PC Magazine - USA (2021-12)

The boot sector scan I mentioned also triggers NOD32’s UEFI scanner. UEFI
8QL¿HG([WHQVLEOH)LUPZDUH,QWHUIDFHLVZKDWPRGHUQFRPSXWHUVXVHLQVWHDG
of the antique BIOS. The UEFI scanner also runs in the background, making
VXUHQRPDOZDUHKDVVXEYHUWHG\RXU¿UPZDUH,KDYHWRDVVXPHLWZRUNVEXW,
have no way to trigger its protection for testing purposes. Firmware protection
LVLPSRUWDQW$Q\PDOZDUHWKDWZHDVHOHGLQWRWKH¿UPZDUHZRXOGKDYHWRWDO
control over your computer. One aim of the stringent security requirements for
UXQQLQJ:LQGRZVLVWRSURWHFWWKH¿UPZDUHDQGWKHHQWLUHERRWSURFHVV

NOD32 can actively scan the WMI database. WMI (Windows Management
Instrumentation) is best known to programmers as a source of system
information. For example, my boot-time performance test for security suites
queries WMI to get the start time of the boot process. The WMI scan looks for
UHIHUHQFHVWRLQIHFWHG¿OHVZLWKLQWKHGDWDEDVHDQGIRUPDOZDUHHPEHGGHGDV
data. Likewise, the Registry scan checks for such references and embedded
malware throughout the Registry. As with the UEFI scan, we have to take these
activities on faith, as there’s no easy way to test them.

MIXED MALWARE PROTECTION SCORES
I’m always happy to have results reported by the independent labs, but not
every product makes it into those reports. Even when results are available, I still
run hands-on malware protection testing to see the product’s defenses in action.

When I opened the folder containing my current collection of malware samples,
NOD32’s real-time protection gave them the once-over. But it eliminated only
32% of them at this point. That’s uncommonly low—most products score in the
80s or better. Adaware Antivirus Free impressively eliminated 90% of this same
sample collection on sight, though it came up short in other areas.

Notably, NOD32 recognized less than half of the ransomware samples on sight.
Of a dozen other products whose real-time protection wipes out known threats
on sight, eight eliminated all the ransomware samples on sight and four
eliminated all but one.

Continuing the test, I launched the remaining samples. Clearly, the antivirus
applies a tougher standard to programs that are about to launch. It prevented
quite a few samples from launching at all. That included all the remaining
UDQVRPZDUHVDPSOHVPRVWRIZKLFKLWLGHQWL¿HGE\QDPH,WGLGÀDJVRPH
samples as PUAs, and I chose to delete all of those. In other cases, it caught a
malware component during the installation process.