Future changes to ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium and ESET Ultimate Security

[SweX 871]

Description: Live Grid execution blocker unless file is known safe.

 

It is quite rare that I of all people post feature requests or in this case request added functionality to a feature we already have.

 

But it's something I have thought about before, several times actually, that I believe could be useful for basically all above average users, and users that know how to respond to a prompt once in a while, would be a function that is found in some other products and that works with file info from the cloud in this case Live Grid. I guess you could say it works like a cloud based whitelist.

 

In ESET that could be a function like, unless the file we execute is "green/known safe" in Live Grid we would be prompted with a "allow, block, quarantine" popup notification.   

 

That means nothing that is not known safe "green tagged" in Live Grid will not be allowed to execute without that we allow it first.

 

Of course this should be a function having a checkbox like everything else that users can enable and disable. And it should not be enabled by default for obvious reasons. 

 

P.S 

Not to mix this up with file reputation / how many users have this file similar to -> "only 5 users have this file are you sure you want to allow the file to execute?" 

 

That is NOT my idea, so even if only 1 user have this file and it is "green tagged" known safe in Live Grid it will be allowed to execute just fine.

 

Thank You.

Edited December 9, 2014 by SweX

[LabVIEW707 13]

Isn't this a suggestion thread? Not something based on your opinion? Every single av company out there does it. Its a FREE browser plugin. Instead of arguing with me you could say 'Hey thanks for the idea and we will look into incorporating into future builds". This is a tool that most experts do not need but it is beneficial to newbies. 

 

1. Avast

2. Norton

3. Avira

4. Bitdefender

5. Kaspersky

6. McAfee

7. Webroot

8. AVG

 

All the above have site advisors. So all of them cannot be wrong. I am not talking about something built within Eset. I am talking about a browser plugin. 

[Aryeh Goretsky 386]

Hello,
 
Browser plugins are an interesting idea, partially because they can allow for feedback in some interesting ways in the UI, but in terms of content [i.e., what the plugin does] I personally feel it is kind of a "landmine area" (for lack of better term).
 
When you get involved in reputational-scoring of web sites, you pick up several additional areas in your workload.  For example:

• Building and maintaining the site-crawling system (which includes back-end databases, integration into existing systems for research, development, QA, support, etc.).
• Dealing with false-positive reports.
• Dealing with false-negative reports.
• Dealing with reclassification requests.
• Dealing with attempts to game or manipulate the results.
  ...and so forth

And that's just what I came up with off the top of my head.

 

If you take a look in the Malware Finding and Cleaning section of the forum, you'll note that there are a lot of requests that focus around these types of issues, except for downloaded software as opposed to web sites (although there some discussions surrounding blocked web sites as well).  I suspect most users probably visit websites more often than the download and install software, so you can imagine how the amount of work required to adequately manage something like that if the number of requests coming in were to increase by, say, two orders of magnitude. 

 

That's not to say that this is a bad idea, or that such scaling issues are not solvable.  There are companies like Web of Trust who do this as their core business, and my initial inclination would be to steer people to a service like that, if that's what they're looking for.

 

However, I'd also point out that web reputation systems don't necessarily tell you if a site is malicious or not; they might might tell you something about the relative volume of activity that the site gets, or is mentioned in, but there's still quite a bit of difference between something like Alexa or Google's Page Rank and, say, ESET's Live Grid.

 

Ultimately, what I think it comes down to, though, is ESET's philosophy of doing things.  It's been my observation since arriving at the company that it focuses on the areas where it can create products that work reasonably well.  That's actually expanded or been tweaked a little over the years to encompass not just creating products, but occasionally partnering with companies or even acquiring them outright (the familiar "build, partner or buy" refrain), but the focus has always remained on the "working reasonably well" part.  I am pretty satisfied with ESET's approach of blocking outright malicious sites, prompting of sites that might contain potentially unwanted content, and the parental controls type functionalities that ESET provides.

 

Personally, having to have gone through several hoops (accompanied with lots of shouting, calling in of favors, veiled threats and the occasional hint of a bribe of an alcoholic and/or chocolate nature) to get a former employer's site advisor service to whitelist my own personal web site, I have some lingering concerns about how well such services work.

 

Regards,

 

Aryeh Goretsky

[LabVIEW707 13]

WOT is a joke by the way. It's based on user opinions and not actual malware related facts. Just read some of the comments. You seem to be avoiding the topic in a round about way. Again if all the previous mentioned companies can do it then so can Eset. Its just another layer. And was we all know a layered approach is the best approach. The average user has no idea what live grid is. Most never even open up the main GUI. 

 

FYI..............Thanks for the reply. 

Edited August 21, 2014 by LabVIEW707

[Arakasi 549]

I agree with Aryeh.

Since this is a public forum to freely express opinions. Mine is that toolbars and web add-ons, extensions, and the on-going topic of a browser add-on for trust on sites is utter junk and should never be incorporated into ESET's software.

Use an alternative program.

[mark.fox7768 0]

You need to work a lot on your HIPS for zero day malware and unknown malware because you don't have any rules and because there are none preset any malware that is unknown with be able to fully run it should ask the user weather to allow it or block it. I have been an eset fan since version 3 and then the HIPS came along in 5 and is still not changed in  6,7,8 the problem is still here

 

You need to change your default HIPS mode from automatic mode with rules to be more involved with the user this in my view is the biggest problem with eset.

 

Please fix this in the final version of 8 or I will be leaving eset for good.

 

 

 

[Arakasi 549]

I think ESET does have pre-defined rules for HIPS, you just can't see them.

Maybe ESET can bring these out into the open for editting.

[LabVIEW707 13]

I agree with Aryeh.

Since this is a public forum to freely express opinions. Mine is that toolbars and web add-ons, extensions, and the on-going topic of a browser add-on for trust on sites is utter junk and should never be incorporated into ESET's software.

Use an alternative program.

 

Please understand the difference between toolbars, site advisors and something added into Eset. I am NOT talking about a toolbar. Clearly most of you have never looked at the competition. When the Avast installer is complete your default browser opens up and it will promoted you to install the separate add on. Such as for Chrome. I am not talking about a toolbar. I am merely talking about a site advisor similar to WOT. But instead of being user based opinions its malware based. Again if 8 top leading antivirus companies can do then so can Eset. Google Chrome has banished 99% of any type of toolars. Avira and Avast put a small "a" next toy Chrome's URL bar to give you a site rating. When you perform a Bing, Yahoo or Google search it gives you a rating in your search results. Bitdefender gives you traffic light. Needless junk is something like what 360 Total Security is doing. A start up manager. A temp file cleaner. A Facebook login. A defragger. Those are examples of programs that do not belong incorporated into an antivirus. Norton 360 is another prime example of that. 

Edited August 21, 2014 by LabVIEW707

[mark.fox7768 0]

My job is testing antivirus software and I tested eset today the way HIPS is setup it doesn't really do anything it didn't block any of the unknown malware I ran,

 

The HIPS is the biggest problem with eset in my opinion and the Advanced Memory Scanner is pretty much useless at blocking unknown malware.

 

Eset have no rules available to us so users will have to change it to learning mode or interactive mode which will keep asking you questions.

 

If you have got some rules they need to be available to the users.

 

 

Please Please Please fix this problem because the way it's setup it doesn't offer effective zero day protection.

[SCR 195]

I don't consider WOT as junk but that's just my opinion. WOT includes public ratings made by people who may have used the site to reflect the trustworthiness of the site as it relates to it's business practices. I find that useful.

 

My feelings about most browser plugins is that once the browser is updated the plugin tends to have problems unless the code of the plugin is updated as well. Considering the blistering pace of the browser release cycle I would think that it would take a lot of Eset's assets to keep the plugin up to date for the myriad of browsers that are in use. This in turn would either increase the cost of Eset or sacrifice protection currently had. If memory serves me correctly Eset tried the plugin route with Thunderbird and discontinued it due to the rapid release cycle.

[Arakasi 549]

I may have been misunderstood in my verbage.

I use several plug-ins in my own browser, Last pass, lightbeam, Adblock pro, etc etc

What i meant to say is that when i see browser extensions coming from a security product i find that stuff junk. They do nothing but weigh things down.

ESET is able to provide protection with any browser without even touching any part of the browser.

And if they did ..... it would require a lot of attention and updating and testing etc just like Aryeh said.

If you want a web site reputation addon, use an alternative, they already exist, so why should ESET make one ?

Edited August 21, 2014 by Arakasi

[planet 232]

One of the main reasons I went to ESET was their superb protection with their efficient software. After trying the majority of competitors, I found that year after year they begun adding more and more 'features' that felt a little unnecessary. So I will more than likely stay with ESET for a long time, as protection and security are the most important things I look for in a security solution, not the extras.

 

Reading recent posts, I can see why a browser plugin or extension would be something that people want, but I already know that Smart Security already protects me with phishing, infected websites, bad downloads, etc. Then there is Parental Control, which also has the ability to block a wide range of categories (eg. I block 'Security & Malware' which includes 'Spam URLs, Parked & For Sale Domains, etc.).

 

So if I do visit any website, I'm protected both on my machine and in the browser, even if I don't see a coloured icon telling me if a site is 'safe' or not, or an ESET logo sitting next to the address bar.

Edited August 21, 2014 by planet

[Arakasi 549]

Well said planet.

In a short sense, its unnecessary.

 

And respectively i dont mean no bad intentions towards labview at all, but since its in the same category of additional features which we have talked about, time and time again, i tend to lash out a bit.

If ESET began to start making Total protection, or gold, or premium, or advanced version etc. The amount of people and user base that would leave ESET services would be phenomenal.

Stock would drop, user subs would drop, things would be utter nutz. ESET will never make a decision that would harm its reputation and do a complete 360, haha 360 total protection.

 

Any additional features that really start to play a major role in security is sought out through partners and other vendors as Aryeh stated.

[SCR 195]

I may have been misunderstood in my verbage.

I use several plug-ins in my own browser, Last pass, lightbeam, Adblock pro, etc etc

What i meant to say is that when i see browser extensions coming from a security product i find that stuff junk. They do nothing but weigh things down.

ESET is able to provide protection with any browser without even touching any part of the browser.

And if they did ..... it would require a lot of attention and updating and testing etc just like Aryeh said.

If you want a web site reputation addon, use an alternative, they already exist, so why should ESET make one ?

There is not a misunderstanding regarding your post, at least not on my part. It was my error to not quote the post I was referring to as well as using the word "junk" rather then "joke".

 

I believe we are singing the same song with different lead instruments. I will endeavor to do better in making it clear what I am responding to in the future.

Edited August 21, 2014 by SCR

[Arakasi 549]

Good post SCR !

[Aryeh Goretsky 386]

Hello,

I simply used Web of Trust as an example of someone who does a reputational toolbar as their core business. As far as I know, all the other companies you mentioned (Avast ... Webroot) make the majority of their money elsewhere.

As I mentioned in my previous post, I had to jump through numerous hoops to get my own personal website reclassified (whitelisted), when my previous employer saw fit to advise everyone that my site was unsafe due to its lack of reputation. Now, I was able to get that cleared up in several days, but it took me several days and I had to to take advantage of some professional courtesies (e.g., the fact that I was a founder of that company as well as someone who currently worked at a competitor) in order to get them to update their database. And I was lucky, I had industry contacts to worth through. If I did not have those backchannels, who knows how many weeks or months it would have taken.

This difficulty in (1) classifying sites properly to begin with; and (2) responding promptly to reclassification requests makes me believe that there is little additional value offered by site advisory services. Am I biased by my own experiences with a false positive alarm and subsequent difficulties getting that fixed? Yes, I certainly am. But, I also cannot help but wonder how difficult it would be for me get things cleared had I not been able to able to use my contacts.

Lots of other companies offer varieties of different services, as a means of providing a layered approach, offering some form product differentiation, or even just performing feature parity for reviewers (i.e., "checkbox compliance"), but that does not necessarily mean that the option, feature or service passes the "works reasonably well" that I think is one of the reasons people choose ESET's software over others in a very crowded, competitive market.

Maybe, one day, ESET will offer some kind of add-on, plugin or toolbar that provides a deterministic form of site advisory reputational data. But given what I've seen so far, I just don't feel this technology currently passes the "works reasonably well" criteria as a whole, industry-wide.

Regards,

Aryeh Goretsky

 

WOT is a joke by the way. It's based on user opinions and not actual malware related facts. Just read some of the comments. You seem to be avoiding the topic in a round about way. Again if all the previous mentioned companies can do it then so can Eset. Its just another layer. And was we all know a layered approach is the best approach. The average user has no idea what live grid is. Most never even open up the main GUI. 

 

FYI..............Thanks for the reply.

Edited August 21, 2014 by Aryeh Goretsky
because Aryeh fails at bbCode.

[LabVIEW707 13]

My job is testing antivirus software and I tested eset today the way HIPS is setup it doesn't really do anything it didn't block any of the unknown malware I ran,

 

The HIPS is the biggest problem with eset in my opinion and the Advanced Memory Scanner is pretty much useless at blocking unknown malware.

 

Eset have no rules available to us so users will have to change it to learning mode or interactive mode which will keep asking you questions.

 

If you have got some rules they need to be available to the users.

 

 

Please Please Please fix this problem because the way it's setup it doesn't offer effective zero day protection.

 

It is not your job. You are a YouTube malware tester like all the others. You test malware in a VM and think you understand everything.

[LabVIEW707 13]

False alarms on web sites are no big deal. If you know the site is safe you can just click the continue button. Not the end of the world. Again if 8 antivirus companies that I listed then Eset can also do it. It is a simple browser add on you guys can make available in the Chrome App store. IT IS NOT DIRECTLY part of Eset. Gezzz. I give up. 

[Arakasi 549]

 

My job is testing antivirus software and I tested eset today the way HIPS is setup it doesn't really do anything it didn't block any of the unknown malware I ran,

 

The HIPS is the biggest problem with eset in my opinion and the Advanced Memory Scanner is pretty much useless at blocking unknown malware.

 

Eset have no rules available to us so users will have to change it to learning mode or interactive mode which will keep asking you questions.

 

If you have got some rules they need to be available to the users.

 

 

Please Please Please fix this problem because the way it's setup it doesn't offer effective zero day protection.

 

It is not your job. You are a YouTube malware tester like all the others. You test malware in a VM and think you understand everything.

 

 

In addition, many things come into play:

1. type of malware

2. language it is written in

3. java installed, flash installed, windows updates applied or none used

4. versions of browsers used if its a web threat

5. are you executing properly

6. are the settings in the products correctly configured

7. are the architecures that the malware is targetting correct

8. are third party platform libraries installed (C++ redist. .net , etc etc)

I could go on and on . . . but its apparent now. . .

[LabVIEW707 13]

I agree with Aryeh.

Since this is a public forum to freely express opinions. Mine is that toolbars and web add-ons, extensions, and the on-going topic of a browser add-on for trust on sites is utter junk and should never be incorporated into ESET's software.

Use an alternative program.

 

Chrome no longer allows 3rd party addons installed remotely. Everything needs to go through the Chrome app store. So again this is NOT something incorporated into Eset. It is an addon in the app store. If users want to use it they can simple visit the app store and download it. WOT is user based opinions. Most from uneducated users. Just read the replies. "I don't like this website. After submitting my email the spammed me.". Well that's why you do not user your real email address for stuff like that. 

[Arakasi 549]

False alarms on web sites are no big deal. If you know the site is safe you can just click the continue button. Not the end of the world. Again if 8 antivirus companies that I listed then Eset can also do it. It is a simple browser add on you guys can make available in the Chrome App store. IT IS NOT DIRECTLY part of Eset. Gezzz. I give up. 

 

Hello,

Which 8 anti virus companies ? Please list them, i would love to clarify and reflect on the chosen as well as their comparison to ESET and whether are not i find them personally decent products.

This of course is a request, not a demand, you dont have to, but to continue the conversation to the next level would be enjoyable, and i dont want you to feel we are cutting you off.

A suggestion is simply that, a suggestion; and we love to talk about them here round and round. Please include vendor and the addon/extension name for research

Edited August 22, 2014 by Arakasi

[LabVIEW707 13]

Read my post please. And I have used all of them including others. 

 

https://forum.eset.com/topic/51-future-changes-to-eset-smart-security/?p=17762

Edited August 22, 2014 by LabVIEW707

[Arakasi 549]

Read my post please. And I have used all of them including others. 

 

https://forum.eset.com/topic/51-future-changes-to-eset-smart-security/?p=17762

 

Just vendor names.

Do you have the corresponding tool / addon to list with them you are referring to ?

Ex: I think AVG's is AVG Secure Search ?? Am i right ? What of the rest...

[LabVIEW707 13]

In my post I clearly listed all 8 companies. I copied and pasted them from my post #267

 

1. Avast

2. Norton

3. Avira

4. Bitdefender

5. Kaspersky

6. McAfee

7. Webroot

8. AVG

 

Here is Avast's. It also has a DNT feature.

 

https://chrome.google.com/webstore/detail/avast-online-security/gomekmidlodglbbmalcneegieacbdmki?utm_source=chrome-ntp-icon

 

Here is Avira's

 

https://chrome.google.com/webstore/detail/avira-browser-safety/flliilndjeohchalpbbcdekjklbdgfkk?utm_source=chrome-ntp-icon

Edited August 22, 2014 by LabVIEW707

[Arakasi 549]

Okay, well so far, i only have this to say, even though i still plan to research the individual addons.

I don't use Google chrome, and i never will. My cousin works there and i know a high amount of the inner workings.

ESET can't target only chrome users. It's unfair.