- Mar 15, 2011
On some countries like in Asia it could be Wednesday and some other countries can be Tuesday.
The HIPS functionality in v5 marks the first time this functionality has been exposed in the user interface to customers. Previously, HIPS rules were just a part of the heuristics technology. A subset of those were simplified and used as the basis for the new HIPS module (along with some new things that were added based on internal feedback and requests) in v5.
ESET has been gathering reputation data for a while through various sources and means, and it has been used in various ways. For example, Smart Optimization in v4 makes use of the collected data.
Right now, the couplings between HIPS, reputation data and other threat intelligence are fairly malleable. Part of the reason for that is because these functions were previously internal to the program, and making them available in the user interface is new to v5. But the other, more guiding reason is to ensure maximum flexibility in how these "threat feeds" of data are analyzed and processed to allow currently-available, soon-to-be-available and far-in-the-future versions of ESET software to react. Some data is looked at and responded to in real-time, while other sets of data have to be batched and processed over time so that trends and changes in behavior can be observed. Looking at just a snapshot of data taken at a given instant is not always going to produce meaningful, useful or actionable intelligence.
The key here really is to periodically review/look at/examine all of the data which comes in over various periods of time in order to determine how using that data in various combinations can better protect people, without doing things like impacting performance, or causing false positives. I suppose one way of looking at things is that ESET has set its framework up for V5 (and beyond) to create mash-ups. These will show up in new and novel ways in how the program protects you from threats.
I personally have found some of the feedback in the forum that the HIPS module is only suitable for advanced users a little disappointing, not because I disagree with it, but because one of the goals was to provide HIPS which is suitable for people of all levels of computing experience, particularly novices. Clearly, there is ongoing work to be done in this area, and it will continue through—and beyond—the v5 release cycle. Having the world's best protection is useless if it doesn't help the folks who need it the most, as those of you who do support for friends and family are, no doubt, quite aware. The good news here is because ESET licenses its software by time rather than by a version, customers will get any improvements made to the software for free, even if that means a brand-new version of the software.