Aryeh Goretsky

Hello, It is important to understand that beta versions of Windows 10 offered through the Windows Insider Preview program may be incomplete, buggy and incompatible with various third-party programs that perform low-level operations—not just ESET's, but things like disk imaging and certain kinds of backup software, full disk encryption, HIPS/NIDS/firewall software and so forth. The best thing to do is make sure you are running the latest version ESET Internet Security software,12.1.34.0, and have pre-release updates enabled, per ESET Knowledgebase Article #3415, "Enabled pre-release updates in ESET Windows home products." A restart may be required for changes to take affect. Some features may (or may not) still be inoperable, depending upon what state the version of Windows 10 you are beta-testing is in, but that should ensure maximum compatibility with all of ESET's features. In case there are some features of ESET's software which do not work, they will be disabled, but not cause any interference with the system as a result. When Windows 10 Version 1903 (19H1) exits beta and reaches production level (i.e., it becomes generally available for download for everyone on Microsoft's website), ESET will have versions of its software officially listed as compatible. Until then, ESET does not have any way of providing this, since the operating system is still itself in beta and an unfinalized work in progress. Regards, Aryeh Goretsky

Hello, For this particular case, detection was added no later than March 25, 2019 at around 7:21:03 PM [GMT]. I cannot be more precise than than because there may have been some cloud-based technologies that detected it before then. That time, however, is when detection was added to the threat database and pushed out via ESET's update servers to endpoints around the world. As I mentioned in my previous message, there is no fixed answer to how long it takes to add detection for a threat and remediate it, because each attack is going to be different in complexity, and, as such, require varying amounts of time to add detection for it. And neutralizing the threat once it is found may be much more complicated, or it may be much more simpler. One suggestion I have is to keep an eye on things like ESET's WeLiveSecurity blog and Customer Advisories page, as these are going to contain the latest information about threats. Regards, Aryeh Goretsky

Hello, It is really hard to make a user interface that meets the needs of people with varying levels of knowledge about computers and interest in how their security software works. ESET's user experience (UX) team does try to surface the most-commonly touched features towards the top-most screens, so that people don't have to go through screen upon screen and dig through sub-menus in order to get to what they want. But that is also very much an ongoing work in progress because new options are periodically added, the number of people using the software is always increasing, and there's even differences in how various cultures are used to being exposed to information (which gets really, really interesting when you have a product that supports about three dozen languages). I honestly think the UX folks do a decent job of herding all of the feedback we get into something that makes a usable user interface, but there's no "one-size fits all" solution, and doing something beyond the "basic/advanced" type presentation of information means a lot more complexity in the user interface code, which translates as more resource consumption, additional attack surface to model and so forth. There'a also the issue of making too dramatic changes to large swathes of the user interface, which can cause some cognitive dissonance for the people who use it the most (cf., Windows 8's much-maligned Start Screen). Keeping that manageable means making small gradual changes to the UI over time, as kind of continual GUI improvement process. Anyhow, actionable feedback, suggestions, and constructive criticism about the UI (or any other parts of ESET's software, for that matter) are always welcome. So... keep 'em coming! Regards, Aryeh Goretsky

Hello, Detection for Win32/ShadowHammer was added in threat detection database 19086. From reading about the threat, it's unclear how many computers received the first-stage downloader (reports give numbers varying from hundreds of thousands to millions, but such numbers tend to be highly inaccurate and can only be confirmed by ASUS itself). Those samples contained a hard-coded list of over 600 computers to target with the next stage, so by that criteria the actual number of affecting computers might only be... a handful. The time it takes for detection and remediation of any threat is always going to vary; it's kind of like asking, "how long is a piece of string?" The answer is always going to be arbitrary because some threats take longer to analyze than others. In this particular case, I would suggest keeping an eye on ASUS' product security advisory page at https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/, as well as relevant threads on their support forum here, here and perhaps here as well (I'm unsure if that latter one is related) as ASUS should hopefully have some idea of which of its hardware was affected. Regards, Aryeh Goretsky

Hello, I believe that when you purchase ESET Mobile Security for Android directly from ESET's web site at https://www.eset.com/us/home/mobile-security-android/, as opposed to the Google Play store, that you get a license you can use with https://download.eset.com/com/eset/apps/home/ems/android/latest/ems.apk. For more information, see ESET Knowledgebase Article #6563, Install ESET Mobile Security for Android from an APK file. Regards, Aryeh Goretsky

Hello, A list of removed programs can be found at https://support.eset.com/kb3527/#removable. Regards, Aryeh Goretsky

Hello, ESET is open to new ideas and suggestions. Just don't expect all of them to be implemented, especially if they offer little added benefit to ESET's customers. Regards, Aryeh Goretsky

Hello, I believe you'll find some of the requested functionality in various programs such as ESET SysInspector, ESET SysRescue Live CD, the ESET Rogue Applications Remover and various other malware removal tools. Regards, Aryeh Goretsky

Hello, ESET could improve its results in tests done by some testers by adding junk files that are damaged, non-executable, contain only data, are otherwise non-threatening, but are detected by other anti-malware programs. Would you like ESET to add detection of junk because those other vendors have included those files? Just because a plethora of companies are doing something doesn't make it right, or even that it offers a benefit to their customers, for that matter. Adding features for marketing reasons is not a path I would like to ESET go down, and I suspect at least some of our customers feel the same way. There are lots of features, enhancements and improvements that ESET has yet to make to its software, and some of those will come out of message threads like this one. So, I encourage you to keep asking and making recommendations. But, also keep in mind that ESET is takes its customers' security seriously and wants to develop technologies that do that, and not spend its time and efforts trying to win marketing battles with competitors. Regards, Aryeh Goretsky

Hello, Cookies are not malicious. While they may (or may not) represent privacy issues, they do not represent a threat to user security. Malicious advertisements are blocked all the time. If you want to block tracking, all ads, etc., I would suggest looking at what plugins are available for your web browser. HIPS updates occur as part of the regular updating of modules used by ESET Smart Security. Regards, Aryeh Goretsky

Hello, False alarms on a web site are a big deal. They affect: Whomever owns the web site. Whomever visits the web site. The credibility of the company which generated the the false positive alarm to begin with. It has been my experience that people who visit web sites do not always know when a report of a problem is a false alarm or not. They might assume it is, and it turns out to be a legitimate report and they get infected. Or, they may contact the site operator or their anti-malware solutions provider, creating a support burden. Just because eight, eighty or eight hundred anti-malware companies do something does not mean that ESET should follow them down the "me, too" path. ESET chooses to implement technologies when they provide a tangible benefit to the computing public. Regards, Aryeh Goretsky

Hello, I simply used Web of Trust as an example of someone who does a reputational toolbar as their core business. As far as I know, all the other companies you mentioned (Avast ... Webroot) make the majority of their money elsewhere. As I mentioned in my previous post, I had to jump through numerous hoops to get my own personal website reclassified (whitelisted), when my previous employer saw fit to advise everyone that my site was unsafe due to its lack of reputation. Now, I was able to get that cleared up in several days, but it took me several days and I had to to take advantage of some professional courtesies (e.g., the fact that I was a founder of that company as well as someone who currently worked at a competitor) in order to get them to update their database. And I was lucky, I had industry contacts to worth through. If I did not have those backchannels, who knows how many weeks or months it would have taken. This difficulty in (1) classifying sites properly to begin with; and (2) responding promptly to reclassification requests makes me believe that there is little additional value offered by site advisory services. Am I biased by my own experiences with a false positive alarm and subsequent difficulties getting that fixed? Yes, I certainly am. But, I also cannot help but wonder how difficult it would be for me get things cleared had I not been able to able to use my contacts. Lots of other companies offer varieties of different services, as a means of providing a layered approach, offering some form product differentiation, or even just performing feature parity for reviewers (i.e., "checkbox compliance"), but that does not necessarily mean that the option, feature or service passes the "works reasonably well" that I think is one of the reasons people choose ESET's software over others in a very crowded, competitive market. Maybe, one day, ESET will offer some kind of add-on, plugin or toolbar that provides a deterministic form of site advisory reputational data. But given what I've seen so far, I just don't feel this technology currently passes the "works reasonably well" criteria as a whole, industry-wide. Regards, Aryeh Goretsky

Hello, Browser plugins are an interesting idea, partially because they can allow for feedback in some interesting ways in the UI, but in terms of content [i.e., what the plugin does] I personally feel it is kind of a "landmine area" (for lack of better term). When you get involved in reputational-scoring of web sites, you pick up several additional areas in your workload. For example: Building and maintaining the site-crawling system (which includes back-end databases, integration into existing systems for research, development, QA, support, etc.). Dealing with false-positive reports. Dealing with false-negative reports. Dealing with reclassification requests. Dealing with attempts to game or manipulate the results. ...and so forth And that's just what I came up with off the top of my head. If you take a look in the Malware Finding and Cleaning section of the forum, you'll note that there are a lot of requests that focus around these types of issues, except for downloaded software as opposed to web sites (although there some discussions surrounding blocked web sites as well). I suspect most users probably visit websites more often than the download and install software, so you can imagine how the amount of work required to adequately manage something like that if the number of requests coming in were to increase by, say, two orders of magnitude. That's not to say that this is a bad idea, or that such scaling issues are not solvable. There are companies like Web of Trust who do this as their core business, and my initial inclination would be to steer people to a service like that, if that's what they're looking for. However, I'd also point out that web reputation systems don't necessarily tell you if a site is malicious or not; they might might tell you something about the relative volume of activity that the site gets, or is mentioned in, but there's still quite a bit of difference between something like Alexa or Google's Page Rank and, say, ESET's Live Grid. Ultimately, what I think it comes down to, though, is ESET's philosophy of doing things. It's been my observation since arriving at the company that it focuses on the areas where it can create products that work reasonably well. That's actually expanded or been tweaked a little over the years to encompass not just creating products, but occasionally partnering with companies or even acquiring them outright (the familiar "build, partner or buy" refrain), but the focus has always remained on the "working reasonably well" part. I am pretty satisfied with ESET's approach of blocking outright malicious sites, prompting of sites that might contain potentially unwanted content, and the parental controls type functionalities that ESET provides. Personally, having to have gone through several hoops (accompanied with lots of shouting, calling in of favors, veiled threats and the occasional hint of a bribe of an alcoholic and/or chocolate nature) to get a former employer's site advisor service to whitelist my own personal web site, I have some lingering concerns about how well such services work. Regards, Aryeh Goretsky

Hello, Already implemented. See ESET Knowledgebase Article #3192, "How do I disable Windows update notifications in ESET Smart Security or ESET NOD32 Antivirus?" for instructions. I would also like to point out that (1) knowing whether "most people around the world using pirate versions of Windows" (or not) is not just very debatable, but outside the scope of this forum; and (2) installing Windows Updates is an extremely important part of keeping your computer(s) secure. Regards, Aryeh Goretsky

Hello, Please see theTray menu options poll message thread for a discussion of options available via the icon in the system notification tray area. Regards, Aryeh Goretsky