I think now SI is good enough, i see no reason to implement some things like DACS or cima (i suggsested valkyrie to scripts, php files and so on earlier). It would take too long (belive me) and it is to hard to do.
It's better to have simple and decent mechanism than a very slow, multi-engine, unreliable service.
SI now detects buffer overflow attacks, JS files with suspicious code, IE crashnig, malicious files, malicious scripts, it uses few blacklist, has ip matching, detects suspicious file/registry modification, detecting of a pdf exploits (starting acrobat reader) as well.
For now it provides the best detection in my opinion - Mcafee site advisor, avg link scanner and other cannot provide such as good detection as a SI.They are using only blacklists (avg has very poor scanner
- so if the malicious site isn't on a BL - it is not detected - SI has a lot of other layers of detecting - SI preforms a dynamic scanning in the sandbox!)I'm a big fan and supporter of this service, it is very,very pomising!