ESS Failed both GRC and PC Flank leaktests

Discussion in 'ESET Smart Security' started by joeschmoe, Nov 26, 2007.

Thread Status:
Not open for further replies.
  1. joeschmoe

    joeschmoe Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    6
    I was testing ESS against both the GRC and PC FLank leaktest....On both attempts ESS didn't even acknowledge the outbound information....Is there anyway to shut this down via rules?
     
  2. Alf_

    Alf_ Registered Member

    Joined:
    May 7, 2007
    Posts:
    48
    Location:
    The Netherlands
    Eset isn't interested in leaktests. Read other discussions in this forum.
    "Why kill a burglar who you let in yourself?"
     
  3. stratoc

    stratoc Guest

    i dont use a firewall myself, but surley he idea of a 2 way firewall is to stop thieves you let in yourself getting out, i think you will find that is what a 2 way firewall is meant to do!
     
  4. joeschmoe

    joeschmoe Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    6
    So let's say an application I install has a virus or trojan attached to it, or maybe a kid installs a program a friend gave them...It does it's thing and starts calling home and sending private information on to the home place....You don't think a firewall should stop this kind of traffic or at a minimum ask to allow the traffic? I sure do...

    If a burglar gets in my house I want him dead in his tracks (yes I would shoot him dead) when I find him in there...i.e. a firewall should do the same thing....A firewall should block/check both in bound as well as outbound traffic, not just inbound....FFor the simple fact of "if it's man made, it's not perfect and there will be a failure/vulnerability somewhere with it"
     
  5. Alf_

    Alf_ Registered Member

    Joined:
    May 7, 2007
    Posts:
    48
    Location:
    The Netherlands
    LOL
    Don't shoot the messenger, please. :)
    I'm just telling you what Esets opinion is about this subject.
    Just search the forum for this kind of topics and read the replies of Eset.
    Basically their policy is, if you make sure a burglar never can gets in, it's no use to bother about leaktests at all. But I'm sure an Eset representative will correct or acknowledge this. :rolleyes:
     
  6. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    brilliant way to describe it:):D
     
  7. Jeff Bellune

    Jeff Bellune Registered Member

    Joined:
    Dec 16, 2006
    Posts:
    21
    But if your teenage son is smart enough to figure out how to shut off the firewall by renaming the executable so that he can let in the "burglar" that ESS tried to stop, it would be nice if, after a reboot, the firewall in ESS would pay attention to outbound traffic.

    I doubt that ESS' firewall (or any firewall) is perfect. Assuming that bad things will never get in is a bad assumption.
     
  8. Number99

    Number99 Registered Member

    Joined:
    May 16, 2007
    Posts:
    29
    Location:
    Sweden
    Why don´t you just switch to Interactive Mode?;)
     
  9. rahx

    rahx Registered Member

    Joined:
    Nov 13, 2007
    Posts:
    22
    Personally, I use HIPS alongside ESS, and so far I have not had any problem with leaktests (well, I haven't tried the ones on Comodo's website but all others were blocked when I tested them).

    If you are not comfortable with ESS and an extra HIPS, there are tons of firewall products that have HIPS integrated.

    IMO, firewall should just be, well, firewall. Monitoring traffic is the only thing it's supposed to do. I don't care much about the bells and whistles - I've used them before and I didn't like them.

    Just my 2 cents...
     
  10. Alf_

    Alf_ Registered Member

    Joined:
    May 7, 2007
    Posts:
    48
    Location:
    The Netherlands
    Luckily for me I don't have a teenage son (AFAIK) :D :rolleyes:
     
  11. joeschmoe

    joeschmoe Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    6
    I did and it still didn't work!!!
     
  12. ASpace

    ASpace Guest


    But if your teenage son is smart enough to touch there he is also supposed to be smart enough not to let anyone burglar your house and computer , right? :thumb:
     
  13. SecMonk

    SecMonk Registered Member

    Joined:
    Sep 21, 2007
    Posts:
    19
    Sorry, but that is a short-sighted approach to security (with such an approach, you wouldn't need any outbound firewall -- but ESET still produces one).

    What you talk about is an ideal state that is unreachable in reality. Even the best AV (which NOD32 is) can NOT catch every new unknown virus. It is impossible (you may get to 99% but not to 100%). The advanced heuristic module can catch unknown new malware, but according to independent retro tests, it catches only about 80-90% (which is very impressive, but still not 100%).

    So, there will always be some malware that makes it to your machine in spite of your antivirus.

    What to do next? First of all, you need to have a leak-proof outbound firewall, so that the malware cannot send your data to the net and cannot receive commands from hackers. That's called pro-active layered security.

    It is absolutely naive to believe that AV will catch 100% of malware and so allow one to tolerate weaknesses in the firewall. You need additional layers of different kinds of protection. That includes an excellent 100%-leak-proof firewall (plus HIPS to prevent installation of then unknown kernel-space malware and possibly using VM sandboxing to isolate mission-critical private data).

    It is imperative that ESET makes their firewall as leak-proof as possible. Otherwise, their firewall is useless, and I'll use a firewall from competition. Seriously.
     
    Last edited: Nov 26, 2007
  14. SecMonk

    SecMonk Registered Member

    Joined:
    Sep 21, 2007
    Posts:
    19
    Seriously, why produce and sell an outbound firewall, if it's only half-effective? Answer this simple question please. This is usually called snake oil.
     
  15. Alf_

    Alf_ Registered Member

    Joined:
    May 7, 2007
    Posts:
    48
    Location:
    The Netherlands
    Again, you have to ask an Eset representative, I just write here what I read in this forum about this.
    o_O
     
  16. SecMonk

    SecMonk Registered Member

    Joined:
    Sep 21, 2007
    Posts:
    19
    I know that. And I addressed my post to them, not to you. Don't worry.
     
  17. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    I think a simple in & out rule based firewall is what a lot of people would of apprecited more & FWIW no AV is going to catch everything & yes I would like to see what's dialing out...
     
  18. Jeff Bellune

    Jeff Bellune Registered Member

    Joined:
    Dec 16, 2006
    Posts:
    21
    Unless he is determined to download/access whatever-it-is, regardless of the warning flags that he encounters and heedless of the potential consequences.

    Teens are supposed to be smart enough not to do a lot of the bad things they do. If we could count on that, then we wouldn't need to set curfews or enforce rules by curtailing or limiting their fun stuff like cell phones and iPods and weekend activities.

    Plus, we have to allow for the fact that even the best of us will make mistakes sometimes. :)
     
Thread Status:
Not open for further replies.