NOD32

NOD32 is an antivirus package made by the Slovak company Eset. Versions are available for Microsoft Windows, Linux, FreeBSD and other platforms. Remote administration tools for multiuser installations are also available at extra cost. NOD32 Enterprise Edition consists of NOD32 AntiVirus and NOD32 Remote Administrator. The NOD32 Remote Administrator program allows a network administrator to monitor anti-virus functions, push installations and upgrades to unprotected PCs on the network and update configuration files from a central location.

NOD32 consists of an on-demand scanner and four different real-time monitors. The on-demand scanner (somewhat confusingly referred to as NOD32) can be invoked by the scheduler or by the user. Each real-time monitor covers a different virus entry point:
  • AMON (Antivirus MONitor) - scans files as they are accessed by the system, preventing a virus from executing on the system.
  • DMON (Document MONitor) - scans Microsoft Office documents and files for macro viruses as they are opened and saved by Office applications.
  • IMON (Internet MONitor) - intercepts traffic on common protocols such as POP3 and HTTP to detect and intercept viruses before they are saved to disc.
  • XMON (MS eXchange MONitor) - scans incoming and outgoing mail when NOD32 is running and licensed for Microsoft Exchange Server - ie, running on a server environment. This module is not present on workstations at all.
NOD32 is written largely in assembly code, which contributes to its low use of system resources and high scanning speed, meaning that NOD32 can easily process more than 23MB per second while scanning on a modest P4 based PC and on average, with all real-time modules active, uses less than 20MB of memory in total but the physical RAM used by NOD32 is often just a third of that. According to a 2005 Virus Bulletin test, NOD32 performs scans two to five times faster than other antivirus competitors.

In a networked environment NOD32 clients can update from a central "mirror server" on the network, reducing bandwidth usage since new definitions need only be downloaded once by the mirror server as opposed to once for each client.

NOD32's scan engine uses heuristic detection (which Eset calls "ThreatSense") in addition to signature files to provide better protection against newly released viruses.

http://www.eset.com/
Posted by
Labels: , , , , , ,