NOD32 Antivirus for Mac: Some Questions

These are a few questions relating to ESET's antivirus scanner for OS X, which is currently in beta, that I was asked in response to a post at Mac Virus. (If you want to take the beta out for a spin, you can still download it at http://beta.eset.com/macosx.)

As these questions are very ESET-specific, I thought it was more appropriate to answer them here rather than at Mac Virus.

1. You mentioned at the Eset blog in response to one of my comments that you where running EAV for Mac, on your Mac. So I am just wondering what the average Memory and CPU usage is for EAV on a Mac?

Yes, I'm running ESET's beta scanner on one of my Macs. I haven't looked at performance metrics, and I probably won't even if it starts to look anomalous. I don't have the time and resources to do accurate performance testing here at the moment, and I don't know that it would be useful anyway. The product is still liable to drastic change, as pre-release products tend to be.

2. Also wondering why Eset don’t show how many malware’s records that’s in your database? Not that it is very important that I know how many, but why not?

 Do you mean how many "signatures" do we have, or how many individual items of malware we detect? The two figures don't actually correlate in a way that would be useful: I don't know how many individual detections we have, but to give that number  would be misleading, since there isn't a single detection to every malicious binary.

Note that this is true of all mainstream AV vendors: because virus labs receive tens of thousands of unique binaries to analyse every day, the emphasis has to be on the most effective way of detecting as many of them as possible, not on precise classification, which is why malware information databases tend to be fairly generic nowadays.

ESET's detections are highly generic (meaning that a whole family or families, variants and subvariants might be picked up by a single detection) and/or heuristic (malware is detected by its characteristics or behaviour rather than by exact or near-exact identification): INF/Autorun, for instance, detects an enormous range (and volume) of malicious programs with two characteristics in common: (a) they try to exploit AutoRun (b) they're malicious! .

3. I know that the Mac version of NOD32 is crossplatform and detects Mac,Linux,and Windows malware. But does the Windows version detect Windows, Mac, And Linux malware as well?

Yes, ESET scanners for Windows detect malware OS X and Linux malware.

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch (or http://twitter.com/ESETblog)
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Also blogging at:
http://smallbluegreenblog.wordpress.com/
http://avien.net/blog
http://blogs.securiteam.com
http://blog.isc2.org/
http://macvirus.com/