Hello!

I found this in Event log: Time Module Event User
8.4.2005 21:12:13 Kernel Statistical information has been sent to Eset.

I like to see data that was sent to ESET. Where can i see what was sent to ESET?

Could someone from ESET post here data that was sent to ESET?

Best regards,

izi

PS: I turn off this, because i don't know was sent to ESET!!

The Bidirectional Early Warning System has a single purpose - to improve the protection that we can offer you, our customer. The best way to ensure that we see new threats as soon as they appear is to "link" to as many of our customers as possible and use them as our Threat Scouts. There are two options:


1. You can decide not to enable Early Warning System. You won't lose any functionality in the software, and you'll still get the best protection that we can offer.


2. You can enable Early Warning System to submit information about new threats, and where the new threatening code is contained in a file, the whole file can be sent to Eset for detailed analysis. Studying these threats will help Eset update its threat detection capabilities. Early Warning System will collect information about your computer related to newly detected threats, which may include a sample or copy of the file in which the threat appeared, the path to that file, its filename, information about the date and time, the process by which the threat appeared on your computer and information about your computer's operating system. Some of this information may include personal information about the user of the computer, for instance usernames in the path etc.

While there is a chance that on occasion this may disclose some information about you or your computer to our threat lab at Eset, our intention is not to gather that information for any other purpose than to ensure that we can respond immediately to new threats. We're telling you this up-front, and you have several options so you can be sure that we take your privacy very seriously.


By default NOD32 is set to ask you if you'd like to submit the suspicious file for detailed analysis to Eset's threat lab. Furthermore files with certain extensions like .doc or .xls are always excluded from having their contents included, should a threat be detected in them. You can add other extensions so that if there are files that you or your company wants to particularly avoid ever sending, you may be sure they will be untouched.

We hope that you will help us better protect your computers by using the Early Warning System Technology and be a part of making the Internet a safer place.

Thanks Marcos!

Is it possible to post here (or send me private message) one information without personal information? I like to see information which was sent to ESET.

Best regards,

izi

I really don't know what was submitted from your machine - as stated in the privacy statement, the data sent is fully anonymous so I'm unable to figure out what exact information was sent out from your machine. All I could tell was already mentioned above.

Prevx uses a similar early warning system that also sends anonymous information regarding threats discovered on their users machines…

Hope this helps...

Cheers ;D

{QUOTE-> I really don't know what was submitted from your machine - as stated in the privacy statement, the data sent is fully anonymous so I'm unable to figure out what exact information was sent out from your machine. All I could tell was already mentioned above. <-QUOTE}

Could you post any other information without personal information. I really like to see one file with information.

Best regards,

izi

I don't understand what exactly you want. All I can see is something like http://www.virus-radar.com. From this information, I cannot tell who sent a particular email as the virus radar only gathers information about the threat name and the time.

{QUOTE-> I don't understand what exactly you want. <-QUOTE}Izi would just like to see a sample of what Eset receives through the EWS.

Cheers ;D

All has been said - the information gathered is shown similarly as on Virus radar. There's no personal info as mentioned in the privacy statement.

{QUOTE-> Izi would just like to see a sample of what Eset receives through the EWS.

Cheers ;D <-QUOTE}

Thanks Blackspear!

{QUOTE->
All has been said - the information gathered is shown similarly as on Virus radar. There's no personal info as mentioned in the privacy statement. <-QUOTE}

I turn off EWS because i don't like spyware an my computer!!!

Best regards,

izi

Turning on Early Warning System is optional. If you mind it, you can turn it off. However, the more customers use it, the more quickly Eset can react to potential threats. According to your premsse, Windows as well as many other software must be spyware as well.

{QUOTE-> Turning on Early Warning System is optional. If you mind it, you can turn it off. However, the more customers use it, the more quickly Eset can react to potential threats. According to your premsse, Windows as well as many other software must be spyware as well. <-QUOTE}

In Error reporting (Windows XP) you could see what information is sent to Microsoft.



If you update Windows, Microsoft collect some information from computer, but i don't like this. :-(

izi,

{QUOTE-> I turn off EWS because i don't like spyware an my computer!!! <-QUOTE}

Both by defenition and the straight forward opt out option, this doesn't even come close to spyware. Just disable it - that button is there for good reasons.

regards,

paul

{QUOTE-> izi,



Both by defenition and the straight forward opt out option, this doesn't even come close to spyware. Just disable it - that button is there for good reasons.

regards,

paul <-QUOTE}

If EWS isn't spyware, why ESET doesn't show sample what ESET receives through the EWS.

Paul, how could you know what is received through EWS?

Spyware is a class of malicious programs which includes any program that collects and tranmits information about a computer system without the implicit consent of the owner.
(http://www.viruslist.com)

Best regards,

izi

izi,

Have a look at a general definiton from spyware over here (http://www.webopedia.com/TERM/s/spyware.html). Surely EWS does not fit in this category by far.

I'm jumping in here only to correct any spyware/NOD32 relationship: there's no such thing.

regards,

paul

{QUOTE-> izi,

Have a look at a general definiton from spyware over here (http://www.webopedia.com/TERM/s/spyware.html). Surely EWS does not fit in this category by far.

I'm jumping in here only to correct any spyware/NOD32 relationship: there's no such thing.

regards,

paul <-QUOTE}

'Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else....' - that is EWS.

{QUOTE-> Some of this information may include personal information about the user of the computer, for instance usernames in the path etc.
<-QUOTE}

Should I say more...

{QUOTE-> 'Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else....' - that is EWS.



Should I say more... <-QUOTE}izi,

Actually, yes, you should say more. The facility in NOD32 is provided with full dislosure to the user and allows the user to very easily disable this facility without any negative impact on the functionality of the application.

To label this facility as spyware is incorrect to say the least.

Blue

izi,

Please read closely. Line one:

{QUOTE-> Any software that covertly gathers user information through the user's Internet connection without his or her knowledge <-QUOTE}.

Since we all know this isn't the case here - an one is free to disable this function right from the start, EWS does not classify as spyware.

regards,

paul

Maybe spyware isn't right word. Trojan spy is better.

Read here:
http://www.viruslist.com/en/weblog?weblogid=160148863

Best regards,

izi

{QUOTE-> izi,

Please read closely. Line one:

.

Since we all know this isn't the case here - an one is free to disable this function right from the start, EWS does not classify as spyware.

regards,

paul <-QUOTE}

I don't know what really sent to ESET (my email address, credit card number, password for emails, etc.).

Best regards,

izi

izi,

No offense intented, but you're missing the crux completely. I won't bother to repeat myself over and over, since all has been said and is very plain for all to see.

regards,

paul

I only want to see sample of what ESET receives through the EWS.

If i can't see what is in this so called Statistical information, for me it's trojan.


Best regards,

izi

{QUOTE-> I don't know what really sent to ESET (my email address, credit card number, password for emails, etc.). <-QUOTE}Hi Izi, other than virus information I very much doubt that there will be any other data transmitted. The Eset representative Marcos has stated that at this point what is actually transmitted to Eset will not be disclosed, and really nothing further can be said. I understand that you would like to know exactly what is transmitted to Eset, as in seeing an example, and maybe in time this will be provided.

For now this thread is really going nowhere and it's time to leave things be.

Cheers.

{QUOTE-> Hi Izi, other than virus information I very much doubt that there will be any other data transmitted. The Eset representative Marcos has stated that at this point what is actually transmitted to Eset will not be disclosed, and really nothing further can be said. I understand that you would like to know exactly what is transmitted to Eset, as in seeing an example, and maybe in time this will be provided.

For now this thread is really going nowhere and it's time to leave things be.

Cheers. <-QUOTE}

I know (hope) that ESET doesn't collect any other information but, i only like to see Statistical information. That's all folks!!!

Best regards,

izi

The help file gives some info.

You can enable Early Warning System to submit anonymous information about new threats, and where the new threatening code is contained in a file, the whole file can be sent to Eset for detailed analysis. Studying these threats will help Eset update its threat detection capabilities. Early Warning System will collect information about your computer related to newly detected threats, which may include a sample or copy of the file in which the threat appeared, the path to that file, its filename, information about the date and time, the process by which the threat appeared on your computer and information about your computer's operating system. Some of this information may include personal information about the user of the computer, for instance usernames in the path etc.

While there is a chance that on occasion this may disclose some information about you or your computer to our threat lab at Eset, our intention is not to gather that information for any other purpose than to ensure that we can respond immediately to new threats. We're telling you this up-front, and you have several options so you can be sure that we take your privacy very seriously.


By default NOD32 is set to ask you if you'd like to submit the suspicious file for detailed analysis to Eset's threat lab. Furthermore files with certain extensions like .doc or .xls are always excluded from having their contents included, should a threat be detected in them. You can add other extensions so that if there are files that you or your company wants to particularly avoid ever sending, you may be sure they will be untouched.

For anyone else still wondering after reading this thread (like I was till I realised the main point)

{QUOTE-> ...
By default NOD32 is set to ask you if you'd like to submit the suspicious file for detailed analysis to Eset's threat lab.
... <-QUOTE}
I can only get an entry in my log like the one described elsewhere in this thread if :-

1. I say OK when asked to submit info.

OR

2. I manually change the setting to send the information without further confirmation.

Either way I have been made fully aware that information is going to be communicated and I actively choose to take part in it. In fact I've removed all filters so that if theres a file detected that may help ESET further improve NOD32 then it can be sent regardless of if it is a .doc file or whatever.
Thankyou ESET for your concern for my privacy. I trust you.

{QUOTE-> Thankyou ESET for your concern for my privacy. I trust you. <-QUOTE}
NOD32 User, I fully agree. After all an AV is like a shield - and who would buy a shield from a blacksmith when he thinks the smith included a hole in it? As for me I lay my truth both in the shield and the smith. ;)
Though I see Izi's point, and it would be nice to see a report, I don't fear that Eset intrudes my privacy.

Regards,
SA

Izi - and you believe that shown texts?

Application can shows you "Can I send >this<?" and will send ">this< and that and one credit card as bonus - and user IP is detected by server of course"...

For those inquiring about the statistical data transmitted to Eset, here is an example of a statistical package. There's really nothing confidential in the data so we highly recommend that you leave the submission of statistical information enabled, which will help us provide you, our clients, with immediate reaction to the most prevalent threats.

# version=1
# utc_time=2005-04-02 19:46:50
# local_time=2005-04-02 21:46:50 (+0100, Central Europe Standard Time)
# utc_time_from=2005-04-02 18:59:11
# utc_time_to=2005-04-02 19:46:50
# country="Slovakia"
# language="ENGLISH"
# osver=5.1.2600 NT Service Pack 2
# engine=5417
# components=2.50.2
2005-04-02 18: moduleid=4e4f4d41 virus="~OK" count=426
2005-04-02 18: moduleid=484f4d49 virus="~OK" count=1
2005-04-02 19: moduleid=4e4f4d41 virus="@INFECT=inf@TYPE=Trojan@NAME=Win32/TrojanDownloader.Small.NBX@CLN=BAA" count=2
2005-04-02 19: moduleid=4e4f4d41 virus="~OK" count=2202
2005-04-02 19: moduleid=484f4d49 virus="~OK" count=482

{QUOTE-> For those inquiring about the statistical data transmitted to Eset, here is an example of a statistical package. There's really nothing confidential in the data so we highly recommend that you leave the submission of statistical information enabled, which will help us provide you, our clients, with immediate reaction to the most prevalent threats.

# version=1
# utc_time=2005-04-02 19:46:50
# local_time=2005-04-02 21:46:50 (+0100, Central Europe Standard Time)
# utc_time_from=2005-04-02 18:59:11
# utc_time_to=2005-04-02 19:46:50
# country="Slovakia"
# language="ENGLISH"
# osver=5.1.2600 NT Service Pack 2
# engine=5417
# components=2.50.2
2005-04-02 18: moduleid=4e4f4d41 virus="~OK" count=426
2005-04-02 18: moduleid=484f4d49 virus="~OK" count=1
2005-04-02 19: moduleid=4e4f4d41 virus="@INFECT=inf@TYPE=Trojan@NAME=Win32/TrojanDownloader.Small.NBX@CLN=BAA" count=2
2005-04-02 19: moduleid=4e4f4d41 virus="~OK" count=2202
2005-04-02 19: moduleid=484f4d49 virus="~OK" count=482 <-QUOTE}

Thanks Marcos!

Best regards,

izi

@Marcos or anyone else

Does the "Early Warning System" also send statical information about infected websites? I just wondering if that is how the "website access blocking" database/list gets updated.

Hi, Marcos

{QUOTE-> Turning on Early Warning System is optional. <-QUOTE}
May be so.

But that does not stop it sending Information.

I have Suspicious files Never Submit, unchecked


I also have Statistics Enable submission of anonymous statistical Information, unchecked

Which in turn automatically, unchecks Enable Early Warning Sytem.

Yet the Log shows:- Statistcal Information has been sent to Eset.

No real big deal to me, but what is meant to be optional is plainly not working on my system. [please test on yours to see]

The only worry is the personal Information it might be sending, because it is not doing as you say it should be.

Take Care,
TheQuest 8)

Can someone tell me what 'port' E.W.S. uses
thank you

{QUOTE-> Can someone tell me what 'port' E.W.S. uses
thank you <-QUOTE}

My last two sends of statistical information went via ports 1055/1057 and 1268/1270

Just to add I am completely relaxed about the EWS, which as fas as I am concerned seems entirely beneficial to me as an end user. If I didn't trust Eset, I wouldn't be using NOD32.

Hi, Someone or Other.

Could anybody tell me if the new 2.50.7 Beta is still send information when it is meant to be stopped [optional], as in my post above #32.

The reason I ask is because Marcos has not answered my question to Him, so I have had to go back to Build 2.12.3 [no Spying].

Spying may seem a harsh word but if it can not be turn off [optional] as stated what other word to use, may be it is a little Bug, but still a worry that a Bug sends Information that it should not be sending.

Paul says in Post #13 by definition it is not spyware because of the opt out option and can be disabled, well it could not be disabled.

No Insult meant to you Paul.

Take Care,
TheQuest 8)

The answer can be found in NOD32's help file:

Note:

After disabling Early Warning System, the files that have already been confirmed for submission may still be submitted at a later time.

This regards statistical packages as well.

Hi, Marcos

Thank you for your quick reply this time.

{QUOTE->
After disabling Early Warning System, the files that have already been confirmed for submission may still be submitted at a later time. <-QUOTE}
But it sent information every time it did an update, why was it sending data [information] every time, from your quote above it should send the data once after disabling.

Or am I misunderstanding something somewhere.

Take Care,
TheQuest 8)

No, the data is never sent all at once if there is a huge amount of collected data.

Hi, Marcos

{QUOTE-> No, the data is never sent all at once if there is a huge amount of collected data (e.g. if NOD32 has collected a bunch of suspicious files). <-QUOTE}
I can not understand how that could happen? because I only Installed a clean OS on the 15_2_05. what could it possiblely be collecting.

And I also have a 2.2Mbps connection so the data [out] should go once, am I wrong.

I will try the latest beta when I get back to my own system.

Take Care,
TheQuest 8)

Hi, Marcos

You edited your post from:-

{QUOTE-> No, the data is never sent all at once if there is a huge amount of collected data (e.g. if NOD32 has collected a bunch of suspicious files). <-QUOTE}
To:-
{QUOTE-> No, the data is never sent all at once if there is a huge amount of collected data. <-QUOTE}
Any reason.

Take Care,
TheQuest 8)

Hi, Marcos

Have it sorted now with 2.50.7 Beta, the opt out option[s] are now working.

Thank you very much once again for your time.

Take Care,
TheQuest 8)

Once again, a question from those of us with lots of users scattered all over the place... ;)

During the upgrade from 2.12.x to 2.5.x, is there a way to suppress the opening questions about the Early Warning System? I really don't want my users to have to figure out how to answer these. I know that once they're updated and reboot, the first pull of the XML file will set things the way I want them, but I don't want them to have to click on anything when it first comes up.

I can accomplish this by pushing a registry file down prior to the upgrade, but it would be preferable to have the upgrade read the new version of the XML mirror file (with my preferred settings) during the upgrade process.

As many said before, ThreatSense.net isn't a spyware or something like that.
Look at the help files, I found the following:

Example of file information submitted

# utc_time=2005-04-14 07:21:28
# country="Slovakia"
# language="ENGLISH"
# osver=5.1.2600 NT
# engine=5417
# components=2.50.2
# moduleid=0x4e4f4d41
# filesize=28368
# filename=C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C14J8NS7\rdgFR1463[1].exe

{QUOTE-> Thanks Marcos!

Is it possible to post here (or send me private message) one information without personal information? I like to see information which was sent to ESET.

Best regards,

izi <-QUOTE}

Ops, sorry, I didn't realized that Marcos posted this info before :o

{QUOTE-> As many said before, ThreatSense.net isn't a spyware or something like that.
Look at the help files, I found the following:

Example of file information submitted

# utc_time=2005-04-14 07:21:28
# country="Slovakia"
# language="ENGLISH"
# osver=5.1.2600 NT
# engine=5417
# components=2.50.2
# moduleid=0x4e4f4d41
# filesize=28368
# filename=C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C14J8NS7\rdgFR1463[1].exe <-QUOTE}

I like to see for every sent data to ESET in my Logs. I turn off ThreatSense.net.