Cloud Website real-time reputation systems

Would be nice to have some kind of URL reputation system built in with NOD32 which set on a cloud such as Mcafee/Artemis/Trend Micro products do, and collect information on malware sites to block access to. It seems to have benefited detection rates, and response times to threats for those companies.. Is ESET looking into these technologies, and incorporating them into their product versions in the future? Eliminating the possibility of being downloaded would be nice for your customers who may lack a good websense solution..

 

ThreatSense.Net collects information about url's with malware which are subsequently added to blacklist.

 

Yes, I was aware of ThreatSense.net and I do have all our clients submitting information to it. What I am referring to is a kind of always on reputation system where clients stay connected in reporting real time. Reputation-based detection has become an important new area for antivirus vendors, as criminals have become expert at jumbling up their malicious software so that digital signatures no longer work, and even some from what I have read change for each visitor that visits the site. I'd like to see something that reports How long has the program been around? Where did it come from? How many people use it? Have ThreatSense.net look into the cloud, and supply this information, and allow us as Administrators to block based on a certain rating system.

This isn't a criticism of ESET in any way, I just have ideals that I would like to see implemented that seem to really be improving detection for other Vendors. I've been an avid ESET advocator, and still am. This zero day drive by malware site stuff is a very big concern for us, and right now our hands are tied financially but we do have ESET.

 

maybe on next version ESET will have something like that

 

Sure, as if there weren't enough people tracking your every move, we can now have AV vendors tracking every single web site we visit, bogging down my connection even more to do it. Any modern web browser has a phishing filter already. I can't see this "cloud" marketing gimmick adding any value to anything I am using currently.

 

We already receive all necessary information via ThreatSense.Net and can make rules for blacklisting urls based on the analysis of the data we receive about malware. There's no need to reinvent the wheel. You wrote "...collect information on malware sites to block access to. It seems to have benefited detection rates, and response times to threats for those companie". This is what ThreatSense.Net has been doing for years and thus helped improve blacklisting of sites hosting malware as well as create better generic signatures covering not yet known malware. We really don't want to spy people and gather information about every site they visit. If a user opens a dodgy site with malware it's likely that access to it will be blocked by web protection.

 

Thanks for the explanation Marcos. I am more than happy with the way things work now, and don't see any reason for it to change to follow the marketing gimmicks of other companies.

 

I'd like to emphasize that we're not denying useful proposals that might contribute to better protection in the future, but the current system for gathering information about dodgy sites is more than sufficient, providing additional reserves that we can take advantage of in the future as malware develops. Every proposal for improving the program and thus your security, too, is welcome. ESET has always listened to their customers and has implemented a lot of features based on their demands.

 

Thank you, I believe threatsense is very effective.. I just saw some features I'd like to see in the future Having some kind of cloud data to block bad files based on reputation may be quicker than having to develop a signature and push it out.