(ESET NOD32) an extremely fast Hi-Performance Scanning Engine Complete Transcript of Randy Abrams – ESET Interview on Let's Talk Computers
2006-06-28
Randy Abrams, Director of Technical Education at ESET, talks about why, with all the many types of internet threats, it is so important to have an extremely fast scanning engine that also has low resource utilization to keep your computer safe. The NOD32 High Performance Scanning Engine has proven to be unique is this category.
Alan: You’ve just installed an anti-virus software, installed anti-spyware software, anti-adware software and even installed software that looks for key logging and all the other type of software you need to fight all these Internet Threats. You have all this software and your computer is now protected, but now your computer runs as slow as turtle. This is not trade-off that we can live with. Our guest today, is Randy Abrams, Director of Technical Education with ESET. Welcome back to Let’s Talk Computers, Randy.
Randy: Well, thank you, Alan; It’s great to be here.
Alan: Randy, nowadays, there’s so many different types of Internet Threats that can hit your computer system. All these things are taking CPU time to go through and detect these threats. You don’t want to sit there and watch your computer run anti-threat software all day. If you ask people why they bought their computer, they would say, “Hey, I want to be able to watch anti-threat software doing its job.”
Randy: Well, it’s not most people. There’s definitely a lot more to check for nowadays. You really don’t want to have a very slow product because there’ll get done with the tasks of making sure you’re safe. Checking your safety isn’t what you bought your computer for. You want to get other things done with it.
Alan: There’s nothing worse than having a computer that when you put protection software on your system, that the whole computer becomes the protection software and every time you turn around there are little things down there in bottom icons that do this, and icons that do this – you’re constantly being awed about all these wonderful gui of the software. But that is not threat protection, is it?
Randy: No, not really. Threat protection is whey you are able to proactively block the latest threats out there whenever possible. NOD32 does this. Being able to detect so much of it heuristically means that our researchers and analysts have more time to work on a smaller amount of threat that has to be detected.
Alan: Plus the fact, that you have different modules built into your scanning engine that watch for emails, that watch every time that we go onto the Internet, every time we open up a software package on our desktop. All of these are being protected, aren’t they?
Randy: It doesn’t do much to lock the front door of your house if the back door and patio are left wide-open. Nod32, we looked up every place that a threat could possibly enter your system. So, when you’re surfing the Web, the Internet monitor module is watching your web browser, it’s watching FTP. If you’re using email, the email monitor is watching your email for threats coming in through email. And that works for web-based email, as well as Outlook Express and Outlook. There’s the file system monitor. Your “on demand scanner” and your “on access”, real-time scan that watches anything to the disk and this covers things like network connectivity or if your plug a USB drive into your computer and try to copy files off of it. Whenever your can brings in, we’re monitoring.
Alan: To me, an anti-threat software package has to be almost invisible. It has to be where you know it’s working, but it gets itself out of the way and the only time you really know that it’s there is when it pops up and says, “Hey, you got hit by a threat and we took care of it for you.”
Randy: We want to act a lot like a home security alarm. You don’t want to actually have to think about unless there’s something for you to know about.
Alan: ESET Software as been known to be one of the fastest, if not the fastest threat engines out there. And what makes it so fast?
Randy: It’s a combination of factors. One of the factors is that we have really smart programmers that figure out amazing ways to program software to do the job very quickly; but also, at ESET our NOD32 is written extensively in Assembly Language, which allows the product to run extremely quickly, too.
Alan: Small businesses, medium sized businesses, and even large businesses, Anti-Threat software; if it’s slowing down the system you’re actually still paying your user to use the computer. Payroll still goes on, doesn’t it?
Randy: A couple of factors for a business. (1) the computer is running slower, so you’re employees are less productive. Eventually, as you add applications, it gets too slow. And you have to upgrade – an Asset cost. An anti-virus product that doesn’t perceptibly slow down the computer means you hang on to assets longer before you have to invest in new hardware.
Alan: Another problem that you run into in business is if a user is using a computer that is very slow acting, they may turn off the anti-threat software, altogether, saying “I need to get my job done so I can get out at the right time of day. I just turned it off. It’s not going to bother me.”
Randy: That’s a really problem for corporations to the point that anti-virus software has had to add the ability to password protect settings so that users can’t turn that off. And the reason that users want to turn it off is because it’s slowing down their computers so much that they don’t want it. They’d want to take the risk.
Alan: So, the first thing that we have to have is very fast anti-threat software to make sure that it’s scanning everything. And you have statistics, which are not your statistics, but put out by other companies that actually test your software, like Virus Bulletin.
Randy: Well in the Virus Bulletin, June 2006 test, not only do they test to make sure that you’re detecting everything, but they also tell you how fast the various scanners are. For example, ESET’s Nod32 was able to scan approximately a gigabyte of data in just about one and one-half minutes, where Microsoft One Care took over thirteen minutes to run the same test. And, if you extrapolate this out to a hundred gigabyte hard drive, ESET finishes the job in like 1.6 hours, where One Care is taking eighteen hours to scan. So, eighteen hours for one hundred gigabytes – if you’ve got a five hundred gigabyte file server, you’re not going to get it scanned overnight. With Nod32, it’ll be done well before your employees or you come in to work on the machine in the morning.
Alan: Talking about scanning engines – ESET has a one-threat engine that gets them all, doesn’t them all, doesn’t it?
Randy: We take care of Viruses and Trojans, and Worms, Spyware, Adware, Physhing, a variety of threats and it’s all integrated into our high performance engine. When we scan all this data, that’s the amount of time it takes. It’s not that like One Care, you have to go back with Windows Defender and scan again with Windows Defender to get the Spyware. We’ve done it all at once.
Alan: I like the idea that with ESET you’re one company that does one thing. This is all you do. You live, eat and breathe Viruses and Threats, where with other companies, their Anti-Virus and their Anti-Threat software or Anti-Spam software is just one part of their business.
We don’t take the Wal-Mart approach of trying to provide a little bit of everything at the cheapest price possible. We take a “Best of Breed” approach. We take the technology that we know and understand, make it the best technology we possibly can and sell it at reasonable price.
Alan: When you’re trying to find a new virus or a new threat you really don’t have a signature for it. You have to make sure in real-time that you can see that it is a threat. And that slows a lot of software down, doesn’t it?
Randy: At times it will slow software down. Sometimes the software just plain misses it. It has to slow down because it doesn’t matter how long you give them, they’ll never find it until they get a signature. And that’s one of the things that really is unique about Nod32. - The best heuristics for proactive protection in the world. We’re frequently able to detect brand new threats that we’ve never seen before without a signature, just based on the cleverness of how the product has been written.
Alan: And you’ve never really missed a Virus in the Wild and that’s something that a lot of Virus, Anti-Threat, Anti-Spyware cannot say, is it?
Randy: In Virus Bulletin testing, since 1998 when they started testing Nod32, we’ve never missed an In the Wild Virus in their tests. And there’s no other product that can say that. Actually, Microsoft One Care has never missed an In the Wild Virus in the test, but they’ve only been in one test. So, that’s not much of a record.
Alan: And talking about being able to protect your systems, some businesses still have Windows 95, Windows 98, NT machines. You’re one of the very few companies that protects us all the way across the board.
Randy: Not only do we provide superior detection than any other product out there, but we do it for a wide variety of platforms, including your legacy operating systems. Even businesses that are using older hardware and older operating systems do not have to compromise on the quality of detection.
Alan: One thing I really like about ESET Nod32 is that when you buy a license you always get the latest engine. You don’t have like a 2004 version, a 2005 version, that now you’re pushing out definitions for an old engine. You always get the newest engine.
Randy: I don’t understand why other companies don’t do that. We never, ever want our customers to have our second-best technology. When we come out with better technology, any licensed customer downloads it, because we want our customers to have the very best that we’re able to do.
Just from the aspect of doing the right thing, you want your customers to be protected. That’s what they’re paying you for. That’s what we take pride in doing, is doing our job well. And that’ means we give them the best technology we know how to.
Alan: Nod32 is so customizable – we can actually set aside certain parts of our hard drive that we don’t want to be scanned, because it’s nothing more than achievable.
Randy: You want to exercise great caution when you do that and it’s always a good idea to schedule periodic scans just for piece of mind. But yes, you can say,
”I know this stuff is clean. It hasn’t changed in years. I don’t want to take the time scanning it” and it’s very easy to exclude.
Alan: The whole point of having anti-threat software protecting you, is you want to make sure that it is as fast as possible because these hackers that are trying to put malware and keylogging, adware on your system, they’re not going to put less on your system, do you think?
andy: Not at all. And so you want it to be very fast, but you also want it to be very thorough, too. If you find out that there’s a threat on your system that needs to be taken care of and you’re using your scanner to try to find it, you don’t want to be scanning for eighteen hours, looking for it. You want to find it quickly and eliminate it.
Alan: You want to find it before it gets onto your system. And that’s where your heuristics comes in. It actually stops it, looks at it and says, “Hey, we can’t identify this yet, but it looks like it is not really doing what it’s supposed to do. I think this is a threat.” And then it quarantines it.
Randy: It looks at the software and then It says, “Hey, you’ve got a gun in your hand and you’re wearing a mask, covering your face. You know, you look an awful lot like a bank robber.” And it kind of looks like that. We set up rules that we evaluate software with. And if the software looks like other software that’s almost known to be bad, then we’re going to catch it and stop it.
Alan: You can set Nod32 to go out to the web site and get updates as often as you want and you push them out to us.
Randy: A couple of important things about that. You can set it up and by default to check every hour for updates, but that doesn’t mean that there are updates every hour. That’s the strength of our heuristics - we don’t have to update every hour and when we do update the size of our updates are in the hundreds of kilobytes, so it’s a very small update, compared to some products where you’re pulling down eight megabyte updates.
Alan: You can look at it from a standpoint that protection really doesn’t cost money. It saves you money; because all you have to do is get a virus on your system and you can see how much money you’re going to spend to get it off.
Randy: Microsoft has actually advised that if we get infected with Spyware, you should reformat your computer. So, if you calculate your time and set your hourly rate, (what your time is worth per hour), that you take to back up your data and then format and re-install your operating system, you’ll find that one-year subscription for Nod32 costs a whole lot less than one Virus, one Spyware incident on your computer, if you value your safety and security.
Alan: Randy, if someone would like to find out more information about the Nod32 family, where would they go?
Randy: http://www.eset.com/. And you can download a fully functional 30-day trial, test it out to your heart’s content; just make sure that you disable or uninstall your current anti-virus product, because you don’t’ want two of them on the system at the same time.
Alan: Randy, it’s been our pleasure to have as our guest today, talking about why we need really fast scanning engines on our computer system and hope to have your back on the air again, real soon.
Randy: Thank you Alan. It’s always a pleasure to talk with you and be on your show.
