NOD32 is an antivirus package made by the Slovak company Eset. Versions are available for Microsoft Windows, Linux, FreeBSD and other platforms. Remote administration tools for multiuser installations are also available at extra cost. NOD32 Enterprise Edition consists of NOD32 AntiVirus and NOD32 Remote Administrator. The NOD32 Remote Administrator program allows a network administrator to monitor anti-virus functions, push installations and upgrades to unprotected PCs on the network and update configuration files from a central location.
NOD32 is certified by ICSA Labs. It has been tested 44 times by Virus Bulletin and has failed only 3 times, the lowest failure rate in their tests. At CNET.com, it received a review of 7.3/10.
Technical information
NOD32 consists of an on-demand scanner and four different real-time monitors. The on-demand scanner (somewhat confusingly referred to as NOD32) can be invoked by the scheduler or by the user. Each real-time monitor covers a different virus entry point:
AMON (Antivirus MONitor) - scans files as they are accessed by the system, preventing a virus from executing on the system.
DMON (Document MONitor) - scans Microsoft Office documents and files for macro viruses as they are opened and saved by Office applications.
IMON (Internet MONitor) - intercepts traffic on common protocols such as POPS and HTTP to detect and intercept viruses before they are saved to disc.
XMON (MS eXchange MONitor) - scans incoming and outgoing mail when NODS 2 is running and licensed for Microsoft Exchange Server – i.e, running on a server environment. This module is not present on workstations at all.
NOD32 Virus Detection Alert
NOD32 is written largely in assembly code, which contributes to its low use of system resources and high scanning speed, meaning that NOD32 can easily process more than 23MB per second while scanning on a modest P4 based PC and on average, with all real-time modules active, uses less than 20MB of memory in total but the physical RAM used by NOD32 is often just a third of that. According to a 2005 Virus Bulletin test, NOD32 performs scans two to five times faster than other antivirus competitors.
In a networked environment NOD32 clients can update from a central "mirror server" on the network, reducing bandwidth usage since new definitions need only be downloaded once by the mirror server as opposed to once for each client.
NOD32's scan engine uses heuristic detection (which Eset calls "ThreatSense") in addition to signature files to provide better protection against newly released viruses.
Text 2
What is a virus?
B. Kelley
IOWA STATE UNIVERSITY, PM 1789 Rewised June, 2006.
In 1983, researcher Fred Cohen defined a computer virus as "a program that can 'infect' other programs by modifying them to include a ... version of itself. " This means that viruses copy themselves, usually by encryption or by mutating slightly each time they copy.
There are several types of viruses, but the ones that are the most dangerous are designed to corrupt your computer or software programs. Viruses can range from an irritating message flashing on your computer screen to eliminating data on your hard drive. Viruses often use your computer's internal clock as a trigger. Some of the most popular dates used are Friday the 13th and famous birthdays. It is important to remember that viruses are dangerous only if you execute (start) an infected program.
There are three main kinds of viruses*. Each kind is based on the way the virus spreads.
1. Boot Sector Viruses - These viruses attach themselves to floppy disks and then copy themselves into the boot sector of your hard drive. (The boot sector is the set of instructions your computer uses when it starts up.) When you start your computer (or reboot it) your hard drive gets infected. You can get boot sector viruses only from an infected floppy disk. You cannot get one from sharing files or executing programs. This type of virus is becoming less common because today's computers do not require a boot disk to start, but they can still be found on disks that contain other types of files. One of the most common boot sector viruses is called "Monkey," also known as "Stoned."
2. Program Viruses - These viruses (also known as traditional file viruses) attach themselves to programs' executable files. Usually a program virus will attach to an .exe or .corn file. However, they can infect any file that your computer runs when it launches a program (including .sys, .dll, and others). When you start a program that contains a virus, the virus usually loads into your computer's Memory.
* Three kinds of viruses
1. Boot Sector viruses attach to floppy disks and then copy into the boot sector of your hard drive.
2. Program viruses attach to a program's executable files.