels: AAA, AA, A, B, and C. Scores in the latest reported test ranged from AAA all the way down to a C for Malwarebytes Premium. ESET was among the majority that managed AAA certification.
Experts at AV-Test Institute examine antivirus products for three important criteria. Protection is important, naturally, but so is a low impact on performance. And wrongly flagging valid programs as malicious is detrimental to a program’s usability. Antivirus tools can earn up to six points each for Protection, Performance, and Usability, for a maximum score of 18. Any antivirus that earns at least 17.5 points is named a Top Product.
AV-Test’s latest results covered nearly two dozen products. A third of them, ESET included, took 17.5 points. Another third maxed out with a perfect 18 points, McAfee, Kaspersky, and Norton among them. ESET is definitely in good company here.
At AV-Comparatives, testers don’t assign numeric scores. A product that passes any test receives Standard certification, while those that go beyond the minimum passing score can take Advanced or Advanced+ certification. Of the four tests from this lab that I follow, NOD32 received two Advanced+ certifications, one Advanced, and one Standard. Only Bitdefender took Advanced+ in the latest results for all four tests.
For each product that received scores from at least two labs, my scoring algorithm maps all the results onto a 10-point scale and generates an aggregate lab score. ESET’s 9.4 aggregate score is quite good. At the top among products tested by all four labs are Kaspersky Anti-Virus and Norton, with 9.7 points. Bitdefender reached 9.8, though this score is based on just three labs.
New Scan Choices
I timed a full scan of my standard clean test system and found that NOD32 finished in 51 minutes. That’s slightly better than the current average of 64 minutes. Also, during that initial scan, NOD32 optimizes for subsequent scanning, marking known good programs that don’t require another look. A second scan finished in just 15 minutes.
NOD32 doesn’t offer the quick scan option found in many antivirus products, but it gives you several custom scanning choices. You can drop suspect files or folders on the scan page for a quick checkup. It offers to scan each removable drive you mount. And from the custom scan menu you can scan memory, boot sectors, or any local or network drive.
The boot sector scan I mentioned also triggers NOD32’s UEFI scanner. UEFI (which stands for Unified Extensible Firmware Interface) is what modern computers use instead of the antique BIOS. The UEFI scanner also runs in the background, making sure no malware has subverted your firmware. I assume it works; I have no way to trigger its protection for testing purposes. And it’s important. Any malware that weaseled into the firmware would have total control over your computer.
New in this edition, NOD32 can scan the WMI database. WMI (Windows Management Instrumentation) is best known to programmers as a source of system information. For example, my boot-time performance test for security suites queries WMI to get the start time of the boot process. The WMI scan looks for references to infected files within the database, and for malware embedded as data. Likewise, the new Registry scan checks for such references and embedded malware throughout the Registry. As with the UEFI scan, we have to take these activities on faith, as there’s no easy way to test them.
Decent Malware Protection Scores
We’re always happy to have results reported by the independent labs, but not every product makes it into those reports. Even when results are available, we still run hands-on malware protection testing, to see the product’s defenses in action.
When we opened the folder containing my current collection of malware samples, NOD32’s real-time protection gave them the once-over. However, it only eliminated 28 percent of them at this point. That’s uncommonly low—most products score in the 80s or better. G Data Antivirus, remarkably, eliminated 98 percent of this same sample collection on sight.
Continuing the test, we launched the remaining samples. Clearly the antivirus applies a tougher standard to programs that are about to launch. It prevented quite a few samples from launching at all. It did flag some as potentially unwanted applications (PUAs); we chose to delete all of those. In other cases, it caught a malware component during the installation process.
Like Avira, Bitdefender, and several others, NOD32 detected 89 percent of the samples one way or another. However, the fact that it let several samples install executable files brought its overall score down to 8.3 points. Tested with this same sample set, Webroot SecureAnywhere AntiVirus managed 100 percent detection and a perfect 10 points. G Data came close, with 98 percent detection and 9.8 points.
NOD32’s score in this test is only fractionally higher than that of Qihoo 360 Total Security, which totally tanked some of our other tests. Bitdefender only scored a little higher, with 8.6 points. What distinguishes Bitdefender and NOD32 from Qihoo is that they have great scores from four testing labs, while Qihoo has no lab scores. When the lab results don’t jibe with our hands-on scores, we go with the labs.
It takes us quite a while to collect and analyze a new set of malware samples, so those necessarily stay the same for months. To check a product’s protection against the latest in-the-wild threats, we start with a feed of malware-hosting URLs detected in the last few days by researchers at MRG-Effitas. We launch each URL in turn and note whether the antivirus prevents access to the URL, eliminates the malware payload, or utterly fails to detect any threat.
While some antivirus tools rely on browser extensions to filter out dangerous websites, NOD32 functions below the browser level. That means it can extend its protection to any internet-capable app. In testing, NOD32 blocked the browser’s access to 80 percent of the malware-hosting URLs. For most of these, it displayed a red warning page. In a few cases it displayed a yellow warning of potentially dangerous content—we counted these as successful detections, too.
The antivirus eliminated another 13 percent of the threats during the download process. Here, too, it identified most as malware threats but treated a few as PUAs.
NOD32’s total score of 93 percent protection puts it in the top 10 for this test, just behind Trend Micro Antivirus+ Security. The topmost score, 100 percent protection, is shared by McAfee, Sophos, and Vipre.
Top 10 Phishing Protection
Writing code to hide from antivirus tools and steal people’s passwords is a tough slog. Fooling people into just handing over those passwords can be much easier. Phishing websites imitate secure sites of all kinds, from online banking systems to gaming sites. The netizen who logs in to one of these frauds has just given away access to the real account. It’s possible to spot phishing scams if you’re alert, but having help from your antivirus means you’re protected even when your eyelids are drooping.
To start our phishing test, we collect reported frauds from websites that track such things, making sure to include some that are so new they haven’t yet been analyzed and blacklisted. Phishing sites are ephemeral, and the very newest ones are typically both the most effective and the hardest to detect. We launch each suspected URL in a browser protected by the product under test and simultaneously in instances of Chrome, Firefox, and Edge protected only by the browser’s built-in phishing detection.
If a URL doesn’t load properly in any of the four test systems, we toss it. If it doesn’t fit the profile for a phishing site, meaning it’s trying to steal login credentials, we toss it. Analyzing those that remain gives us a window into the product’s phishing protection skills.
When last tested, NOD32 detected just 85 percent of the verified frauds, which isn’t great. One of the three browsers outperformed NOD32 in that previous test. This time it pulled its score up to a sturdy 93 percent and beat all three browsers.
That 93 percent score puts NOD32 at the bottom of the top 10. At the very top is McAfee AntiVirus Plus, which flagged 100 percent of the phishing URLs. Bitdefender and Norton are both close seconds at 99 percent.
I tested ESET Cyber Security (for Mac) with the same set of samples and found that its behavior didn’t track with that of the Windows-based product at all. In fact, between the previous test and this test, the Mac edition’s score dropped from 73 percent to 27 percent. My ESET contact explained that “we have an issue with some scanning related to some https links,” and that the team is working on a fix.
It’s clear from the Windows version’s score that ESET has the technology to do a good job protecting against phishing frauds. We can hope that technology will make its way into the Mac edition.
See How We Test Security SoftwareSee How We Test Security Software
HIPS Blocks Exploits
ESET’s suite products add firewalland network protection, but, as with Norton, even the standalone antivirus offers a Host Intrusion Prevention System (HIPS). To test the mettle of this component, I hit the test system with 30 exploits generated by the CORE Impact penetration tool. The HIPS detected and blocked many of the malware payloads that the exploits tried to drop.
None of the exploits penetrated security since the test system is fully patched. NOD32 detected 52 percent of the attacks, identifying about half of those by the official exploit number. That’s a better score than many, though not at the top. Norton routinely scores in the 80s or better. Kaspersky and Norton detected 85 percent and 74 percent, respectively in their own most recent tests.
Comprehensive Device Control
NOD32’s Device Control is a feature more suited to business settings than to consumer use. Out of the box, this feature is disabled; to enable it you must reboot the system. With Device Control active, you can prevent the use of a wide variety of device types, while making exceptions for trusted devices. Among other things, Device Control can prevent anyone from stealing data by copying to unauthorized external drives, and to prevent infestation by USB-based malware.
ESET isn’t the only security company offering such a feature. Device Protection in Avira Antivirus Pro lets you whitelist or blacklist specific devices, and you can password-protect settings so nobody can mess with the lists. However, even when password protection is active, any user can whitelist a new, unknown drive. G Data Total Security offers more advanced device control, and it can prevent others from adding exceptions. Note, though, that this is G Data’s top-tier mega-suite. ESET puts device control in its basic antivirus.
The Device Control system in NOD32 is the most elaborate of any I’ve seen. You can create rules for a wide variety of devices, including card readers, imaging devices, and Bluetooth devices, as well as more traditional external drives. Each rule sets an action for a device type, an individual device, or a group of devices. Available actions include blocking use of the device, opening it in read-only mode, or allowing full read/write privileges.
You can also configure NOD32 to give a warning when someone plugs in an unknown device, letting them know that if they create an exception the action will show up in NOD32’s log. Knowing the action is logged should make the user think twice, and possibly cancel.
As with G Data and others, using this system is a game of rules and exceptions. For example, you could start by forcing read-only use of CD/DVD drives, so nobody can burn secrets to disk. On top of that, you might create an exception allowing you, but nobody else, to burn disks. Or you could ban removable drives but permit specific authorized ones.
In a super-techie household, you might set different access levels for different user accounts, with full access for you but limited access for others. Note, though, that NOD32 relies on the awkward Select Users or Groups dialog to pick user accounts rather than providing a more user-friendly account list.
Yes, even less technical consumers can probably manage to configure NOD32 so the kids can’t corrupt the system with infected thumb drives, but it’s not easy. Most users should leave this feature turned off.
Useful Security Tools
Device Control isn’t the only feature that takes NOD32 beyond the realm of simple antivirus. There’s a whole page of tools to enhance your security experience. Some are useful to all; others require a technical mindset.
Several of the tools give you views of what NOD32 has been doing for you. The Security Report displays statistics on how many applications, web pages, and other objects NOD32 has scanned, along with a world map showing the current malware situation. You can peruse logs of malware detections, HIPS events, and more.
Bringing up the Running Processes list shows you every process that’s running, with a lot more information than you’d get just by looking at Task Manager. Drawing from ESET’s LiveGrid analysis system, it reports the reputation, number of users, and time of discovery for each process. This chart, like the chart of file system activity, may be more useful to a tech support agent who’s examining your system remotely. The same is true of the live file system activity graph.
Soon after installation, you should download ESET’s SysRescueLive tool. This tool runs from a bootable DVD or USB, meaning Windows-based malware is powerless to resist it. If a NOD32 scan detected and removed malware but you still feel like you’ve got malware on the system, run a scan from this tool. Malware that requires this aggressive tool can be seriously persistent, and can interfere with regular antivirus, which is why you want to download it before you run into any such trouble.
Quite a few competing products offer a similar bootable rescue disk, to handle the most persistent malware. Bitdefender one-ups the bunch, though. Its Rescue Mode lets you boot to an alternate operating system without the need to create a disk.
Many security suites offer a system cleaner that wipes out junk files and erases traces of your computer and web-surfing history. With NOD32, System Cleaner has a different meaning. Like Webroot’s similar feature, it aims to correct and restore system settings that malware may have modified. For example, some ransomware replaces your desktop wallpaper with a ransom note, even before attempting encryption behaviors that might trigger an antivirus reaction.
Everybody should run the SysInspector tool right after installing NOD32. This scanner logs a ton of details about your PC’s configuration, including what services are active, the status of critical system files, and the values of essential Registry entries. The report alone might be valuable to a tech support agent, but the key is SysInspector’s ability to compare two reports and tell you what changed. If you run into any kind of system problem, comparing the current status with a no-problem baseline should give you a clue as to the cause.
Even if you always get someone else to help you out of computer jams, you should still run a baseline SysInspector report. Your tech-savvy niece or remote-control tech support agent will find it extremely helpful.
Good for Techies
In tests by independent labs, as well as in our own tests, NOD32’s scores range from good to excellent. It offers numerous features beyond the basics of deleting malware and preventing new attacks. If you’re tech-savvy enough to use it, the Device Control system is the most comprehensive we’ve seen. And at the suite level, ESET was the favorite security tool among PCMag Readers in 2019 and second-favorite suite in 2020.
NOD32 is a worthy contender, but you should also consider our Editors’ Choice antivirus tools. Bitdefender Antivirus Plus and Kaspersky Anti-Virus consistently earn top scores from the independent testing labs. McAfee AntiVirus Plus doesn’t score as high, but it protects every device in your household. Webroot SecureAnywhere AntiVirus aced our hands-on malware protection test, and it’s the tiniest antivirus around.
