Establishing Digital Trust: Don't Sacrifice Security for Convenience
ESET's NOD32 Antivirus 4 Business Edition is a straightforward, no-nonsense anti-malware program for small and mid-sized organizations. The program's value proposition is simple: Detection of known and unknown threats with fast scanning speeds and low false positive detection rates.
Like many anti-virus vendors, ESET's roots are in eastern Europe. The company is headquartered in Bratislava, Slovakia -- although it also maintains an office in San Diego, California. (The "NOD" portion of the product name stems from a pun on the title of a popular Slovakian TV show.) The company may be relatively unknown in North America, but ESET's antivirus products command a global market share of around 10 percent -- ahead of industry heavyweights such as Symantec and McAfee -- according to OPSWAT's latest Security Industry Market Share Analysis.
Pros: Lean and Mean Protection
NOD32 Antivirus 4 Business Edition purposely does not include device control, encryption, or any of the other capabilities that sometimes turn lightweight antivirus programs into bloated corporate security suites, according to Jeff Chen, ESET's manager of product marketing. "What we seek to do is find a perfect balance of detection, speed, and false positives. We are not competing with other vendors on features; we want to stay lean and detect malware," he says.
The product is primarily aimed at businesses with between 100 and 1000 users, although it can be used in organisations with just a handful of users or hundreds of thousands of users, Chen says. It offers protection for Windows, Macintosh, and Linux platforms using ESET's own scanning engines, meaning that the protection offered on each platform is essentially the same. The software also detects threats that affect platforms other than the one the program is running on -- so if you are a Linux user and you receive an email that includes Windows malware, this can be dealt with before you forward the email to a Windows machine.
NOD32 Antivirus 4 Business Edition uses antivirus signatures to provide the first level of protection, leveraging specific signatures to detect known viruses and generic signatures to detect polymorphic viruses that change over time. To conserve WAN bandwidth, new virus signatures can be automatically downloaded to a central management server and distributed to all the endpoints over the corporate LAN. Mobile users and remote office employees can either receive updates from a local mirror or directly from ESET over the Internet.
The program carries out behavioral analysis by monitoring applications for suspicious activities -- such as altering certain registry settings. It can also run suspicious software in an emulator that is sandboxed from the rest of the system, to ensure that the file won't be able to do any damage while it is being assessed.
The ESET Remote Administrator management console allows organizations to deploy NOD32 Antivirus 4 Business Edition to desktops (and servers) remotely, update endpoints, run scans, deploy and enforce security policies (such as preventing users from ignoring warnings generated by the antivirus software), run reports, and monitor endpoints for possible infections.
Although ESET eschews unnecessary extra features in NOD32 Antivirus 4 Business Edition, it does include a few extra capabilities. For example, the software can be configured to scan or block the use of removable media such as USB sticks. The program also provides support for Cisco Network Admission Control (NAC), which prevents unsecured endpoints from connecting to a corporate network.
Cons: No Reputation Network (Yet)
One area where NOD32 Antivirus 4 Business Edition lags behind some of its competitors is in the field of reputation-based protection. Unlike competing products from companies such as Symantec, Sophos, and Kaspersky -- even ESET's own consumer antivirus product -- ESET's business product doesn't link to a "reputation network." Reputation networks collect up-to-the-minute data about new threats as they emerge, allowing files and sources of malware to be blocked within a few seconds of detection -- typically before anti-virus signatures can be created and distributed to all endpoints. Reputation network functionality will be added into the next version of NOD32 Antivirus 4 Business, Chen says: "It was added to NOD32 Antivirus 5 for consumers so we do have all the infrastructure in place."
The program does provide businesses with a limited degree of protection against malicious web sites by blocking access to a list of known bad URLs. However, malicious sites can appear so rapidly that URL blocking is not as effective as the protection provided by reputation network technology. "We do offer protection against some web attacks, but this is not a comprehensive web control feature," Chen says.
Feedback from the Field: InfoTech Solutions
InfoTech Solutions is a South Dakota based computer services business. Josh Vandyke, the company's IT manager, runs NOD32 Antivirus 4 Business on all the company's machines. He points to the program's simplicity, ease of use, and effectiveness as its main selling points. Vandyke says he switched from a competing product made by one of the largest and best-known antivirus vendors because it didn't work as advertised: "The detection rates were far too low -- we were lucky it detected half the viruses it encountered."
After surveying the market, Vandyke chose NOD32 Antivirus 4 Business Edition for its strong detection capabilities. He also says he's satisfied with its level of protection against malicious web site protection capabilities: "We like the fact that it can block some web links -- this has protected us against fake AV programs which are a big problem at the moment. The lack of a reputation network hasn't been a problem. I also get an email alert if any machine gets infected, which I think is important."
Vandyke says his overall experience with ESET has been positive, but he points out that his organization regards antivirus protection as only a small part of its security measures. "NOD32 isn't the best thing in the world in terms of overall security, but it's certainly one of the best antivirus products I have come across. But a good security approach involves layers of protection, and I certainly wouldn't depend on my antivirus protection alone."
Pricing: ESET NOD32 Antivirus Business Edition for 1 year. 100 users: $2,099. 500 users: $7,995.
Paul Rubens has been covering IT security for over 20 years. In that time he has written for leading UK and international publications including The Economist, The Times, Financial Times, the BBC, Computing and ServerWatch.