Eset needs BlackHat consultant

Discussion in 'ESET NOD32 Antivirus' started by MI1, Sep 3, 2009.

Thread Status:
Not open for further replies.
  1. MI1

    MI1 Registered Member

    Joined:
    Sep 3, 2009
    Posts:
    1
    Location:
    Ko?ice
    Hi, i am writing this post because I like Eset products, and i am proud of nice Slovak dream what happened. Thats the reason why i am writing post. Eset and its fine products definitely needs some security consultant. (BlackHat, BlueHat it doesnt matter what he is wearing :) ) Really needs! As far as i know Eset is taking place by the philosophy of defensive way. You say, install our product and you will be fine, because it will protect you from viruses and worms and similar threads. But in nowadays that is not enough! A man (or woman :) capable of simulating a hackers way of defeating AV is needed in every company which have to do something with computer security. Just a year ago i start playing with bypassing anti-virus software and i have something to say. Even 15 years old script kiddie is able to bypass fully patched anti-virus software from Eset. (and many many others AV off course) No extra knowledge is needed, no programing skills, nothing just a few hours of Googling and reading. You can imagine what a seasoned developer with knowledge of f.e. python, debugger, and exploit development can do. There is absolutely no protection against f.e. metasploit payloads or whatever evil code modified with Shikata Ga Nai encoder. I know that is not possible to cover all evil codes, but how long would it takes to analyze common attach tools? A week (if you are familiar with them) of hard work i guess, and how many computers will save that? Answer yourself.
    Need to tell that Eset smart security is not alone with failing to detect these common and well known script kiddies tools. A little bit old - March 2008 article about Effectiveness of Antivirus in Detecting Metasploit Payloads from Mark Baggett is showing that % of successfull detections is somewhere from 0% to 18% depending on AV software and used payload. In nowadays be sure the % is not higher.
    Another think, i discover that is also possible for attacker to hide into nod32 process and turn the operating system apart from it. Yes that is a paradox, when you owning operating system and create a new botnet zombie base from process of its AV. When i see some nice exploit on the fly, and want to write some article for my community friends i always choose Eset smart security (updated version ) as a target protection because i am sure the exploit signature is not in database. You cannot say that about Kaspersky. One example - they added Firefox 3.5 Heap Spray exploit to database only few hours after public release. And that time between releasing an exploit and putting signature to database is all what shame like Conficker and its mutations needs to extend around how many computers? A hundreds, thousands, millions? Btw its annoying to read all the times about Conficker on Eset web pages, because if you have some private data on your company server its not Conficker what you should worry about. Another side of the coin. When i want to analyze some nice code on my favorite Blogs using windows operating systems, Eset Smart Security is again and again disconnecting my browser from site. And that is happening not because there is some malicious code on that site what can affect my computer, but because there are published and analyzed source codes. Its frustrating. Please do not take this post as a float, just writing this in good will someone cares about security. I know many of you are working hard to make Eset products to be El numero uno. Keep up the good work.
     
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,947
    Location:
    U.S.A.
    MI1, before you go down the wrong path, having just joined our forum, AV comparisons (ESET to Kaspersky) are not allowed as per this Policy. If you are having a particular problem, open a new thread to discuss that subject alone, and I'm sure ESET will help you. This thread is closed.

    JR
     
Thread Status:
Not open for further replies.