Aryeh Goretsky

Hello, False alarms on a web site are a big deal. They affect: Whomever owns the web site. Whomever visits the web site. The credibility of the company which generated the the false positive alarm to begin with. It has been my experience that people who visit web sites do not always know when a report of a problem is a false alarm or not. They might assume it is, and it turns out to be a legitimate report and they get infected. Or, they may contact the site operator or their anti-malware solutions provider, creating a support burden. Just because eight, eighty or eight hundred anti-malware companies do something does not mean that ESET should follow them down the "me, too" path. ESET chooses to implement technologies when they provide a tangible benefit to the computing public. Regards, Aryeh Goretsky

Hello, I simply used Web of Trust as an example of someone who does a reputational toolbar as their core business. As far as I know, all the other companies you mentioned (Avast ... Webroot) make the majority of their money elsewhere. As I mentioned in my previous post, I had to jump through numerous hoops to get my own personal website reclassified (whitelisted), when my previous employer saw fit to advise everyone that my site was unsafe due to its lack of reputation. Now, I was able to get that cleared up in several days, but it took me several days and I had to to take advantage of some professional courtesies (e.g., the fact that I was a founder of that company as well as someone who currently worked at a competitor) in order to get them to update their database. And I was lucky, I had industry contacts to worth through. If I did not have those backchannels, who knows how many weeks or months it would have taken. This difficulty in (1) classifying sites properly to begin with; and (2) responding promptly to reclassification requests makes me believe that there is little additional value offered by site advisory services. Am I biased by my own experiences with a false positive alarm and subsequent difficulties getting that fixed? Yes, I certainly am. But, I also cannot help but wonder how difficult it would be for me get things cleared had I not been able to able to use my contacts. Lots of other companies offer varieties of different services, as a means of providing a layered approach, offering some form product differentiation, or even just performing feature parity for reviewers (i.e., "checkbox compliance"), but that does not necessarily mean that the option, feature or service passes the "works reasonably well" that I think is one of the reasons people choose ESET's software over others in a very crowded, competitive market. Maybe, one day, ESET will offer some kind of add-on, plugin or toolbar that provides a deterministic form of site advisory reputational data. But given what I've seen so far, I just don't feel this technology currently passes the "works reasonably well" criteria as a whole, industry-wide. Regards, Aryeh Goretsky

Hello, Issue is under investigation. Thank you for your report. Regards, Aryeh Goretsky

Hello, Browser plugins are an interesting idea, partially because they can allow for feedback in some interesting ways in the UI, but in terms of content [i.e., what the plugin does] I personally feel it is kind of a "landmine area" (for lack of better term). When you get involved in reputational-scoring of web sites, you pick up several additional areas in your workload. For example: Building and maintaining the site-crawling system (which includes back-end databases, integration into existing systems for research, development, QA, support, etc.). Dealing with false-positive reports. Dealing with false-negative reports. Dealing with reclassification requests. Dealing with attempts to game or manipulate the results. ...and so forth And that's just what I came up with off the top of my head. If you take a look in the Malware Finding and Cleaning section of the forum, you'll note that there are a lot of requests that focus around these types of issues, except for downloaded software as opposed to web sites (although there some discussions surrounding blocked web sites as well). I suspect most users probably visit websites more often than the download and install software, so you can imagine how the amount of work required to adequately manage something like that if the number of requests coming in were to increase by, say, two orders of magnitude. That's not to say that this is a bad idea, or that such scaling issues are not solvable. There are companies like Web of Trust who do this as their core business, and my initial inclination would be to steer people to a service like that, if that's what they're looking for. However, I'd also point out that web reputation systems don't necessarily tell you if a site is malicious or not; they might might tell you something about the relative volume of activity that the site gets, or is mentioned in, but there's still quite a bit of difference between something like Alexa or Google's Page Rank and, say, ESET's Live Grid. Ultimately, what I think it comes down to, though, is ESET's philosophy of doing things. It's been my observation since arriving at the company that it focuses on the areas where it can create products that work reasonably well. That's actually expanded or been tweaked a little over the years to encompass not just creating products, but occasionally partnering with companies or even acquiring them outright (the familiar "build, partner or buy" refrain), but the focus has always remained on the "working reasonably well" part. I am pretty satisfied with ESET's approach of blocking outright malicious sites, prompting of sites that might contain potentially unwanted content, and the parental controls type functionalities that ESET provides. Personally, having to have gone through several hoops (accompanied with lots of shouting, calling in of favors, veiled threats and the occasional hint of a bribe of an alcoholic and/or chocolate nature) to get a former employer's site advisor service to whitelist my own personal web site, I have some lingering concerns about how well such services work. Regards, Aryeh Goretsky

Hello, By default, ESET Smart Security checks hourly to see if an update is available, and it is certainly possible that at one hourly check only a virus signature database update was available, and at another a module update. Regards, Aryeh Goretsky

Hello, I thought the program was already waiting more than ten seconds, but I could be wrong about that; I'll let the engineering staff know, though. Regards, Aryeh Goretsky

[Question split from thread for improved visibility. AG]

Hello, Perhaps you could start "ping -t" in a command windows, sleep the computer, wake it, and see how long it takes for the ping to resume normal activity? I'm just trying to get a rough idea of how much time is involved (a few seconds, a minute, etc.), not measure it down to the millisecond. Regards, Aryeh Goretsky

Hello, I didn't see anything in the log file from the OCHxxxxx machine that I could immediately identify as a remnant of a Symantec product. Going to ask the folks from business support to take a look. Regards, Aryeh Goretsky

Hello, Here's the VirusTotal report for the first URL from Prof. Brown's site: www.virustotal.com/en/file/5c5c0e866e583f0c84a5d91e368eb6dba364c8f97f17b6ea9f5fc3d2c0578934/analysis/ As for the second one, without knowing the the build and module versions involved, along with a copy of the file in question, it's rather difficult to know what was detected. The ESET Smart Security 8 beta version might do better with its botnet detection technology, but that's just a guess on my part. It is generally understood, though, that new malware is created on a daily basis. This is why anti-malware software is frequently updated to detect it. Regards, Aryeh Goretsky [Copy of your original post below, which I've stripped some of the formatting, in order to make it a little easier to read. AG]

Hello, I know a few of the researchers at Panda Security, and they do top-notch work. There are a lot of bad testers out there. There are a lot of good testers out there. If you are interested in the various ways in which anti-malware companies and reviewers can manipulate each other, cheat, lie and otherwise distort results, might I suggest the following video: Truth or Spin in AV Testing?. It is one hour long. Regards, Aryeh Goretsky

Hello, Out of curiosity, do you know how long it takes for a network interface to fully initialize on the machine with the Marvell NIC? Regards, Aryeh Goretsky

Hello, Sorry, my visits into the forum have been irregular. Let me take a look and see what I can come up with. Regards, Aryeh Goretsky

Hello, Since ESET Smart Security 8 is a beta version, I would suggest installing it as many ways as possible; over an existing installation, clean install, in virtualized and native environments, and so forth. Regards, Aryeh Goretsky

Hello, Please save off a few of the emails with complete header information, compress them in a password-protected archive and submit them to ESET's threat research lab per ESET Knowledgebase Article 141, "How do I submit a virus, website or potential false positive sample to ESET's lab?." Regards, Aryeh Goretsky

Hello, ESET does not sell or otherwise do business in Iran, so this is likely why the activation is failing. I would suggest you contact whomever sold you the software and arrange to get a refund. Regards, Aryeh Goretsky

Hello, I would suggest doing a full uninstall followed by a clean install of the software, as it appears there is a problem possibly caused by having ESET Smart Security on the machine at some point before ESET NOD32 Antivirus was installed. Regards, Aryeh Goretsky

Hello, A thoughtful question requires a thoughtful response. Please give me a moment to reflect on a suitable reply. Regards, Aryeh Goretsky

Hello, To answer the specific comments about usability and web reputation: ESET's software does not incorporate voice recognition or speech synthesis, however, you can toggle "Text Mode" in the ESET Graphic User Interface on and off by pressing Ctrl+G. In Text Mode, the user interface presents an interface that is "friendly" to screen reading programs. I would like to point out that ESET does warn you if you visit a website containing Potentially Unwanted Content. And, as with detection of Potentially Unwanted Applications, the option to proceed is there if you really want to visit the site (or run that application, etc.). I will leave feedback on the other feature requests, including, ahem, "ESET Porn Zone," to my colleagues. Regards, Aryeh Goretsky

Hello, Microsoft introduced a feature in Windows 8 where it will enable Windows Defender if no other anti-malware software is detected as being on the system. The exact behavior varies a little between Windows 8 and 8.1, but the underlying idea is the same: At no instance should your computer be unprotected. I cannot really fault Microsoft for that; they really are trying to clean up the Windows environment. In any case, Windows Defender will cleanly disable itself once a recognized anti-malware software package is installed, so there won't be any issues with conflicts, performance and so forth. Regards, Aryeh Goretsky

Hello, ESET has made incremental improvements to the user interfaces of its products since the launch of v7 in 2007. These have been done when a new version has been released, and have been mostly to improve usability (reduce number of steps to perform actions, make messages easier to understand, provide better help within the program and so forth). Of course, there have also been changes to things like color palette and graphical elements (new icons, etc.) to refresh them for the new version, but these types of changes are relatively minor in scope. While ESET does do a lot more studying of how customers use its product and spend more time changing its UI than when I first arrived at the company in 2005—yes, they even do usability studies now—that is still a small effort relative to the amount expended on the products themselves, whether its core engine development, detection, QA, etc. The reason for this is quite simple: Making massive changes to your user interface does not automatically improve it, simplify it, or otherwise "make it better." All it does is, in fact, make your product more confusing and difficult to use for your existing customers. While I do agree that it is important to address usability issues and make products easier to use, I think one is better off making incremental kinds of changes, so it doesn't cause a cognitive disconnect for users. One recent example of this is a certain commercial operating system vendor from the Pacific-Northwest, which recently made changes to the user interface for their consumer operating system. This was really a very small change, showing one screen instead of another, but the reaction in the marketplace hasn't exactly been great. Most of their customers are staying with the previous version of their OS, or upgrading to that if running an older version. So, in a nutshell, let me summarize: You don't break your user interface just for the sake of changing things. That pretty much never works out well, unless your UI was something totally horrible and wrong to begin with [and, yes, that happens--I once worked for a company where I had to tell its customers "click and drag on the stained glass chili pepper in order to increase or decrease volume" because that's what their UI had in it for a volume control). If your UI is half-way decent to begin with, you'll be able to manage it though a process refinement, making it successively "better" (easier to use, easier to understand, Section 508 compliant, or however your organization defines that) with each release. If you have to throw out your UI wholesale and begin anew with each release, then I'd say there's something wrong--or at least, dysfunctional--in your organization. Regards, Aryeh Goretsky

Hello, Update notifications within the beta version are handled through it's UI, however, it would not be a bad idea to keep an eye on the beta test portal at hxxp://beta.eset.com as well as this forum. Regards, Aryeh Goretsky

Hello, ESET's protection capabilities are constantly enhanced via module updates. In many cases, this allows ESET to improve detection (and cleaning and bug fixes and performance and other issues) without always having to resort to releasing new versions of its software--although there are situations when the base software has to get updated as well. As one example of this, check out the recording of the 2014 Mid-Year Threat Review webcast, where at about 35 minutes into the presentation there is a screenshot showing the new warning dialog for notifying people when their router may have been compromised. I am not sure how many of our competitors would be able to add similar technology without having to issue a product update; probably not too many, I'd guess. Do not confuse the marketing of threat protection with the effectiveness of threat protection. ESET is focused on protecting its users against real world threat, and not buzzword parity games. Oh, and if you will recall, in previous years ESET has not updated the UI for beta versions until RC status was hit. Regards, Aryeh Goretsky

Hello, ESET does not do business in Iran, as mentioned in this message thread. This is why the software fails to activate. I would suggest that you contact whomever you bought the license from and request a refund. Regards, Aryeh Goretsky

Hello, I have not noticed any performance issues whatsoever, but I've only installed this build on a few systems so far. If you come across some kind of slowdown, please post a separate message with step-by-step details on how to reproduce it for ESET's engineers.. Regards, Aryeh Goretsky