The core task for every antivirus utility is to exterminate any malware infestations that took root before its installation and then maintain vigilance to prevent any further attacks. Some products stick to those essential activities, while others, like ESET NOD32 Antivirus, go quite a bit beyond them. Among other bonus features, NOD32 includes a Host Intrusion Prevention System, a scanner for your PC’s firmware, and an elaborate device control system. It scores well in most tests, both lab tests and our hands-on tests, but it did turn in a few poor scores. In addition, some of its advanced features may be too complex for the average user.
BY NEIL J. RUBENKING
Table of Contents
HOW MUCH DOES NOD32 COST?
ANOD32 subscription costs $39.99 per year. Each additional license adds $10 per year. Kaspersky, Bitdefender Antivirus Plus, Web root, and quite a few others come in at or near that $39.99 price for one license. McAfee costs $59.99 per year, but that lets you install McAfee protection on every device in your household, including devices running Windows, macOS, Android, or iOS. It’s not immediately obvious, but a NOD32 subscription offers its own kind of crossplatform security: You can use your licenses to activate an installation of ESET Cyber Security for Mac, if you wish.
GETTING STARTED WITH NOD32
Just about every antivirus program includes the ability to detect and remove potentially unwanted applications (PUAs)—programs that, while not actively malicious, cause problems that outweigh any virtues they may have. Some default to removing these PUAs, while others leave them alone by default. NOD32 makes you actively choose whether to remove PUAs during installation. I enabled PUA detection, and I advise you to do the same.
The main window includes plenty of white space, along with a picture of ESET’s blue-eyed cyborg mascot. To launch a scan or an update, you can use either the leftside menu or a pair of large blue panels near the bottom of the window. If there’s a configuration problem, the green security banner changes color. When NOD32 needs your attention—to show the results of a completed scan, for example—you see the number of notifications next to the corresponding menu item.
Like Norton AntiVirus Plus, NOD32 gives you a ton of settings for tweaking its configuration. As with Norton, you don’t have to page through all those options to find the one you want—you can just start typing in the search box. This may not even be an issue, though, as the software’s default configuration is tuned for optimal security.
MOSTLY GOOD LAB RESULTS
Three of the four independent testing labs I follow include NOD32 in their testing, and its scores are mostly excellent. Tests by London-based MRG-Effitas are especially grueling. Out of a dozen products tested, only ESET, Bitdefender, and Norton pass both this lab’s tests in the latest round.
Experts at AV-Test Institute examine antivirus products for three important criteria. Protection is important, naturally, but so is a low impact on performance. Wrongly flagging valid programs as malicious is detrimental to a program’s usability. Antivirus tools can earn up to six points each for Protection, Performance, and Usability, for a maximum score of 18. Any antivirus that earns at least 17.5 points is named a Top Product. More than half the products in this lab’s latest test earn a perfect 18 points. Another quarter of the products, ESET among them, take 17.5 points.
At AV-Comparatives, testers don’t assign numeric scores. A product that passes any test receives Standard certification, while those that go beyond the minimum passing score can take Advanced or Advanced+ certification. In the three tests from this lab that I follow, NOD32 takes one Standard, one Advanced, and one Advanced+ rating. Bitdefender is the only product with Advanced+ in all three.
For each product that receives scores from at least two labs, my scoring algorithm maps all the results onto a 10-point scale and generates an aggregate lab score. ESET’s 9.3 aggregate score is decent, though not up to the 9.9 score it held when last reviewed. Among products tested by all four labs, Kaspersky Anti-Virus is the big winner, with an aggregate score of 9.9.
UNUSUAL SCAN CHOICES
I timed a full scan of my standard clean test system and found that NOD32 finished in just under half an hour. That’s quite a bit better than the current average of 66 minutes. During that initial scan, NOD32 also optimizes for subsequent scanning, marking known good programs that don’t require another look. A second scan finished in just four minutes.
NOD32 doesn’t offer the quick scan option found in many antivirus products, but it gives you several custom scanning choices. You can drop suspect files or folders on the scan page for a quick checkup. It offers to scan each removable drive you mount. From the custom scan menu you can scan memory, boot sectors, or any local or network drive.
The boot sector scan I mentioned also triggers N0D32’s UEFI scanner. UEFI (Unified Extensible Firmware Interface) is what modern computers use instead of the antique BIOS. The UEFI scanner also runs in the background, making sure no malware has subverted your firmware. I have to assume it works, but I have no way to trigger its protection for testing purposes. Firmware protection is important. Any malware that weaseled into the firmware would have total control over your computer. One aim of the stringent security requirements for running Windows 11 is to protect the firmware and the entire boot process.
NOD32 can actively scan the WMI database. WMI (Windows Management Instrumentation) is best known to programmers as a source of system information. For example, my boot-time performance test for security suites queries WMI to get the start time of the boot process. The WMI scan looks for references to infected files within the database and for malware embedded as data. Likewise, the Registry scan checks for such references and embedded malware throughout the Registry. As with the UEFI scan, we have to take these activities on faith, as there’s no easy way to test them.
MIXED MALWARE PROTECTION SCORES
I’m always happy to have results reported by the independent labs, but not every product makes it into those reports. Even when results are available, I still run hands-on malware protection testing to see the product’s defenses in action.
When I opened the folder containing my current collection of malware samples, NOD32’s real-time protection gave them the once-over. But it eliminated only 32% of them at this point. That’s uncommonly low—most products score in the 80s or better. Adaware Antivirus Free impressively eliminated 90% of this same sample collection on sight, though it came up short in other areas.
Notably, NOD32 recognized less than half of the ransomware samples on sight. Of a dozen other products whose real-time protection wipes out known threats on sight, eight eliminated all the ransomware samples on sight and four eliminated all but one.
Continuing the test, I launched the remaining samples. Clearly, the antivirus applies a tougher standard to programs that are about to launch. It prevented quite a few samples from launching at all. That included all the remaining ransomware samples, most of which it identified by name. It did flag some samples as PUAs, and I chose to delete all of those. In other cases, it caught a malware component during the installation process.
NOD32 detected 89% of the samples one way or another. But the fact that it let several samples install executable files brought its overall score down to a dismal 7.9 points, even worse than the 8.3 points it scored in my previous review. Tested with this same sample set, Malwarebytes managed 100% detection and a perfect 10 points. McAfee came close, with 100% detection and 9.9 points. Webroot SecureAnywhere AntiVirus detected 99% and scored 9.8.
NOD32’s score in this test is the lowest of any product tested with the current sample set. That result doesn’t line up at all with its many excellent lab test scores. When my results don’t jibe with the labs, I give the labs more weight.
It takes me quite a while to collect and analyze a new set of malware samples, so those necessarily stay the same for months. To check a product’s protection against the latest in-the-wild threats, I start with a feed of malware-hosting URLs detected in the last few days by researchers at MRG-Effitas. I launch each URL in turn and note whether the antivirus prevents access to the URL, eliminates the malware payload, or utterly fails to detect any threat.
While some antivirus tools rely on browser extensions to filter out dangerous websites, NOD32 functions below the browser level. That means it can extend its protection to any internet-capable app. In testing, NOD32 blocked the browser’s access to 86% of the malware-hosting URLs. For most of these URLs, it displayed a red warning page. In a few cases it displayed a yellow warning of potentially dangerous content—I counted these as successful detections, too. The antivirus eliminated another 10% of the threats during the download process.
N0D32’s total score of 96% protection is good, but 10 products scored even better in their latest malicious URL test. Bitdefender, McAfee, and Norton top this list, all with a perfect 100% protection score.
DECENT PHISHING PROTECTION
It’s possible to spot phishing scams if you’re alert, but having help from your antivirus means you’re protected even when your eyelids are drooping.
To start the phishing test, I collect reported frauds from websites that track such things, making sure to include some that are so new they haven’t yet been analyzed and blacklisted. Phishing sites are ephemeral, and the very newest ones are typically both the most effective and the hardest to detect. I launch each suspected URL in a browser protected by the product under test and simultaneously in instances of Chrome, Firefox, and Edge protected only by the browser’s built-in phishing detection.
If a URL doesn’t load properly in any of the four test systems, I toss it. If it doesn’t fit the profile for a phishing site—meaning it’s trying to steal login credentials—I also toss it. Analyzing those that remain gives me a clear idea of the product’s phishingprotection skills.
When last tested, NOD32 detected 93% of the verified frauds. This time it scored 92%, hardly different. It did beat all three browsers.
When last tested, NOD32 detected 93% of the verified frauds. This time it scored 92%, hardly different. It did beat all three browsers—Edge, in particular, had a really bad day—but others have scored much better. Ten products currently score 96% or higher, including F-Secure, McAfee AntiVirus Plus, and Norton, all three of which flagged 100% of the phishing URLs.
I tested ESET Cyber Security for Mac with the same set of samples and found its behavior didn’t track with that of the Windows-based product at all. In fact, macOS ESET caught just 10% of the phishing frauds. When I asked about the same problem during my previous review, my company contact explained that “we have an issue with some scanning related to some https links,” and that the team is working on a fix. Clearly, they’re still working on it.
It’s clear from the Windows version’s score that ESET has the technology to do a good job detecting phishing frauds. I hope that technology will make its way into the Mac edition.
Modern security offerings go beyond simply protecting one device. Even the simple antivirus reviewed here can protect multiple Windows or macOS devices. A central hub to manage all your installations is more important than ever. That’s where ESET Home (formerly My ESET) comes into play.
You’ll find an ESET Home button in the title bar of the main application. You can also simply navigate to home.eset.com from any browser. Once you log in, you can view all your licenses and protected devices. For each license, it shows the total number of devices, the number in use, and the number still available. Right from this dashboard, you can open a license and add protection to the current device or send an email link.
Shifting to the devices view, you can quickly see whether any of your devices have security issues. You can get details on any problems, but to do anything about them, you must go to the affected computer. There’s no remote configuration control, which you get with Sophos, Webroot, and a few others.
This page offers another opportunity to add protection to more devices. There is one odd limitation, though—at present, protected macOS devices don’t show up in ESET Home.
The online dashboard is also the spot to manage the parental control, password management, and anti-theft components. But those components aren’t part of this standalone antivirus.
HIPS BLOCKS EXPLOITS
ESET’s suite products add full-blown firewall and network protection, but even the standalone antivirus offers a Host Intrusion Prevention System (HIPS). To see this component in action, I hit the test system with 30 exploits generated by the CORE Impact penetration tool. The HIPS detected and blocked many of these attempts to exploit security vulnerabilities.
None of the exploits penetrated security, since the test system is fully patched. NOD32 detected and blocked 35% of the attacks, identifying most of them using the official exploit number. HIPS and exploit protection are among the areas flagged as being improved in this latest version, but that score is down from 52% last time I ran this test on ESET. Kaspersky and Bitdefender detected 84% and 74% respectively in their latest exploit tests.
According to ESET, N0D32’s ransomware protection has been beefed up in this latest edition. It falls under HIPS in settings, meaning I could test it by turning off ordinary real-time protection and leaving HIPS turned on. I did just that and then tested a dozen real-world ransomware samples. The results weren’t pretty.
One of the samples didn’t try any chicanery; without ransomware behavior, the ransomware detector naturally didn’t react. Four file-encrypting samples proceeded to do their dirty deeds without a peep from NOD32, as did one whole disk-encrypting sample. Four more got caught after launch by NOD32’s scan for active malware in memory.
That leaves exactly two samples detected by ransomware protection. This detection took the form of a warning about a program trying to modify files in a suspicious way. It didn’t mention ransomware. Denying the activity saved the day in one case. The other managed to encrypt over 4,000 files before NOD32 took it down.
As with ransomware protection layers in other antivirus products, NOD32’s isn’t intended as the first line of defense, or even the second. With all cylinders firing, NOD32 eliminated almost half the samples on sight and wiped out the rest when they tried to launch. But this test suggests the ransomware-specific protection layer could use another round of enhancements.
COMPREHENSIVE DEVICE CONTROL
NOD32’s Device Control is a feature more suited to business settings than to consumer use. Out of the box, this feature is disabled. To enable it, you must reboot the system. With Device Control active, you can prevent the use of a wide variety of device types, while making exceptions for trusted devices. Among other things, Device Control can prevent anyone from stealing data by copying to unauthorized external drives and head off infestation by USB-based malware.
ESET isn’t the only security company offering such a feature. Device Protection in Avira Antivirus Pro lets you whitelist or blacklist specific devices, and you can password-protect settings so nobody can mess with the lists. However, even when password protection is active, any user can whitelist a new, unknown drive. G Data Total Security offers more advanced device control, and it can prevent others from adding exceptions. Note, though, that this is G Data’s toptier mega-suite. ESET puts device control in its basic antivirus. It’s an excellent bonus feature for an entry-level product.
The Device Control system in NOD32 is the most elaborate of any I’ve seen. You can create rules for a wide variety of devices, including card readers, imaging devices, and Bluetooth devices, as well as more traditional external drives. Each rule sets an action for a device type, an individual device, or a group of devices. Available actions include blocking use of the device, opening it in read-only mode, or allowing full read/ write privileges. You can also configure a rule to simply warn that policy limits access to the device, and that accessing it despite the warning will be logged.
USEFUL SECURITY TOOLS
Device Control isn’t the only feature that takes NOD32 beyond the realm of simple antivirus. It offers a whole page of tools to enhance your security experience. Some are useful to all; others require a technical mindset.
The Device Control system in NOD32 is the most elaborate of any I’ve seen. You can create rules for a wide variety of devices.
Several of the tools give you views of what NOD32 has been doing for you. The Security Report displays statistics on how many applications, web pages, and other objects NOD32 has scanned, along with a world map showing the current malware situation. You can peruse logs of malware detections, HIPS events, and more.
Bringing up the Running Processes list shows you every process running, with a lot more information than you’d get just by looking at Task Manager. Drawing from ESET’s LiveGrid analysis system, it reports the reputation, number of users, and time of discovery for each process. This chart, like the chart of file system activity, may be more useful to a tech support agent who’s examining your system remotely. The same is true of the live file system activity graph.
Soon after installation, you should download ESET’s SysRescueLive tool. This tool runs from a bootable DVD or USB, meaning Windows-based malware is powerless to resist it. If a NOD32 scan detected and removed malware, but you still think you’ve got malware on the system, run a scan from this tool. Malware that requires this aggressive tool can be seriously persistent and can interfere with regular antivirus, which is why you want to download it before you run into any such trouble.
Quite a few competing products offer a similar bootable rescue disk to handle the most persistent malware. Bitdefender one-ups the bunch, though. Its Rescue Mode lets you boot to an alternate operating system without the need to create a disk.
If a NOD32 scan detected and removed malware, but you still think you’ve got malware on the system, run a scan from this tool.
Many security suites offer a system cleaner that wipes out junk files and erases traces of your computer and web-surfing history. With NOD32, System Cleaner has a different meaning. Like Webroot’s similar feature, it aims to correct and restore system settings that malware may have modified. For example, some ransomware replaces your desktop wallpaper with a ransom note, even before attempting encryption behaviors that might trigger an antivirus reaction.
Everybody should run the SysInspector tool right after installing NOD32. This scanner logs a ton of details about your PC’s configuration, including what services are active, the status of critical system files, and the values of essential Registry entries. The report alone might be valuable to a tech support agent, but the key is SysInspector’s ability to compare two reports and tell you what changed. If you run into any kind of system problem, comparing the current status with a no-problem baseline should give you a clue as to the cause.
Even if you always get someone else to help you out of computer jams, you should still run a baseline SysInspector report. Your tech-savvy niece or remotecontrol tech support agent will find it extremely helpful.
GOOD FOR TECHIES
Independent lab test scores for ESET NOD32 Antivirus are mostly excellent, with a few that are merely good. Its scores in our own hands-on tests range from poor for basic malware protection to very good for phishing protection and malicious download blocking. It offers numerous features beyond the basics of deleting malware and preventing new attacks. If you’re tech-savvy enough to use it, the Device Control system is the most comprehensive we’ve seen. In that case, you should consider ESET NOD32: It’s a worthy contender.
If that doesn’t sound like you, consider our Editors’ Choice antivirus tools, which pack plenty of more typical security features along with award-winning protection. Bitdefender Antivirus Plus and Kaspersky Anti-Virus consistently earn top scores from the independent testing labs. McAfee AntiVirus Plus doesn’t score as high, but it protects every device in your household. Webroot SecureAnywhere AntiVirus scores high in our hands-on testing, and it’s the tiniest antivirus around.
In lab tests and our own hands-on tests, ESET NOD32 Antivirus earns some impressive scores. It also packs extras that go far beyond the antivirus basics, such as exploit protection and device control.
- Some excellent scores from independent labs. Some good scores in our hands-on tests.
- HIPS component blocks exploits. Comprehensive device control.
- Poor score in our hands-on malware blocking test. Device control is too complex for most users.
- Ransomware protection isn’t effective in testing.