zero day protection

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by piranha, Aug 12, 2011.

Thread Status:
Not open for further replies.
  1. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    will v5 be better for zero day protection and why ?

    Some others AV have sandboxing. What will be better in TheatSense in v5 to compete with that ?

    In fact, I dont like NOD32 getting less than Adv+ award in new Whole Product Dynamic "Real World" Test by av-comparatives. We expect in more of our favourite antivirus.

    thanks
     
    Last edited: Aug 12, 2011
  2. rekun

    rekun Registered Member

    Joined:
    Jun 11, 2007
    Posts:
    89
    Re: zero day

    The HIPS feature of Eset v5 should provide better zero day protection
     
  3. vigen

    vigen Registered Member

    Joined:
    Mar 28, 2011
    Posts:
    60
    Not with this default settings...in this time...Perhaps with news default settings...
     
  4. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    I think ESET will protect our digital worlds in a more effective way using the cloud.
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Cloud-definitions isn't as effective for 0days as sandboxing, even cloud-definitions will always be behind and never complete.
     
  6. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    i talked about this before, the cloud must be seen as a tool, not as a replacement for traditional methods. Actually the ThreatSense engine offers excellent protection for unknown threats by using generic signatures and heuristics.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I'm saying that cloud-based definitions aren't 0day protection. Cloud-based heuristics is different.
     
  8. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    When i say "using the cloud", im not refering to a subset of the cloud services as "definitions/heuristics-in-the-cloud" are.
    Thats why im saying the cloud must be seen as a tool for increasing detection rates, not as a replacement.
    Hope you understand.
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I don't.
     
  10. rekun

    rekun Registered Member

    Joined:
    Jun 11, 2007
    Posts:
    89
    According to Marcros, the hips already have rules set up in the default mode. However these are not visible to the user. This will be will be improved futher by module updates.

    The zero day protection is constanly improved by module updates. Eset does not need to release a new of its software to improve the mechanisms that provide zero day protection.

    The cloud will not give any better zero day protection. It is only used by Eset to detect threats faster.
     
  11. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Cloud is not a method. It's a place.

    Cloud-based heuristics will help with 0day threats. Cloud-based definitions won't... not really at least, they'll just get you definitions sooner.
     
  12. rekun

    rekun Registered Member

    Joined:
    Jun 11, 2007
    Posts:
    89
    Do you have any proof that ESS/EAV 5 have cloud based heuristics?

    As far as I know, there isn't any detection in the cloud. It is just used by Eset to detect new threats and protection will be provided in the next definition update.
     
  13. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    IMO yes it can with the combo of Advanced heuristics,active filter mode browser - internet facing apps but has to be configured from the default passive mode.Add to the mix of hips and cloud technology it should do way better then v4.just my 2 cents for what its worth.
     
    Last edited: Aug 12, 2011
  14. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    what are the advantages over local signatures and heuristics, if they still need development, which is a time consuming process?
    Cloud Black/white listing , no.

    In the past, the cloud was used for faster reaction to new threats discovered by the core ThreatSense engine.
    Now with the added reputation services, file classification/priority should result in a faster discovering of new threats, and with the filtering of whitelisted files, even faster.

    Blacklisting is not performed yet, but i think that can prevent infections before the release of a signature update.
    Even it can be used for blacklisting zoo malware, which then can be blocked through generic signatures.
     
    Last edited: Aug 13, 2011
  15. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    I hope to read Marcos about zero day protection :shifty: :rolleyes:
     
  16. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Since cloud-heuristics will require some time and some users before a file can be flagged as suspicious by its reputation, you cannot expect proactive protection from it.

    True proactive methods will protect you from suspicious behavior in no time.
     
    Last edited: Sep 7, 2011
  17. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    First of all ...the HIPS of Eset got to be more modern, like the HIPS of Comodo(or Kaspersky).Hi got to work inteligently and not asking me 1000 questions.
    The Hips of Eset is the hips of Comodo Version 2 :mad:
     
    Last edited: Sep 7, 2011
  18. Matthijs5nl

    Matthijs5nl Guest

    Marcos already said that ESET will not copycat Norton's way of using file reputation (basically blocking new, unknown files), which is the right direct in my eyes. If you look at how all the different vendors try to improve zero-day protection, you will see that there are two directions: 1. intrusion prevention systems, or 2. sandboxing. I am happy ESET's choice for intrusion prevention.
    My guess is, that over time, reputation data will be used to enhance the HIPS in automatic mode.

    (Most examples of cloud-based security solutions which we have seen till now, are focused on decreasing reaction times, not improving proactive protection.)
     
  19. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Time will tell what is the purpose of ESET's IPS.
     
  20. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    Hips in automatic mode got to block intelligently and not allow.
    For the very average users (who want to give the rolls to all)interactive mode is good now.

    ....p.s.Hips is something new for Eset but in this Internet war Eset got to be on the top,becouse there no havent a new version still 2 y.
    If is not on the top people go and chouse another product.
     
  21. Matthijs5nl

    Matthijs5nl Guest

    What the heck. Interactive mode throws a pop up at you at nearly all system modifications.
     
  22. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    Is much ...for this reason i do not like the new version.Is not ready yet.
     
  23. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Really I dont consider on-execution technologies too much different from dynamic analysis performed by advanced heuristics. :D
     
  24. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    Most of Security product look to make money and put on the market bad version.
    Yesterday Avast put the new release 6.xxxx.27 and after 2h put another one....29.
    That is shame.

    ....p.s.We can do nothing ,Eset 5 Final is here(in France is on the market on 19.09 ready for sell)
    We can wait and hope for changes or chouse another product.
     
    Last edited: Sep 8, 2011
Thread Status:
Not open for further replies.