Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Why is Nod32 logging keystrokes?


  • Please log in to reply

#1
072707

072707

    Member

  • Member
  • PipPip
  • 36 posts
This is an update to: http://www.geekstogo...es-t165696.html

I just heard back from ESET Customer Care again:

An ESET Customer Care Representative has updated this case with the following information:

Hello,
We do not have any code that logs keystrokes; in fact our new version 2.7.xx was introduced to prevent these types of tools.

We do not recommend running any other AV, Anti-malware, Anti-adware programs in conjunction with NOD32. Using two AV type scanners will eventually lead to file system corruption and eventual system failure.


Please contact that vendor for a solution.


Thank you
:whistling:
I very much appreciate ESET's advice and I hold them in very high regard, but I still wanted to clarify my "reasoning" to them even if I am only an average XP sp2 user. Following is the text of my reply to ESET:



The program that I mentioned is, to my understanding, a HIPS, or behavior analyzing type program. To my understanding HIPS fits within a category of security applications that has been developed to run simultaneously with conventional AV, etc. They do not rely upon "signatures" to stop viruses, etc. I am feeling somewhat "conflicted" now because, based solely upon my own "research", I do feel that these types of security applications are an important and necessary component of a comprehensive and "layered" approach to computer security.

I really need to consider this subject more because HIPS, or behavior analyzing security applications, are very well known to a certain category of computer users and, from what I can discern, are "deployed" on windows XP machines simultaneously with conventional AV and antispyware and antimalware products. I "consulted" user forums like "wilderssecurity, where it is my understanding that ESET maintins an OFFICIAL Support Forum( http://www.wildersse...isplay.php?f=15 ) , castlecops.com, geekstogo.com, and tomcoyote.org during my "research" into additional security measures that I can/should take in addition to conventional firewall, antivirus, antispyware, etc. Wilderssecurity.com has significant threads supporting the use of HIPS, or behavior analyzing type security applications, simultaneously with Nod32.

Possibly to my credit I had already developed a very high opinion of Nod32 after doing the same kind of research that led to my conclusion(s) about the use of HIPS, or behavior analyzing security applications. I ALLOWED the so called key logging, as reported by Cyberhawk Pro(HIPS), because I valued the integrity of ESET far more than that of the Cyberhawk Pro trial program. I just was not willing to believe that Nod32 on a new install of XP sp2 was specifically doing something bad nor did I believe the new XP install had been "infected" by something aggressive or effective enough to "masquerade" as or manipulate Nod32.

Researching on some of the forums that I mentioned I am told that this "false positive" is a known issue to Cyberhawk's makers; however, I am unclear of when or if the "fix" will be deployed. Again, I told it to ALLOW Nod32 though.


I used the trial version of Nod32 in just the same way before I bought the full version.


---




My question to this forum now is: Does running anything more than Nod32 and a firewall(Comodo in my case) on my XP sp2 machine "eventually lead to file system corruption and eventual system failure" like ESET stated in the email or was this possibly just a "quick" answer by an ESET representative who may not necessarily be familiar with the purported importance of and the real popularity of HIPS and other behavior analyzing software?


The security applications that I am running on my XP sp2 are listed http://www.geekstogo...ra-t165600.html

Can anyone tell me if they see any potential conflicts?

  • 0

Advertisements


#2
starjax

starjax

    Global Moderator

  • Global Moderator
  • 6,591 posts
it's been the case for a very long time that you do not run more than one anti-virus application. They not only take up to much resources, but end up fight one another. I have never seen a "system failure" as a direct result of more than two applications being installed. Some file corruption, maybe, but system failure would be very uncommon.

Firewall software should not and would not be included in their statement. Your find with commodo firewall. I highly recommend visiting their forums. Lots of good info. http://forums.comodo.com/
  • 0

#3
072707

072707

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thankyou for replying starjax. I am definitely no more than an "average user", but I do try to follow the rule of not running 2 avs or firewalls, even though I did firewalls, any more than I would run two Betta Fish in the same bowl.

I was startled by the most recent reply from ESET customer care apparently implying that I should not run a HIPS, or any other anti-malware, simultaneously with nod32. Personally, as I tried to indicate in that long thread reply, I feel the rep may have been making very generalized statements. I know that many other users, who are knowledgeable, are running HIPS and behavior analyzers simultaneously with av, but I responded to ESET customer care with the long reply that I duplicated in this thread in an attempt to get further clarification of ESET's position on running security software, such as HIPS and behavior analyzers, simultaneously with nod32 despite the fact that, in some instances, the HIPS and behavior analyzers may exhibit behavior that is very similar to or indistinguishable from that of an av.

I am just an "average user" but I believe that deploying security software on my Internet connected machine that consists of only the common("average") firewall, av, and maybe antispyware, will get me common("average") results. I am convinced that the absence of HIPS, behavior analyzers, and such new security applications, running simultaneously with the aforementioned conventional applications, almost automatically means the presence of a security hole the size of the Grand Canyon on the machine in question. Malware, hackers, viruses, whatever, walk right over a typical windows OS setup that they target, probably, 1 out of 4 times. "It has been estimated that up to one quarter of all personal computers connected to the internet are part of a botnet."( http://en.wikipedia....nd_exploitation )

Problem is that, especially for the "average user", these HIPS and behavior analyzers do seem to "mimic" av under certain, even routine conditions and "average users" don't have the requisite knowledge and, or, motivation to determine what works right. For this particular thread I am trying to pinpoint the HIPS or behavior analyzer that does not trash my machine in the way that ESET seems to imply OR I am trying to "mostly" debunk ESET customer care's statement by clarifying, for myself, the position of all the "geeks" on this and several other similar forums; whichever comes first.

Disappointing thing is that I really don't want to be spending this much time trying to get a very good security package up and running on my XP sp2 machine, but, as I listed http://www.geekstogo...ra-t165600.html I am having somewhat of an ordeal.
  • 0

#4
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
i'll echo starjax a little...and expound a little...

what ESET should have said is that you should never have two AV or antimalware programs running at the same time with "resident" or "real time" scanners running at the same time...you can have 20 av programs installed if you like...as long as only one of them has a resident scanner running....when you've got multiple residents going you run the risk of them trying to access a file at the same time and causing the corruptions that their speaking of which...in an extreme case of theoretical "probability" could cause a system failure...assuming that enough files get corrupted or the wrong file gets corrupted...but as jax said....i haven't seen a system completely die because of multiple scanners

that said..i'm not familiar with all AV programs nor the HIPS systems you're speaking of....it's possible that the software might conflict with the NOD32 resident scanner...i'm assuming that for the software to do "behavioral" scanning that it has to have a resident agent which might be why they're suggesting not to use it
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP