Cloud Website real-time reputation systems

Discussion in 'ESET NOD32 Antivirus' started by bradtech, Sep 30, 2009.

Thread Status:
Not open for further replies.
  1. bradtech

    bradtech Guest

    Would be nice to have some kind of URL reputation system built in with NOD32 which set on a cloud such as Mcafee/Artemis/Trend Micro products do, and collect information on malware sites to block access to. It seems to have benefited detection rates, and response times to threats for those companies.. Is ESET looking into these technologies, and incorporating them into their product versions in the future? Eliminating the possibility of being downloaded would be nice for your customers who may lack a good websense solution..
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    ThreatSense.Net collects information about url's with malware which are subsequently added to blacklist.
     
  3. bradtech

    bradtech Guest

    Yes, I was aware of ThreatSense.net and I do have all our clients submitting information to it. What I am referring to is a kind of always on reputation system where clients stay connected in reporting real time. Reputation-based detection has become an important new area for antivirus vendors, as criminals have become expert at jumbling up their malicious software so that digital signatures no longer work, and even some from what I have read change for each visitor that visits the site. I'd like to see something that reports How long has the program been around? Where did it come from? How many people use it? Have ThreatSense.net look into the cloud, and supply this information, and allow us as Administrators to block based on a certain rating system.

    This isn't a criticism of ESET in any way, I just have ideals that I would like to see implemented that seem to really be improving detection for other Vendors. I've been an avid ESET advocator, and still am. This zero day drive by malware site stuff is a very big concern for us, and right now our hands are tied financially but we do have ESET.
     
  4. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    maybe on next version ESET will have something like that :D
     
  5. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    Sure, as if there weren't enough people tracking your every move, we can now have AV vendors tracking every single web site we visit, bogging down my connection even more to do it. Any modern web browser has a phishing filter already. I can't see this "cloud" marketing gimmick adding any value to anything I am using currently.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We already receive all necessary information via ThreatSense.Net and can make rules for blacklisting urls based on the analysis of the data we receive about malware. There's no need to reinvent the wheel. You wrote "...collect information on malware sites to block access to. It seems to have benefited detection rates, and response times to threats for those companie". This is what ThreatSense.Net has been doing for years and thus helped improve blacklisting of sites hosting malware as well as create better generic signatures covering not yet known malware. We really don't want to spy people and gather information about every site they visit. If a user opens a dodgy site with malware it's likely that access to it will be blocked by web protection.
     
  7. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    Thanks for the explanation Marcos. I am more than happy with the way things work now, and don't see any reason for it to change to follow the marketing gimmicks of other companies. :thumb:
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd like to emphasize that we're not denying useful proposals that might contribute to better protection in the future, but the current system for gathering information about dodgy sites is more than sufficient, providing additional reserves that we can take advantage of in the future as malware develops. Every proposal for improving the program and thus your security, too, is welcome. ESET has always listened to their customers and has implemented a lot of features based on their demands.
     
  9. bradtech

    bradtech Guest

    Thank you, I believe threatsense is very effective.. I just saw some features I'd like to see in the future :) Having some kind of cloud data to block bad files based on reputation may be quicker than having to develop a signature and push it out. :)
     
Thread Status:
Not open for further replies.