I guess it's time for this..

Hi Everyone!

I've had a great time testing ESS with y'all, and I've actually even found some things that I forwarded to Eset about, and have recieved confirmation from the developers on them.

I've known Eset's NOD32 to be the "Top of the Food Chain" when it comes to AV products for many years now, and have steadfastly recommended it to everyone I know, and the over 200,000 members of my 3 online Tech Help sites I administrate.
I firmly believe that Eset will continue to hold that crown in the AV field, but I'm no longer considering ESS to be my overall Security product anymore. The Firewall aspect of ESS is just not close to what I consider to be a Full Firewall, and it's not going to make those major advances in the near future either..it's just too far behind.

After testing Comodo's Free firewall (their Pro firewall has always been Free, and always will be), it win's hands down in my pick for a Firewall product. It's full features, advanced HIPS and rules, configuration options, and full complete logging (for just a few things) is light years ahead of the firewalls I've tested in the last 6 months. I've gone thru Kaspersky's suite, Norton Internet Security 2007, ZoneAlarm for Vista, and ESS now, but Comodo Firewall Pro beats them all with ease. Comodo was also the ONLY one of these firewalls to stealth the 49148 to 49154 svchost ports in the Default settings, all others I had to disable the services to lock those down and that's not right IMO. I'm sure I could've tweaked them to do a better job, but should I have to

Anyway, I think my final decision is to use NOD32 2.7.39 and Comodo Firewall to encompass my main security suite. While I feel that ESS will be a good all-round product for many, but as far as an advanced firewall product goes, it has a ways to go yet and the current format doesn't allow for the changes I would like to see happen anytime in the near future. I had written to the Eset developers asking for a few more features that an advanced firewall should have and they replied that some of them "may" come in future versions in later years. Well...that's just not going to cut it when there is a product that offers these things (and much more) right now, and is free too.

This isn't an Advertisement for Comodo here in the ESS forum, please don't think that. I'm simply stating my case for my decision from what I've seen over the last while.
I've enjoyed working with everyone here and reading your posts, and possibly helping you if I could. There are allot of competent folks here, for sure.

Thank you Eset for giving us ESS to test out, and Thank You forum members for being here to help everyone! Good Luck to everyone here and I hope you all find exactly what YOU are looking for in your security products!

Dave

 

Hi.

That's a good post explaining well why you have made your decision. I would have began using Comodo myself but for the fact that it doesn't fully support Vista just yet.

 

Firewalls are misunderstood by the vast majority of computer users, both novice and expert. Comodo is rated highly because of it's ability to not leak (allow data to leave the computer). While this is correct, it is also irrelevant. The analogy I like to use is that employing a firewall that prevents leakage is like trying to keep a robber from leaving your home once he's in. The damage has been done, and once a hacker is in, they can likely bypass any security you have-including a high-rated firewall.

What you want to do is to not let the bad guys in to begin with. I have used computers since 1968, have always been a high-risk internet user, and have never had a virus. I have been using NOD32 for several years, and prior to that Norton and Trend Micro.

I use Windows firewall on a machine running XP Pro. My view as well as other experts I know, is that your focus must be on stealthing ports, not leakage.

The ideal combination is NOD32 and Windows firewall.

 

Interesting - how many others agree with that. I would really like to know!

 

I should add that you should make an image of your entire system daily (Acronis) in the event something happens and you need to go back to a prior time. In addition, nothing is 100% safe. Anyone can get malware at anytime. So we are dealing in high probabilities of protection, not absolute certainties.

And finally, agreement on this board is also not important. Agreement does not equal truth. Many people are in agreement on many things-all of which can be wrong.

 

I agree with this. That doesn't proove it's right as already mentioned.

Out of interest I've done testing including Shields Up' at www.grc.com which I've always found pretty good at determining if you have any open ports etc.

With ESS in interative or automatic mode it completely stopped all probes and the PC was totally stealthed accoringd to that test.

It may not be conclusive but it's my findings which give me confidence that ESS does stealth ports and ignore incoming probes.

 

If a bit of malware gets onto your PC and masquerades as something genuine then just because your firewall passes a leak test does not help much, at least not according to many security gurus.

 

..which is why I personally believe that stopping it getting in in the first place by using a firewall that stealths ports and good AV/malware scanners and of course using caution in what you do on the web is better than trying to stop things leaking back out.

I guess no system will ever by 100% bullet proof as malware creaters are always trying to be one step ahead.

 

I agree with this analogy.
Many fail to realize that a FW's outgoing protection/HIPs proggies are a last line of defence.
However, (following the analogy theme here) should a thief be in my house, I sure would like to know. And I certainly would like to be alerted if he's phoning his buddies telling them that the back door is open, or he needs help getting my plasma TV out of the house.
Outgoing protection may be overrated, but it has it's place.

 

I got a tickle out of your analogy (but I completely agree with the point it makes)!

 

Hi Chappy

I am not a ESS fanperson, however, I feel somewhat compelled to respond to your thread.
Your rationale is appreciated and I respect your decision and logic in arriving at your final configuration.
I hope you will give ESS another look in the future.
Good Luck
Cheers

 

Meh, different strokes.

I like ESS. For me, the softie firewall is more like a good gesture than a requirement seeing as how I'm behind a router 24/7 and am not a complete idiot with what I do online, but I do like the added outgoing control. I could live without that, and if I ever so chose to ditch the soft firewall, I'd probably not give a damn about staying with only a standalone AV along with XP's built-in firewall.

But in terms of practical security for my purposes, I think I'm splitting hairs at this point.

 

chap Sygate pro 5.6 will stealth all of your ports, you can test it against shield sup if you like. its a very good firewall, I'm hoping that ESS will end up like it otherwise I would not change either, however I still have hope, we don't have a final yet.

 

Incidentally, they're saying that Symantec's Endpoint Protection (whatever it's named, currently in beta) is showing a lot like the good ol' Sygate of days gone by that some of us used to love so much... just in case anyone's interested.

 

I agree ESS does not do what I want it to. I absolutely trust & love 2.7. Comodo is a great firewall. It does everything I want it to do. I'm happy with this combination!

 

Personally I think Eset have lost the plot slightly. They should concentrate on what they're good at which is AV. All this messing around with ESS is not helping to maintain Eset's reputation, or maintain 'top-performance' detection rates. What we should have...

a) Because it's long overdue
b) Because (as above) it's what they do best....

...is a V3 NOD32. Forget the Firewall / Anti-Spam stuff - other's do it better and in any case it's the wrong priority to put the ESS development in front of NOD32 V3.

I genuinely believe that Eset will lose customers over this - possibly including me.

 

Hi JeremyWW
While your points are valid and understandable, may I respectfully place some salient points on the table.
-ESET's competitors /competition are (or have) brought out Security Suites. They, as a company, MUST stay competitive. Case in point is Agnitum and their anemic "suite" as compared to their "firewall only" Pro 4.
-Most of the general public believe that if it is a suite, then it is a "one stop" appraoch to get protected.... e.g Norton and Mcafee)
(The exceptions are you and I and many others who believe otherwise in a more diverse layered protection ... e.g NOD32 + Comodo)
-ESET (to my understanding) will still issue and support NOD32 V3. This will serve to fulfill the needs of the individuals who want a diverse layered protection.

The demographics of the consumer (PC security) marketplace is changing.
-Four yrs ago, a rootket was not on the horizon
-Email spam/phishing is a comparable recent blight on the landscape
-Malicious, infested Web pages were not considered a problem 2 yrs ago.
-It was safe to surf the net for information and be fairly safe in knowing that your PC will not be a zombie.

You and others who frequent secirity forums and have the knowledge and expertise can avoid the above, but compared to the vast majority, who have "no clue" ..... to them a "suite" is protection from the "powers in the sky" and updates are a "one click" wonder and they do not need to update 3-4 other security applications.

I maybe taken to task for this, but based on experience of having to repair PC's because the user never bothered to update ONE piece of software it is better to give that user no choice. Just give him a "suite", and let it update itself.

I am NOT disagreeing with you, just giving a rationale concept why ESET would continue with both NOD32 V3 AND ESS.

Just my .000002 cents

Cheers

 

I find this discussion VERY interesting.

I agree with fredra that Eset has to develop a security suite in order to remain competitive; even though suites are not necessarily better (maybe worse).

I switched over to nod32 about 6 months ago, after being with McAfee for over 10 years! The reason was their new Virusscan 11 - overly bloated, criticized for slowing down computer and internet browsing, sometimes to a crawl.

I'm sure that MOST people did not leave McAfee, thinking this was normal; the price to pay for good security.
I'm also sure McAfee gained many NEW customers with their suite.

But unlike McAfee, ESET will maintain the option for an anti-virus-only product, in addition to the security suite. So customers will have a choice. I see nothing wrong with that. McAfee didn't give me that choice - I asked to keep my Virusscan 10 for another year - they said no - I wouldn't get updates if I didn't upgrade to the "new and improved" Viruscan 11.

As an aside - I have a question. In previous post it was suggested the best combination is Nod32 with windows firewall (I have XP Pro - so the firewall protects only incoming).

In fact that is what I am using.

Can anyone make a comment how windows firewall (XP) compares with Comodo in terms of incoming protection?

 

Hello.

Are you talking about v2 or v3 Alpha? I'll just assume it's v2.4...

Actally Comodo 2.4 does not have a HIPS. It is a form of HIPS yes, but rather limited to leakproofing... v3 is another thing.

Comodo 2.4 has one of the worst logs I've seen.

Quite opposite, it's always better to disable processes (services, svchost) that listen on certain ports than blocking them with a firewall.

Give those guys at ESS some break. It's their firstborn firewall, and as an in-house product, I think it's more than very good.

Not necessarily. You could beat the **** out of that robber, strap him to a chair (with outbound control), thus blocking his exit. Then you call the police (say AV, or manual delete) and send him to jail. Don't forget to retrieve your belongings from his pockets.

I agree. Leaktest are one thing and real-life malware encounter is another. Fighting against such malware requires a lot of user intervention, so your safety really depends on your scope of knowledge.

So true.

I agree with this, but let's not forget that suites bring more money. So I do understand ESET.

As you already know Comodo firewall consists of two layers, application and network. Network layer is a full stateful (TCP, UDP) packet filter. So is Windows firewall. They are basically the same. If you take a Windows firewall and add it application (exe) control and some HIPS features (say DLL loading) you will approach as close as it gets to Comodo. Well, this is a rather loose explanation, but basically this is it. Windows firewall is Comodo without application filter and HIPS features.

Cheers guys/girls.

 

Well it's the setup I use and have found it best suits my needs. It's so light that it has no noticable effect on system performance whatsoever. Combined with my hardware based solutions my protection is pretty optimal while resource suckage is at a bare minimum.

That and of course utilizing safe browsing habits and having half a clue as to what I'm doing... that right there is more important than what software to use. I could probably disable the Windows Firewall and uninstall Nod32 and I'd be just fine in fact.

 

I Agree!
I'm glad it hasn't turned into a FlameFest, but I see it's been moved to the "Other Firewalls" forum...

Seer

V3 Alpha, and it is HIPS. The logging in it is still more than ESS offers, and it's got a way to go yet, it can only get better.
I also disagree about having to disable services ans svchost. Many of my useful and wanted items use svchost to do their job, why should I have to do without that? Many useful Windows services also use svchost, and I don't wish to lose those either, like Time Sync among others.
No, I prefer to leave those wanted items running but not advertise that to anyone scanning the upper range ports knowing about it.

Also, I heartily Applaud Eset on their work!! No doubt, for a first time firewall they're doing very well!
I was a Sygate user for a long time and really enjoyed their way of logging and right-click backtracing of unknown IP's. I guess I was looking for more than ESS had to offer, and my talks with an ESS developer told me that the things I was looking for would not be in any near future version, but possibly in a few years. Well, I just found Comodo offers me more of what I was looking for is all, and I'll ALWAYS be an Eset NOD32 supporter.

Personally for all the others, I don't consider Windows firewall to be very effective. Without some major tweaking it failed almost every scan I put it thru. But everyone is entitled to do as they please to suit their needs so more power to you all!

I'm a very knowledgable user and my habits are very safe. I have never had an infection or trojan on any of my systems, but I also appreciate having the Best protection I can find for my needs, and I believe I now have it.

Thx to all who've voiced their opinions here, and for keeping this one Civil. I knew it had the chance to get out of hand but this response shows the level of maturity of the members here. Well Done!

Dave

 

Nick said:

"As you already know Comodo firewall consists of two layers, application and network. Network layer is a full stateful (TCP, UDP) packet filter. So is Windows firewall. They are basically the same. If you take a Windows firewall and add it application (exe) control and some HIPS features (say DLL loading) you will approach as close as it gets to Comodo. Well, this is a rather loose explanation, but basically this is it. Windows firewall is Comodo without application filter and HIPS features."



Actually, I don't know much about firewalls.
Can Windows firewall (in XP ) be configured to add "application (exe) control and some HIPS features (say DLL loading)" - to make it like Comodo?
How important are these functions?

Thanks Nick (or anyone else who might know).

 

Windows firewall itself cannot be configured to include such features. You could use an additional HIPS application though, which will allow you to control DLLs as well as application network access. Two good ones that include both features are SSM Pro and ProSecurity (free version of PS does control app network access, if I'm not mistaken).

 

I see. I just took a wild guess regarding v2. As I said, v3's another story. HIPS is much stronger, and logs are quite adequate.

Not much use of that one, for sure.

Un-needed services should always be disabled. I agree with you that needed should be left alone and their network access filtered in a proper way with a firewall.

I'll drink to that.

Cheers.

 

Thanks nick for the info/suggestions.

Could you clarify for me if the "application (exe) control" and the "HIPS features" are important?

(To be honest with you, I don't really know what they are.
People in this thread have said that outbound protection is over-rated; maybe this also applies to "application (exe) control" and the "HIPS features"??