Jump to content

Aryeh Goretsky

ESET Moderators
  • Content Count

    696
  • Joined

  • Last visited

  • Days Won

    45

Everything posted by Aryeh Goretsky

  1. Hello, NSO Group, is the company which is reportedly the developer of the Pegasus, if this Wikipedia article is to be believed: https://en.wikipedia.org/wiki/NSO_Group. ESET's researchers have written a few articles about it in various languages on the WeLiveSecurity blog. I have not looked into the reporting in detail, but if the spyware installs itself on targets' devices with high enough privileges, it probably just waits until encrypted content is decrypted, and then passes those decrypted contents on to its operators. That way, there's no need to spend any time breaking the encryption. Regards Aryeh Goretsky
  2. Hello, If you are in the United States, you can call ESET's technical support department toll-free at +1 (866) 343-3738. Regards, |Aryeh Goretsky
  3. Hello, While ESET does not condone software piracy (or any other kind of piracy, for that matter)*, neither is ESET the software police. That said, it is important to keep in mind that peer-to-peer file sharing programs can be bundled with potentially unwanted applications, adware or even outright malware. They can also introduce privacy issues, such as the leaking of sensitive or confidential information due to improper configuration, as well as security vulnerabilities which can be subject to exploitation by threat actors. And, of course, there is also malware which may make use of peer-to-peer networks for various reasons, from spreading as a worm, for use as command-and-control infrastructure, exfiltration of stolen data, and so forth. Web sites involved in the facilitation of software piracy often have limited opportunities for revenue generation, as legitimate advertising networks, payment processors, e-commerce providers and other businesses may be unable or unwilling to do business with them for legal or other reasons. As such, these web sites may turn to other means of funding continued operation, including the display of advertisements from less-than-reputable ad networks/brokers, which may introduce malicious advertisements (malvertising) using exploit kits to compromise a computer through the web browser, to other schemes, such as mining cryptocurrency in the web browser to generate revenue for the site operator. Another thing to consider is that many customers do not want programs which facilitate the theft of intellectual property on their computers and networks. The reasons for this can range from the mundane (wanting to avoid legal liability) to concerns about more draconian actions: In Russia, software piracy can be treated as a criminal matter by the Russian federal tax police, and having pirated software on computers can lead to the arrest and imprisonment of employees, harsh financial penalties the dissolution of a company and/or the forced transfer of a company's assets. This happened to several non-profits who were accused of pirating Microsoft software in Russia. To their credit, Microsoft quickly responded by providing the Russian non-profits with legal licenses for its software, and now makes its software free for use by non-profits in Russia in order to prevent this from happening again. While that is an extreme kind of scenario, it does show how regimes can use software piracy as a pretext to shut down organizations of which they do not approve. From time to time, ESET has talked about some of the malware using and abusing peer-to-peer networks, probably the most famous of which is the Conficker worm. Some additional examples of malware which make use of peer-to-peer networks, can be found on ESET's VirusRadar site: MSIL/Antinny Python.Filecoder.P (ransomware targeting .torrent files) Win32/AutoRun.IRCBot.FE Win32/Skopvel Win32/TrojanDownloader.Agent.PUC Win64/GoBot2 Further information about risks, as well as mitigations, can be found on ESET's WeLiveSecurity blog: Limewire, free software and the for-fee membership BitTorrent family susceptible to DRDoS attacks Mac malware spread disguised as cracked versions of Angry Birds, Pixelmator and other top apps How black hats misuse the torrent ecosystem for fun and profit As previously stated, ESET is not the software police. ESET does, however, have a stated goal of protecting its customers from threats, and those threats can come from many sources, including peer-to-peer file-sharing networks, applications and their associated web sites. Regards, Aryeh Goretsky *ESET holds no position on Talk Like a Pirate Day.
  4. Hello, This question has now been completely answered, and the topic is now closed. Forum members are reminded that creating multiple accounts is against the forum's Terms of Use. Furthermore, creation of new accounts in an attempt to circumvent moderation, including temporary or permanent bans, will result in the forum moderation team taking whatever actions they deem appropriate at their sole discretion. Regards, Aryeh Goretsky
  5. Hello, This question has now been completely answered, and the topic is now closed. Forum members are reminded that creating multiple accounts is against the forum's Terms of Use. Furthermore, creation of new accounts in an attempt to circumvent moderation, including temporary or permanent bans, will result in the forum moderation team taking whatever actions they deem appropriate at their sole discretion. Regards, Aryeh Goretsky
  6. Hello, A list of removed programs can be found at https://support.eset.com/kb3527/#removable. Regards, Aryeh Goretsky
  7. Hello, ESET is open to new ideas and suggestions. Just don't expect all of them to be implemented, especially if they offer little added benefit to ESET's customers. Regards, Aryeh Goretsky
  8. Hello, I believe you'll find some of the requested functionality in various programs such as ESET SysInspector, ESET SysRescue Live CD, the ESET Rogue Applications Remover and various other malware removal tools. Regards, Aryeh Goretsky
  9. Hello, ESET could improve its results in tests done by some testers by adding junk files that are damaged, non-executable, contain only data, are otherwise non-threatening, but are detected by other anti-malware programs. Would you like ESET to add detection of junk because those other vendors have included those files? Just because a plethora of companies are doing something doesn't make it right, or even that it offers a benefit to their customers, for that matter. Adding features for marketing reasons is not a path I would like to ESET go down, and I suspect at least some of our customers feel the same way. There are lots of features, enhancements and improvements that ESET has yet to make to its software, and some of those will come out of message threads like this one. So, I encourage you to keep asking and making recommendations. But, also keep in mind that ESET is takes its customers' security seriously and wants to develop technologies that do that, and not spend its time and efforts trying to win marketing battles with competitors. Regards, Aryeh Goretsky
  10. Hello, Cookies are not malicious. While they may (or may not) represent privacy issues, they do not represent a threat to user security. Malicious advertisements are blocked all the time. If you want to block tracking, all ads, etc., I would suggest looking at what plugins are available for your web browser. HIPS updates occur as part of the regular updating of modules used by ESET Smart Security. Regards, Aryeh Goretsky
  11. Hello, False alarms on a web site are a big deal. They affect: Whomever owns the web site. Whomever visits the web site. The credibility of the company which generated the the false positive alarm to begin with. It has been my experience that people who visit web sites do not always know when a report of a problem is a false alarm or not. They might assume it is, and it turns out to be a legitimate report and they get infected. Or, they may contact the site operator or their anti-malware solutions provider, creating a support burden. Just because eight, eighty or eight hundred anti-malware companies do something does not mean that ESET should follow them down the "me, too" path. ESET chooses to implement technologies when they provide a tangible benefit to the computing public. Regards, Aryeh Goretsky
  12. Hello, I simply used Web of Trust as an example of someone who does a reputational toolbar as their core business. As far as I know, all the other companies you mentioned (Avast ... Webroot) make the majority of their money elsewhere. As I mentioned in my previous post, I had to jump through numerous hoops to get my own personal website reclassified (whitelisted), when my previous employer saw fit to advise everyone that my site was unsafe due to its lack of reputation. Now, I was able to get that cleared up in several days, but it took me several days and I had to to take advantage of some professional courtesies (e.g., the fact that I was a founder of that company as well as someone who currently worked at a competitor) in order to get them to update their database. And I was lucky, I had industry contacts to worth through. If I did not have those backchannels, who knows how many weeks or months it would have taken. This difficulty in (1) classifying sites properly to begin with; and (2) responding promptly to reclassification requests makes me believe that there is little additional value offered by site advisory services. Am I biased by my own experiences with a false positive alarm and subsequent difficulties getting that fixed? Yes, I certainly am. But, I also cannot help but wonder how difficult it would be for me get things cleared had I not been able to able to use my contacts. Lots of other companies offer varieties of different services, as a means of providing a layered approach, offering some form product differentiation, or even just performing feature parity for reviewers (i.e., "checkbox compliance"), but that does not necessarily mean that the option, feature or service passes the "works reasonably well" that I think is one of the reasons people choose ESET's software over others in a very crowded, competitive market. Maybe, one day, ESET will offer some kind of add-on, plugin or toolbar that provides a deterministic form of site advisory reputational data. But given what I've seen so far, I just don't feel this technology currently passes the "works reasonably well" criteria as a whole, industry-wide. Regards, Aryeh Goretsky
  13. Hello, Browser plugins are an interesting idea, partially because they can allow for feedback in some interesting ways in the UI, but in terms of content [i.e., what the plugin does] I personally feel it is kind of a "landmine area" (for lack of better term). When you get involved in reputational-scoring of web sites, you pick up several additional areas in your workload. For example: Building and maintaining the site-crawling system (which includes back-end databases, integration into existing systems for research, development, QA, support, etc.). Dealing with false-positive reports. Dealing with false-negative reports. Dealing with reclassification requests. Dealing with attempts to game or manipulate the results. ...and so forth And that's just what I came up with off the top of my head. If you take a look in the Malware Finding and Cleaning section of the forum, you'll note that there are a lot of requests that focus around these types of issues, except for downloaded software as opposed to web sites (although there some discussions surrounding blocked web sites as well). I suspect most users probably visit websites more often than the download and install software, so you can imagine how the amount of work required to adequately manage something like that if the number of requests coming in were to increase by, say, two orders of magnitude. That's not to say that this is a bad idea, or that such scaling issues are not solvable. There are companies like Web of Trust who do this as their core business, and my initial inclination would be to steer people to a service like that, if that's what they're looking for. However, I'd also point out that web reputation systems don't necessarily tell you if a site is malicious or not; they might might tell you something about the relative volume of activity that the site gets, or is mentioned in, but there's still quite a bit of difference between something like Alexa or Google's Page Rank and, say, ESET's Live Grid. Ultimately, what I think it comes down to, though, is ESET's philosophy of doing things. It's been my observation since arriving at the company that it focuses on the areas where it can create products that work reasonably well. That's actually expanded or been tweaked a little over the years to encompass not just creating products, but occasionally partnering with companies or even acquiring them outright (the familiar "build, partner or buy" refrain), but the focus has always remained on the "working reasonably well" part. I am pretty satisfied with ESET's approach of blocking outright malicious sites, prompting of sites that might contain potentially unwanted content, and the parental controls type functionalities that ESET provides. Personally, having to have gone through several hoops (accompanied with lots of shouting, calling in of favors, veiled threats and the occasional hint of a bribe of an alcoholic and/or chocolate nature) to get a former employer's site advisor service to whitelist my own personal web site, I have some lingering concerns about how well such services work. Regards, Aryeh Goretsky
  14. Hello, Already implemented. See ESET Knowledgebase Article #3192, "How do I disable Windows update notifications in ESET Smart Security or ESET NOD32 Antivirus?" for instructions. I would also like to point out that (1) knowing whether "most people around the world using pirate versions of Windows" (or not) is not just very debatable, but outside the scope of this forum; and (2) installing Windows Updates is an extremely important part of keeping your computer(s) secure. Regards, Aryeh Goretsky
  15. Hello, Please see theTray menu options poll message thread for a discussion of options available via the icon in the system notification tray area. Regards, Aryeh Goretsky
  16. Hello, As I understand it, the March 12, 2014 updates to the US OFAC embargo against Iran only apply to "Donations of articles intended to relieve human suffering (such as food, clothing, and medicine), gifts valued at $100 or less, licensed exports of agricultural commodities, medicine, and medical devices, and trade in “information and informational materials” are permitted." and then there is the whole issue with how ESET would get paid, as most financial activities are remain under the embargo. Thank you for your interest, but for now, ESET does not do any business in Iran, nor does it have any plans to do so. If the embargo ends or changes to make it possible to sell security software there, ESET may change its stance. Regards, Aryeh Goretsky
  17. Hello, The ESET Security Forum's Privacy Policy has been revised to explain how the forum software makes use of Adobe LSO cookies when uploading a file attachment. To avoid the setting of a LSO cookie in your web browser, toggle the Basic Uploader setting on before uploading a file. Note that using the basic uploader mechanism may require additional mouse clicks since an LSO cookie is not used to track the state of the upload. To review a copy of the revised privacy policy, visit https://forum.eset.com/privacypolicy/ in your web browser. If you have further questions, please send a private message to any member of the moderation team. Regards, Aryeh Goretsky
  18. Hello BluWiz, Always good to hear from colleagues back in my McAfee days! Regards, Aryeh Goretsky
  19. Hello, Not every requested feature can be added at once. ESET's project managers have to carefully look at the technical and market requirements for each request. Sometimes, the amount of work required to implement a requested feature may mean that it needs to be put off for a few version releases until enough engineering time can be budgeted to implement, test and maintain the feature. And sometimes, a feature might be requested that is just out of scope, offers little real-world benefit to customers or may even be against ESET's business practices. In any case, what I would suggest is to provide as detailed a description as possible of the feature you are requesting, in order for ESET's project managers to make better sense of it, and a little patience, as not everything can be done at once. Regards, Aryeh Goretsky
  20. Hello, The goal of this message thread is to provide ESET with specific feedback on changes and new features you would like to see in future versions of ESET's Endpoint programs, such as ESET Endpoint Security, ESET Endpoint Antivirus, ESET NOD32 Antivirus for Mac OS X Dekstop and so forth. Please use the following format when providing feedback: Description: A very specific one line description of your feedback. Detail: A more detailed explanation of your feedback. Please feel free to make this any length, but be sure to use terms everyone can understand. If your suggestion is an extension or update to an existing discussion, please include a link to it in your message. Here is an example: Description: OS/390 support Detail: We use an IBM System/390 at work to run line of business apps and heat our office during the winter. I think ESET should make a version of ESET File Security for OS/390. You are welcome to discuss the merits of each and every suggestion, but keep your comments on topic, concise and thoughtful. There are other parts of the forum to discuss issues. NOTE: When making your requests do not make general statements such as "better detection, HIPS, firewall, cleaning, and so forth." ESET's threat researchers constantly examine new threats and release updates to the virus signature database and to the modules in order to improve these functions. If you have a specific feature or functionality you would like to see added (or improved) please post it here, but general requests to "make things better" are not helpful because they do not give ESET detailed enough information. Thank you for your understanding. Regards, Aryeh Goretsky
  21. Hello, Just a quick administrative reminder. This message thread is for discussing future changes to ESET Smart Security. Reports of issues with the currently-available versions of the software, including public betas, should go in their respective message threads. Likewise, discussions of release scheduling and the like should go in their respective message threads as well. Thank you for your understanding. Regards, Aryeh Goretsky
  22. Hello, Right now additional emoticons are low on the priority list as this is primarily a product support forum and less of a general discussions type forum. That said, we might add some in the future, but don't expect anything very soon. Regards, Aryeh Goretsky
  23. Hello, The reason the behavior was changed because of complaints that the yellow "warning color" was too severe an action to perform on messages which were supposed to be more informational in nature. I'm not really sure what can be done here, though, as different customers have different preferences, and trying to allow the icon to be customized would result in all sorts of problems, ranging from support issues to attacks by malware (in order to hide it/change it to normal). Regards, Aryeh Goretsky
  24. Hello, ESET will be supporting Microsoft Windows XP for quite some time into the future. Keep in mind that ESET still provides support for Microsoft Windows NT 4.0 4.0 SP 6a as well as Microsoft Windows 2000, so support for an OS isn't going to go away right after the manufacturer stops supporting it. Regards, Aryeh Goretsky
  25. Hello, We are still monitoring message threads on Wilders for a bit longer. Regards, Aryeh Goretsky
×
×
  • Create New...