In weekends 1~2 Virus signature database updates?

In weekday ESET NOD32 Antivirus gets usually 4~5 virus signature database updates a day
but usually 1~2 in weekends. Why? because it's weekends?

Of course I believe that ESET will do necessary virus signature database updates in anytime if a important threat emerges
but this update cycle is very obvious.

 

That's the problem with that? It's pretty normal that not all employees work during weekends, nevertheless newly discovered threats are always covered pretty well.

 

I would agree with Marcos, no one works 24 by 7 | 365. This is an oft-discussed subject on the ESET Board. There may and will possibly be fewer virus signatures over a given weekend compared to the amount released during the week, this does not mean your protection from live threats is diminished.

 

siljaline,
Of course No one works 24 by 7 | 365days and must not working like that.
You are making a turning point because I'm not talking about Full-time ESET employees' maximum working hours.
I'm not interested in Full-time ESET employees' Maximum working hours and I'm not asking they must work 24 by 7 | 365days
Maybe ESET has rotating shift schedule. Maybe ESET has an automation of malware processing...and so on.

4~5 virus signature database updates a day? maybe ESET did this because they need to do for good(?) protection level.
1~2 updates for good protection? These days I doubt that.
Tons of malwares are produced a day. I don't think that malware writers really care about weekday and weekend
Evidence is that ESET's virus signature database update cycle in weekday.

Now I understand why fewer virus signature database updates in weekends from Marcos's explanation. "not all employees work during weekends"
OK. I got it.

 

At the same time, it's also true what siljaline wrote: "this does not mean your protection from live threats is diminished". I check the situation during weekends and all malware that should be processed is actually processed and detection is added. Also not every vendor releases updates as frequently as ESET does and I reckon there are vendors who don't release any updates during weekends at all.

 

Another driving factor is the revenue stream. Mainly, where is the main revenue from? is it personal or business enterprise.
If personal then weekends play a role if business then weekdays play a role.
In the end $$$ matters.

 

Just to add my own personal experience, from today actually (a Saturday).

While I was browsing I picked up some ransom malware which locked my screen with a 'purchase the release code and enter to free your computer' message. This is the first time something has sneaked past NOD for me in the many years I have used it.

Anyway, I booted into safe mode and cleared this off with Malwarebytes. I then submitted the sample to Eset via email. I received a reply back from the support team within the hour thanking me for the sample and that it would be added to the next signature update. Sure enough, NOD updated and the file was picked up and quarantined.

Very impressive and one of the many reasons I'm still a customer.

 

marcos and siljaline were referring to the virus creators not eset team...and i really don`t understand what`s the point of this thread..as long as you are protected why does it matter to you how many virus databases are released in a day??

 

I believe the point is that these days, many viruses can and have slipped past ESET's detection engines - heuristics don't catch everything, signatures (specific and generic) - are still important... customers see less updates and have a perception that the protection level isn't *as* great when less updates get pushed out.

As several have mentioned - virus creators work 24x7 - if they have ANY idea that the weekend means less staff to analyze threats, when why wouldn't they release their newest and "best" creations to walk right past move AV engines on the weekends?

I know I would if I was in that cat-and-mouse game - wouldn't you??

The fake AV ransomwares have had a pretty good run at walking past most AVs recently - we've probably all seen them - and unless something changes, seeing less updates on a weekend makes the consumers FEEL LESS SECURE - and confidence in the product is a big part of the decision to renew the license.

we have over X,000's and X,000's of renewal customers (we started selling ESET 9 years ago) - the loyalty is strong - but it isn't getting STRONGER in our experience - as the economy gets tougher in the US/Canada - people are being more careful with their $$$ spend... and that means we've seen a number of customer move off to cheaper products (freebies, vipre, MSE) - anything that can be done to improve the customer PERCEPTION of the solid product and a solid company, SHOULD be done.

I don't know how big the team is that produce signature updates - we know some signatures get pushed out on the weekend - but if some don't, then that adds to the perception of a window of opportunity for the AV writers - and a window of exposure for the paying AV customer (no matter which product we're talking about).

A solution would be to have the signature team work split weeks - if that means half the team working Mon-Fri - ad the other half working Wed-Sun - it should be done in my opinion.

Another way would be split the team in 3:

1 part works Mon-Fri
another part works: Tue-Sat
another part works Wed-Sun

equalizing the coverage of staff would in theory equalize the signatures - which is PERCEIVED to minimize the threat window for zero-day outbreaks or new threats, or new variants.

I refuse to believe there are less threats on the weekend - it would make ZERO sense - saying that signatures coming out on Monday that could have come out on Sunday or Saturday just *has* to be a window of opportunity for threats to get past the security software.

We all no that no AV is 100% - this is why we're recommending that customers in business put in a 2nd layer - a gateway server - and sorry, we recommend a 2nd engine... if they have Symantec on the desktop - use ESET on the gateway - if they use ESET on the desktops/servers - use something else that is top-quality on the gateway. It is just common sense to have a different threat scanning engine on that 2nd level of detection from the first - they both look for the threat, but they do so in a different way and if the 1 engine fails - HOPEFULLY, the 2nd engine detects... again - no guarantees.

 

It is good that you were able to fix your own issue and submit the threat - most purchasers don't have a clue how to reboot into safe-mode... unfortunately... the ransomwares we're seeing now are able to walk right past most AVs in many cases - it is the most common threat type that we see that defeats ESET protection, even walking right past v6 as you saw... earlier versions also (of course).

I know the team in the threat-labs do an excellent job - ESET is still our primary product we sell and recommend - but anything that can be done to improve the product should be done in my opinion. Equal levels of threat-lab staffing 7 days a week is something that CAN be done... again - imo. Almost every large company data-center I've visited in the 25 years of IT - has 24x7 staffing - these days, our hosting and card processing providers all have staff round the clock - perhaps ESET does also -but when threat signature updates slow down - the only logical inference is that less staff pushing out less updates - the next step is "less protection" - it's not an illogical leap....

 

Speaking about rogue AVs, I, for one, haven't seen a single variant in the last months that was completely undetected. According to my observation, other companies add detections with a delay of several hours or even days. What's more, ESET has a strong protection against rogue AVs and even if a new unrecognized variant manages to run it should be removed after the next computer restart. I'd welcome if you could share a different experience which I don't expect to happen at all.
Yesterday more than 250 signatures were made which is close to the number of signatures made during a work day.

 

Does the FBI ransomware count?

I submitted a ticket and involved US support with an FBI ransomware only a few weeks ago - I cleaned up the threat - had ESET US support do a 2nd look (I had got it stopped) - US Support took the sample - so YES, I have seen ransomware walk right past 5.2.9.

 

Ok, I misread your post and thought that you were referring to fake (rogue) av. As for ransomware, new unrecognized variants are added as soon as we receive them, regardless of the day of week.

 

I uploaded the .exe file to VirusTotal and it was only detected by 4 of the 46 scanners, and then 5 when Eset added it shortly after I submitted it. So I'm guessing this was a new variant.

 

I have no doubt that ESET continues to work diligently to improve everything about detection from an heuristic level - I just think that there is a PERCEPTION - rightly, or wrongly - that weekends have less resources thrown at them - while that is NOT the case from the malware producers.

 

ESET also has an eager Team of analysts ready to read your submitted issue ticket.
Scratches head, wondering why | how original post, became, (surely) not because of an insufficient number of virus signature updates on weekends.

 

If you come across an undetected piece of malware you can submit it at any time and it will be processed as soon as possible no matter what day it is. Weekends have no effect on adding detections.