Aryeh Goretsky

Hello, Internet protection module 1067 should now be available on the pre-release update servers. Regards, Aryeh Goretsky

Hello, If you have not already done so, can you try turning on pre-release updates in your copy of ESET Smart Security, performing an update manually to download all the pre-release modules, and then letting us know if the problem still occurs? Regards, Aryeh Goretsky

Hello, If you have not already done so, can you try turning on pre-release updates in your copy of ESET Smart Security, performing an update manually to download all the pre-release modules, and then letting us know if the problem still occurs? Regards, Aryeh Goretsky

Hello, Based on your report, it looks like RealPlayer software's installer is bundled with the OpenCandy software. It is, of course, Real Network's decision to determine what third party toolbars, etc., their software is bundled with, and, since ESET's customers want to know about such things, you have the option of turning on detection for potentially unwanted applications (PUA) in your copy of ESET's software. If there is something which is bundled with a PUA that you want to install, you still have the option of downloading and installing it on your computer. Regards, Aryeh Goretsky

Hello, ESET has a current working solution for offline scanning and cleaning in the form of ESET SysRescue which makes use of the WAIK. This solution currently works extremely well, because it uses an actual version of Microsoft Windows for the bootable media. The problem, though, is that getting to the point where you have a bootable ESET SysRescue disc or USB flash drive is a tedious process due to the size of the download for the WAIK. As my colleague Marcos has explained to you, a replacement for the current way ESET SysRescue technology is being developed and will be available at some point in the future. It is not going to be made available until it is thoroughly debugged in-house, after which it will still need to go through a lengthy process of testing to ensure that it not just works well, but works as well as the WAIK-based ESET SysRescue solution, if not better than it, in all possible ways. Getting to that point takes time because it is a huge engineering and testing effort. It is also a specialized solution for use only when someone needs to boot their PC from an external operating system in order to perform malware removal. In most cases, though, removal is done in situ, booted from the operating system on the PC. There's a secondary use case for technicians as well, but that's generally less of an issue because they have already made their CDs, DVDs, USBs or ISOs and keep them up to date. In addition to this project, there are other things ESET's programmers have to work on; not just maintaining the existing programs, but improving the core technologies, developing new software and so forth. Those all take time to develop, and there are people who want those programs just as much as you want to see ESET SysRescue's technology updated. ESET's developers can't do everything at once, though, and have to prioritize based on various criteria, such as "how poorly does the current technology work, and what is the risk level with its replacement?" In the case of ESET SysRescue, it actually works quite well because it is built using established technologies and the risk level of replacing it is high, simply because those new technologies replacing it are untested. The current iteration of ESET SysRescue technology was under development for a long time before it was made available to the public, and the replacement for that technology is going to take time as well. ESET want to make solutions for its customers with high levels of quality, and not buggy software which causes more problems than it solves. Sometimes, that means having to wait to ensure that something is thoroughly debugged and testing, or helping participate in things like the ESET v7 betas to make sure the release version works the way you want it to on your computers. That said, the ESET SysRescue technology is being updated, and the moment we have something ready for the public to help test, you can be sure it will be announced here in the forum. Lastly, I'd just like to respond to Breakman's comment about downloading "ESET Live CDs" off the Internet. In a word: Don't. If you have not built it yourself, or downloaded it directly from someone whom you consider trustworthy, you should not be relying on it to detect and removal malware from your computer. Regards, Aryeh Goretsky

Hello, That's a little outside of ESET's core functionality (security software) and tends to require fairly specialized access on a per-chipset basis. It's probably better to run the software which comes with your motherboard or a dedicated temperature/fan monitoring program for this purpose. Regards, Aryeh Goretsky

Hello, I think that really depends on your definition of secure. Linux can be made very secure (SELinux, AppArmor, grsecurity, etc.) and its relative scarcity at the desktop means that it is not targeted by criminals the same way the market leader, Microsoft, is on the desktop. On the other hand, the Linux-based Android operating system is the market leader in the smartphone space, and last year we saw Android malware increase by 1700%. Linux's biggest sweet spot is probably the server market right now, and that's where things start to get interesting: Over the past year, we have seen steady interest in compromising Linux-based systems, not because of any inherent insecurities in that operating system, but because the services which run on top of it are so widely used. Compromising a single Linux-based web server often means getting control of hundreds or even thousands of web sites, and that's an attractive target for criminals who may want to steal credit card data, serve up malware to Windows desktops, use servers as C&C nodes for botnets, drop zones for stolen data, jumpboxes for attacks and so forth. The likelihood of seeing malicious software on Linux is still orders of magnitudes less than on other platforms, but it's important to keep in mind that the criminal organizations behind those attacks are financially-motivated—they don't really care if you are running Windows or Linux or OS X. What they care about is stealing. If there's a large enough population to steal from (either from theft of services or outright credit-card/banking/financial institution-type theft or a myriad of other schemes) some of them are going to start attacking the platform when the ROI is high enough for them to make some money. Regards, Aryeh Goretsky

Hello, What program are you trying to download, and what was detected when you attemtped to download it? Regards, Aryeh Goretsky

Hello, Yes, this is listed in the Known Issues for the software. Regards, Aryeh Goretsky

Hello, The problem with installing multiple anti-malware programs is that they may simultaneously access an object in an attempt to perform an exclusive operation on it, leading to a lock which has unpredictable behavior (e.g., a STOP error, kernel panic, GURU meditation error, and so forth). It's kind of like juggling flaming chainsaws--everything is fine and the juggler is okay right up to the point he (or she) slices his (or her) hand(s) off. The reason that we do not recommend installing ESET Smart Security 7.0.28 on production systems is because it is beta code. It should only be installed on systems which can have some extended downtime in case troubleshooting an issue needs to be performed. Regards, Aryeh Goretsky

Hello, Yohann also posted this message on our old support forum at Wilders (plus over 100 other different forums). See my reply there. Regards, Aryeh Goretsky

Hello, Unwanted. Potentially Unwanted Applications are programs which are not necessarily malicious (although they could be included with or deployed by malware) but perform actions that someone may not want to happen on their computer, such as changing the home page or default search engine of the browser. Potentially Unsafe Applications are programs which have legitimate uses, but may be abused for malign reasons. Examples of this include certain types of remote control tools, password removing programs and other tools that a company might want to restrict use of to select personnel, such as IT staff. For more information, please see the "Potentially Unwanted Applications White Paper Updated" blog post (and accompanying white paper) on ESET's We Live Security. Regards, Aryeh Goretsky

Hello, The filenames are used by a worm to spread itself have nothing to do with the age, or naming of the malware. I would be very surprised if any malware from 2008 was not detected by ESET, so I am assuming this is something new. Please submit copies of the files in a password-protected archive to ESET's virus lab for analysis by following the instructions in ESET Knowledgebase Article 141, "How do I submit a virus, website or potential false positive sample to ESET's lab?." If you could include an ESET SysInspector log from a machine you believe is infected in the archive, that would be helpful as well. Regards, Aryeh Goretsky

Hello, Issue appears to be addressed in virus signature database 8446+. Can you please confirm you are no longer receiving the report of the NewHeur_PE virus? Regards, Aryeh Goretsky

Hello, This is done when you enable detection of Potentially Unwanted Applications in the software. This is the category under which most of those browser-modifying programs are detected. Regards, Aryeh Goretsky

Hello, Make sure the date and time is set correctly on your computer and restart the system. When it comes back up, try checking the expiration date again. Does it now look correct? Regards, Aryeh Goretsky

Hello, According to the support engineer, the phone number we had on file for you is out of date. The support engineer who contacts you will get your customer record straightened out as well. Regards, Aryeh Goretsky

Hello, I understand one of ESET's support engineers has contacted you via email. Were they able to assist you further with this issue? Regards, Aryeh Goretsky

Hello, Can you provide an example of a path/filename that was not restored correctly? Regards, Aryeh Goretsky

Hello, The requests for sandboxing technology will be forwarded to product development. ESET's researchers constantly make improvements to the antivirus, cloud, firewall and HIPS modules. If you have specific enhancements you would like to see to them, please let us know. Regards, Aryeh Goretsky

Hello, The HIPS module is frequently-updated to handle new threats, fix bugs and so forth. What specific changes would you like to see in the user interface (feel free to create a mock-up screenshot if that would be easier for you to work with). Regards, Aryeh Goretsky

Hello, The startup scan normally takes just a few minutes to run and it vital to protecting your computer from advanced threats. If it is taking hours to run on your computer, I would suggest opening a ticket with technical support to investigate this behavior. Regards, Aryeh Goretsky

Hello, ESET regularly updates the HIPS, Firewall, Heuristic and Cleaning modules to handle new threats. ESET Live Grid, ESET's cloud technology, received a major update for the current version of the software, v6, and is updated continually as new and existing customers participate in it. I am unsure of what you mean by adding command line testing to HIPS, increasing the operations center in the windows firewall icon or increased and more effective active defense bao'h, . Could you describe these further? (link to articles, screenshots, etc. is fine). Regards, Aryeh Goretsky

Hello, Not all third-parties provide an API like Microsoft does. Each one handles it differently, and even that changes from time-to-time (look at how Oracle announcement for handling future Java updates as an example). The HIPS module is regularly updated to handle new threats, better handle existing ones, fix bugs and so forth. Regards, Aryeh Goretsky

Hello, Apple does not provide the necessary framework for development of an iOS anti-malware app. That might change in the future, but for now ESET, like other anti-malware developers, has to work with the APIs that the operating system developers give us. Regards, Aryeh Goretsky