- Sep 13, 2014
- 874
hi, I've been thinking ... and how ESET products block zero - day threats?
they have good signatures and they are quick to include new threats in their updates, but I just know little about their technologies and capabilities.
KASPERSKY HAVE THIS (technologie):
Key Features
Core Protection
...and ESET :
Exploit Blocker
Exploit Blocker is designed to fortify application types on users’ systems that are often exploited, such as web browsers, PDF readers, email clients or MS Office components. It adds another layer of protection one step closer to attackers by using a technology that is completely different to techniques that focus on detection of malicious files themselves.
Instead, it monitors the behavior of processes and looks out for suspicious activitiesthat are typical for exploits. When triggered, the behavior of the process is analyzed and, if considered suspicious, the threat may be blocked immediately on the machine, with further metadata about the attack being sent to our LiveGrid® cloud system. This information is further processed and correlated, which enables us to spot previously unknown threats, so called zero-day attacks, and provides our lab with valuable threat intelligence.
Java Exploit Blocker
Java Exploit Blocker uncovers attempts to take advantage of weaknesses in Java.It keeps a constant lookout over processes for any signs of suspicious activity or behavior. Threats are blocked and the fingerprint is sent to ESET LiveGrid® cloud system to ward off future attacks.
Related products - Exploit Blocker and Java Exploit Blocker Technologies
Botnet Protection
Botnet protection provides another, network-based layer of detection to reveal possible running threats.
It searches outgoing network communications for known malicious patterns, and matches the remote site against a blacklist of malicious ones. Any detected malicious communication is blocked and reported to the user.
Advanced Memory Scanner
Advanced Memory Scanner couples nicely with Exploit Blocker, as it is also designed to strengthen protection against modern malware. In an effort to evade detection, malware writers extensively use file obfuscation and/or encryption. This causes problems with unpacking and can pose a challenge for common anti-malware techniques, such as emulation or heuristics. To tackle this problem, the Advanced Memory Scanner monitors the behavior of a malicious process and scans it once it decloaks in the memory. This allows for effective detection of even heavily obfuscated malware. Unlike Exploit Blocker, this is a post-execution method, which means that there is a risk that some malicious activity could have been performed already. However, it steps into the protection chain as a last resort when everything else fails.
Vulnerability Shield
Vulnerability shield is an extension of firewall and improves detection of known vulnerabilities on the network level.
By implementing detection for common vulnerabilities in widely used protocols, such as SMB, RPC and RDP, it constitutes another important layer of protection against spreading malware, network-conducted attacks and exploitation of vulnerabilities for which a patch has not yet been released or deployed.
ESET LiveGrid®
Built on our ThreatSense.NET® advanced early warning system, ESET LiveGrid® utilizes data that ESET users have submitted worldwide and sends it to ESET's Malware Research Lab.
By providing suspicious samples and metadata from the wild, ESET LiveGrid® is a vital feedback system that enables us to react immediately to the needs of our customers and adaptto the latest threats. ESET malware researchers use the information to build an accurate snapshot of the nature and scope of global threats, which helps us focus on the right targets. ESET LiveGrid® data plays an important role in setting priorities in our automated processing.
Moreover, it implements a reputation system that helps to improve the overall efficiency of our anti-malware solutions. When an executable file or archive is being inspected on a user’s system, its hashtag is first compared against a database of white- and blacklisted items.
If it is found on the whitelist, the inspected file is considered clean and also flagged to be excluded from future scans. If it is on the blacklist, appropriate actions are taken – based on the nature of the threat. Only if no match is found is the file scanned thoroughly. Based on the results of this scan the file becomes a candidate for addition to one of the two lists. This approach has a significant positive impact on scanning performance.
This reputation system allows for effective detection of malware even before signatures are delivered to users’ computers via our virus signature database update (which happens several times a day).
Anti-Phishing
Anti-Phishing technology protects you from attempts to acquire passwords, banking data and other sensitive information by fake websites, masquerading as legitimate ones.
When a user’s computer attempts to access a URL, ESET systems compare it against our database of known phishing sites. If a match is found, connection to the URL is aborted and a warning message is displayed. At this point, the user has the option to proceed to the URL at his/her own risk or report the URL to us as a potential false positive warning.
The Anti-phishing database is updated by ESET regularly (users’ computers receive data about new phishing threats every 20 minutes).
Along with this straightforward approach, ESET Anti-Phishing implements specific proactive algorithms. These inspect the visual design of websites in an effort to eliminate those mimicking their genuine counterparts. This approach is used to detect, for example, fake internet banking forms.
Malware sample processing
ESET’s Security Research Lab receives many infected samples from various sources every day.Sample submissions from customers, distributors and partners (sent to samples@eset.com) are an important source of new malware.
Other sources include sample exchange or active honey pots, for example. After being pre-processed by automated algorithms, the received samples are reviewed by a team of detection engineers and malware analysts. Their job is to decide whether the submitted file or URL is malicious, and if it is, to create a suitable detection signature or algorithm for it.
There are several types of detection signatures and the detection engineer has to choose the most effective one depending on the characteristics of the malware. Newly created signatures are then packed together and released to our users in the form of a Virus Signature Database Update. These updates are rolled out several times a day, 24-7-365.
Signature types
ESET’s scanning engine uses several types of detection signatures for detecting malicious objects (files, processes, URLs, etc.).
The signature types range from very specific hashes (useful, for example, in targeting specific malicious binaries, specific versions of malware, for statistical purposes, or simply for giving a more precise detection name to a malware that we have been detecting heuristically) to DNA-based Smart Signatures, which are rather complex definitions of malicious behavior and malware characteristics. These signatures also rely on heuristics and emulation to evaluate the scanned sample.
The strength of ESET’s proactive detection lies in the Smart DNA signatures. They mean that the detection is effective, as well as efficient – a single well-crafted signature can detect thousands of related malware variants and enables our antivirus software not only to detect malware that we already know of, or have seen before, but also new, previously unknown variants.
Cleaning
When a computer is infected with malware, it will usually suffice to delete the detected file(s) in order to clean the infected system. But in certain cases – for example when the malware has modified operating system files, tampered with the system Registry or when a parasitic virus has infected the user’s own files – the situation gets more complicated. Simply deleting the infected file could cause data loss or even render the computer unbootable.
Therefore, a different approach – cleaning or disinfection of the infected files – has to be taken. In most such cases the cleaning is performed directly by the installed antivirus. Exceptionally, however, the disinfection steps are too complex or simply too dangerous (system stability-wise) and we may opt to release standalone cleaners for this purpose. These are available free of charge, also for non-customers.
Advanced Heuristics
Advanced Heuristics is one of the technologies used for proactive detection. It provides the ability to detect unknown malware based on its functionality through emulation. The latest version introduces a completely new way of code emulation based on binary translation.
This new binary translator helps to bypass anti-emulation tricks used by malware writers. Along these improvements, DNA-based scanning has also been extended significantly. This allows for better detections which address current malware more accurately.
What is livegrid in real life,is cloud protection???
she can stop me from opening an infected file when there are no signatures ? she ( technologie) is effective?
ESET LIVEGRID is like ( KSN ) KASPERSKY?
they have good signatures and they are quick to include new threats in their updates, but I just know little about their technologies and capabilities.
KASPERSKY HAVE THIS (technologie):
Key Features
Core Protection
- Real-time Protection from new and emerging viruses, spyware, and more
- Proactive Detection of unknown malware & rollback of harmful activity
- Instant Safety Checks for files and websites
- Automatic Exploit Prevention ensures vulnerabilities won't compromise your PC
- Hybrid Protection combines the power of the cloud and your PC
- Small, Frequent Updates
- Anti-Phishing protects your digital identity
- Quick Launch of Virtual Keyboard defeats keyloggers & screen capture malware
- Secure Keyboard protects personal data entered via a physical keyboard
- iChecker/iSwift provide intelligent scanning for maximum performance
- Smart Updates reduce network traffic and resource use
- Gamer Mode for an uninterrupted gaming experience
- Safe Money protects data during online financial transactions
- Two-way Firewall blocks hacker attacks
- Application Control prevents dangerous applications from harming your system
- Safe Surf alerts you to potentially malicious web sites
- URL Advisor informs about reputation of web links
- Anti-Blocker functionality helps unblock your PC if it’s infected with a ransom-ware Trojan.
- Trusted Applications Mode to ensure only trusted applications run on your PC
- Network Attack Blocker prevents malicious network attacks
- Anti-Banner blocks dangerous & annoying banner ads
- Robust Anti-Spam protection
- Advanced Parental Control keeps your kids safe & responsible online
- Rescue CD cleans your system if its infected beyond use
- Technical Support via phone, live chat, email, & Knowledge Base
...and ESET :
Exploit Blocker
Exploit Blocker is designed to fortify application types on users’ systems that are often exploited, such as web browsers, PDF readers, email clients or MS Office components. It adds another layer of protection one step closer to attackers by using a technology that is completely different to techniques that focus on detection of malicious files themselves.
Instead, it monitors the behavior of processes and looks out for suspicious activitiesthat are typical for exploits. When triggered, the behavior of the process is analyzed and, if considered suspicious, the threat may be blocked immediately on the machine, with further metadata about the attack being sent to our LiveGrid® cloud system. This information is further processed and correlated, which enables us to spot previously unknown threats, so called zero-day attacks, and provides our lab with valuable threat intelligence.
Java Exploit Blocker
Java Exploit Blocker uncovers attempts to take advantage of weaknesses in Java.It keeps a constant lookout over processes for any signs of suspicious activity or behavior. Threats are blocked and the fingerprint is sent to ESET LiveGrid® cloud system to ward off future attacks.
Related products - Exploit Blocker and Java Exploit Blocker Technologies
Botnet Protection
Botnet protection provides another, network-based layer of detection to reveal possible running threats.
It searches outgoing network communications for known malicious patterns, and matches the remote site against a blacklist of malicious ones. Any detected malicious communication is blocked and reported to the user.
Advanced Memory Scanner
Advanced Memory Scanner couples nicely with Exploit Blocker, as it is also designed to strengthen protection against modern malware. In an effort to evade detection, malware writers extensively use file obfuscation and/or encryption. This causes problems with unpacking and can pose a challenge for common anti-malware techniques, such as emulation or heuristics. To tackle this problem, the Advanced Memory Scanner monitors the behavior of a malicious process and scans it once it decloaks in the memory. This allows for effective detection of even heavily obfuscated malware. Unlike Exploit Blocker, this is a post-execution method, which means that there is a risk that some malicious activity could have been performed already. However, it steps into the protection chain as a last resort when everything else fails.
Vulnerability Shield
Vulnerability shield is an extension of firewall and improves detection of known vulnerabilities on the network level.
By implementing detection for common vulnerabilities in widely used protocols, such as SMB, RPC and RDP, it constitutes another important layer of protection against spreading malware, network-conducted attacks and exploitation of vulnerabilities for which a patch has not yet been released or deployed.
ESET LiveGrid®
Built on our ThreatSense.NET® advanced early warning system, ESET LiveGrid® utilizes data that ESET users have submitted worldwide and sends it to ESET's Malware Research Lab.
By providing suspicious samples and metadata from the wild, ESET LiveGrid® is a vital feedback system that enables us to react immediately to the needs of our customers and adaptto the latest threats. ESET malware researchers use the information to build an accurate snapshot of the nature and scope of global threats, which helps us focus on the right targets. ESET LiveGrid® data plays an important role in setting priorities in our automated processing.
Moreover, it implements a reputation system that helps to improve the overall efficiency of our anti-malware solutions. When an executable file or archive is being inspected on a user’s system, its hashtag is first compared against a database of white- and blacklisted items.
If it is found on the whitelist, the inspected file is considered clean and also flagged to be excluded from future scans. If it is on the blacklist, appropriate actions are taken – based on the nature of the threat. Only if no match is found is the file scanned thoroughly. Based on the results of this scan the file becomes a candidate for addition to one of the two lists. This approach has a significant positive impact on scanning performance.
This reputation system allows for effective detection of malware even before signatures are delivered to users’ computers via our virus signature database update (which happens several times a day).
Anti-Phishing
Anti-Phishing technology protects you from attempts to acquire passwords, banking data and other sensitive information by fake websites, masquerading as legitimate ones.
When a user’s computer attempts to access a URL, ESET systems compare it against our database of known phishing sites. If a match is found, connection to the URL is aborted and a warning message is displayed. At this point, the user has the option to proceed to the URL at his/her own risk or report the URL to us as a potential false positive warning.
The Anti-phishing database is updated by ESET regularly (users’ computers receive data about new phishing threats every 20 minutes).
Along with this straightforward approach, ESET Anti-Phishing implements specific proactive algorithms. These inspect the visual design of websites in an effort to eliminate those mimicking their genuine counterparts. This approach is used to detect, for example, fake internet banking forms.
Malware sample processing
ESET’s Security Research Lab receives many infected samples from various sources every day.Sample submissions from customers, distributors and partners (sent to samples@eset.com) are an important source of new malware.
Other sources include sample exchange or active honey pots, for example. After being pre-processed by automated algorithms, the received samples are reviewed by a team of detection engineers and malware analysts. Their job is to decide whether the submitted file or URL is malicious, and if it is, to create a suitable detection signature or algorithm for it.
There are several types of detection signatures and the detection engineer has to choose the most effective one depending on the characteristics of the malware. Newly created signatures are then packed together and released to our users in the form of a Virus Signature Database Update. These updates are rolled out several times a day, 24-7-365.
Signature types
ESET’s scanning engine uses several types of detection signatures for detecting malicious objects (files, processes, URLs, etc.).
The signature types range from very specific hashes (useful, for example, in targeting specific malicious binaries, specific versions of malware, for statistical purposes, or simply for giving a more precise detection name to a malware that we have been detecting heuristically) to DNA-based Smart Signatures, which are rather complex definitions of malicious behavior and malware characteristics. These signatures also rely on heuristics and emulation to evaluate the scanned sample.
The strength of ESET’s proactive detection lies in the Smart DNA signatures. They mean that the detection is effective, as well as efficient – a single well-crafted signature can detect thousands of related malware variants and enables our antivirus software not only to detect malware that we already know of, or have seen before, but also new, previously unknown variants.
Cleaning
When a computer is infected with malware, it will usually suffice to delete the detected file(s) in order to clean the infected system. But in certain cases – for example when the malware has modified operating system files, tampered with the system Registry or when a parasitic virus has infected the user’s own files – the situation gets more complicated. Simply deleting the infected file could cause data loss or even render the computer unbootable.
Therefore, a different approach – cleaning or disinfection of the infected files – has to be taken. In most such cases the cleaning is performed directly by the installed antivirus. Exceptionally, however, the disinfection steps are too complex or simply too dangerous (system stability-wise) and we may opt to release standalone cleaners for this purpose. These are available free of charge, also for non-customers.
Advanced Heuristics
Advanced Heuristics is one of the technologies used for proactive detection. It provides the ability to detect unknown malware based on its functionality through emulation. The latest version introduces a completely new way of code emulation based on binary translation.
This new binary translator helps to bypass anti-emulation tricks used by malware writers. Along these improvements, DNA-based scanning has also been extended significantly. This allows for better detections which address current malware more accurately.
What is livegrid in real life,is cloud protection???
she can stop me from opening an infected file when there are no signatures ? she ( technologie) is effective?
ESET LIVEGRID is like ( KSN ) KASPERSKY?
