Has anyone seen this???

I know I'm going to be critizised, but note that my intention is not to question ESET since I'm not an expert, just to inform about what others see in ESS..

http://www.matousec.com/projects/firewall-challenge/results.php

Still, It is not very comforting to read this...
So... what's you opinion??

 

i guess it depends how important leaktesting is to you, for people who like browsing porno/crack sites or are so completely thick that they instal spyware, then it may be important. for expierienced users who understand the basics of safe browsing, its not important at all

ess provides a very basic firewall which i like, all i want is the most basic level of application control & let the nat/router do the rest. I hope that eset DONT go the way of comodo/outpost with their 10 trillion pop ups asking every move you make on the PC "are you sure you wanted to click the mouse"
i dumped outpost specifically because of the massive amounts of bugs & system problems are introduced by the "anti leak" controls. not to mention how much it slows the system down.

if you think leaktests are important and you have no common sense when browsing, then follow matousecs advice and get comodo3.
myself am very happy and comfortable with ESS/router.
i would be happy with EAV & Windows firewall/router, but when my nod32 subscription was up for renewal, for a few quid more i thought the basic firewall in ESS was worth it (and the fact the ess license can be used for EAV should i ever want a 3rd party firewall again)

 

I guess they didn't test the suite complexly, just the firewall itself. Our scanner can detect most of malware that exploits these weaknesses/bugs proactively.

 

That is the most likely scenario, when they tested AVG (which kind'a has the same policy as Eset regarding Leaktest) they disabled the antivirus with the lame excuse that they where testing the firewalls capabiliities (i Bet whith comodo they did not disable Defense +)

 

Don’t get me wrong here, I really like ESET and have for years. It is lightweight and fast… BUT

Leaktests are a scam but also a pointer to the real issue. Classic signature based AV can find anything it is told to (including the various leaktest exe and dlls) and in that respect, leaktests are a joke. However, the point about leaktests (should be) is that either the AV or the application firewall, or the security suite or whatever, should be analysing application behaviour and blocking the anomalies.

ESET needs to adopt behaviour analysis, HIBS, whatever, in conjunction with signatures and heuristics or it will get left behind .

…and KC… most Internet users want to do just that – the computer is a tool to browse the Internet… so to some extent you might argue most are “so completely thick”. I’ve got in excess of 3000 users – they are there to do a job of work, not to understand how the computer or the Internet function. My desktop and server security needs to do exactly that.

cheers

 

No , HIPS will only slow down user systems . ESET already have a good working strategy working for ALL clients - their heuristics . They detect pretty much real threats by analysing the file code and the AH analysing in emulated environment . In ESET's heuristics there is a balance - only real malware (0 f.p.) . HIPS will require user intervention or will rely on rules (in both cases false positives and not appropriate for all users (may be for some , but not for all) .

Only HIPS can block the so called leaktests , but not everything they do is malicious . For example , I recall one which tries to send simple text to remote server using IE , but there is really nothing malicious in this . A real threat will be a combination of many proved malicious actions , not one used by both many legit and malicious applications. Moreover , I think some leaktests are made especially for HIPS even though their creators use them to even test firewalls . The leaktest tries to use IE to send info , but if this action is not blocked , then it shows a message that the test failed even before sending the real info . ESS poped up about IE wanting to connect and IE was blocked but the hips already showed me message test failed

 

This is what "user-friendly" HIPS (behaviour blockers/analyzers) do. Behaviour blockers are like Advanced Heuristics on steroids. Dynamic/behaviour-based/emulation-based/sandbox-based heuristics are very nice and somewhat powerful, but they fail. It's relatively easy to add a good amount of garbage code which will cause the emulator to halt (it asses that the file will need too much time to be emulated and the slowdown will be significant) and the amount of behaviours/API calls observed in the VM/sandbox can not be too high or the speed of analysis will drop to undesirable levels. Runtime behaviour blockers are free from these disadvantages.
Behaviour analyzers are immune to code obfuscation and they're able to watch a high number of behaviours without a significant performance impact.

 

, I hope ESET will go the way of Comodo & Outpost and firewall will be still better and better.