zero day protection

will v5 be better for zero day protection and why ?

Some others AV have sandboxing. What will be better in TheatSense in v5 to compete with that ?

In fact, I dont like NOD32 getting less than Adv+ award in new Whole Product Dynamic "Real World" Test by av-comparatives. We expect in more of our favourite antivirus.

thanks

 

Re: zero day

The HIPS feature of Eset v5 should provide better zero day protection

 

Not with this default settings...in this time...Perhaps with news default settings...

 

I think ESET will protect our digital worlds in a more effective way using the cloud.

 

Cloud-definitions isn't as effective for 0days as sandboxing, even cloud-definitions will always be behind and never complete.

 

i talked about this before, the cloud must be seen as a tool, not as a replacement for traditional methods. Actually the ThreatSense engine offers excellent protection for unknown threats by using generic signatures and heuristics.

 

I'm saying that cloud-based definitions aren't 0day protection. Cloud-based heuristics is different.

 

When i say "using the cloud", im not refering to a subset of the cloud services as "definitions/heuristics-in-the-cloud" are.
Thats why im saying the cloud must be seen as a tool for increasing detection rates, not as a replacement.
Hope you understand.

 

I don't.

 

According to Marcros, the hips already have rules set up in the default mode. However these are not visible to the user. This will be will be improved futher by module updates.

The zero day protection is constanly improved by module updates. Eset does not need to release a new of its software to improve the mechanisms that provide zero day protection.

The cloud will not give any better zero day protection. It is only used by Eset to detect threats faster.

 

Cloud is not a method. It's a place.

Cloud-based heuristics will help with 0day threats. Cloud-based definitions won't... not really at least, they'll just get you definitions sooner.

 

Do you have any proof that ESS/EAV 5 have cloud based heuristics?

As far as I know, there isn't any detection in the cloud. It is just used by Eset to detect new threats and protection will be provided in the next definition update.

 

IMO yes it can with the combo of Advanced heuristics,active filter mode browser - internet facing apps but has to be configured from the default passive mode.Add to the mix of hips and cloud technology it should do way better then v4.just my 2 cents for what its worth.

 

what are the advantages over local signatures and heuristics, if they still need development, which is a time consuming process?
Cloud Black/white listing , no.

In the past, the cloud was used for faster reaction to new threats discovered by the core ThreatSense engine.
Now with the added reputation services, file classification/priority should result in a faster discovering of new threats, and with the filtering of whitelisted files, even faster.

Blacklisting is not performed yet, but i think that can prevent infections before the release of a signature update.
Even it can be used for blacklisting zoo malware, which then can be blocked through generic signatures.

 

I hope to read Marcos about zero day protection

 

Since cloud-heuristics will require some time and some users before a file can be flagged as suspicious by its reputation, you cannot expect proactive protection from it.

True proactive methods will protect you from suspicious behavior in no time.

 

First of all ...the HIPS of Eset got to be more modern, like the HIPS of Comodo(or Kaspersky).Hi got to work inteligently and not asking me 1000 questions.
The Hips of Eset is the hips of Comodo Version 2

 

Marcos already said that ESET will not copycat Norton's way of using file reputation (basically blocking new, unknown files), which is the right direct in my eyes. If you look at how all the different vendors try to improve zero-day protection, you will see that there are two directions: 1. intrusion prevention systems, or 2. sandboxing. I am happy ESET's choice for intrusion prevention.
My guess is, that over time, reputation data will be used to enhance the HIPS in automatic mode.

(Most examples of cloud-based security solutions which we have seen till now, are focused on decreasing reaction times, not improving proactive protection.)

 

Time will tell what is the purpose of ESET's IPS.

 

Hips in automatic mode got to block intelligently and not allow.
For the very average users (who want to give the rolls to all)interactive mode is good now.

....p.s.Hips is something new for Eset but in this Internet war Eset got to be on the top,becouse there no havent a new version still 2 y.
If is not on the top people go and chouse another product.

 

What the heck. Interactive mode throws a pop up at you at nearly all system modifications.

 

Is much ...for this reason i do not like the new version.Is not ready yet.

 

Really I dont consider on-execution technologies too much different from dynamic analysis performed by advanced heuristics.

 

Most of Security product look to make money and put on the market bad version.
Yesterday Avast put the new release 6.xxxx.27 and after 2h put another one....29.
That is shame.

....p.s.We can do nothing ,Eset 5 Final is here(in France is on the market on 19.09 ready for sell)
We can wait and hope for changes or chouse another product.