Failed Leak Test..............

Discussion in 'ESET Smart Security' started by pac73, Mar 18, 2008.

Thread Status:
Not open for further replies.
  1. pac73

    pac73 Registered Member

    Joined:
    Jan 7, 2007
    Posts:
    23
    Location:
    Merseyside,England.
    Ive just tried the leak test at GRC and ESS failed.

    The result actually says...."Leaktest WAS NOT PREVENTED from connecting to The Gibson Research web server.You either have no firewall,you have deliberately allowed LeakTest to connect outbound,or (if neither of those)LeakTest has slipped past your firewall,s outbound "protection",if any.:eek:

    This has really surprised me to be honest,as i used to have Zonealarm,and Online Armour which both passed the leak test.
    Could somebody explain to me why ESS failed.
     
  2. Jenee

    Jenee Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    185
    May depend on whether you have ESS set to Automatic or Interactive and whether you actually allowed the connection.
     
  3. Waterfox

    Waterfox Registered Member

    Joined:
    Mar 3, 2008
    Posts:
    118
    Location:
    Sweden
    Hello, what kind of filtering mode do you have for your firewall? If it's in an automatic mode then it would probably let leak test through, try setting it to interactive mode and see what happens.
    You'll find these settings in the setup under "personal firewall - filtering mode" in ESS.
     
  4. pac73

    pac73 Registered Member

    Joined:
    Jan 7, 2007
    Posts:
    23
    Location:
    Merseyside,England.
    Jenee,and Waterfox,you were spot on:D

    Once i set the firewall to interactive,it passed the test.:cool:

    Thanks guys.
     
  5. alloucho

    alloucho Registered Member

    Joined:
    Dec 26, 2007
    Posts:
    145
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Wrong. The test is realted to the firewall itself and does not take into account that the whole suite protects you against malware exploiting the weaknesses they tested solely with the firewall.
     
  7. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    That is true, Marcos. ESS will prevent the malware from infecting your computer in the first place, but still... if you market it as a 'Security Suite', isn't it fair to demand better protection than the result shows in the test? I mean, come on. The test claims ESS can be disabled/terminated easily by some other software; that is something I, as a customer, never can accept.
     
  8. pac73

    pac73 Registered Member

    Joined:
    Jan 7, 2007
    Posts:
    23
    Location:
    Merseyside,England.
    I don,t really care about those test results as i don,t go to any dodgy sites.Maybe if i seen a report that tested the full security suite and then those results were poor,then maybe id think about alternatives.
    Im really happy with ESS,its good on resources,and it keeps you well protected.What more do you want??
     
  9. Jenee

    Jenee Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    185
    I couldn't agree more.
     
  10. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Agreed.
    But the test clearly shows that ESS has a lot to improve; perhaps not when it comes to malware protection... but with leaktests/unknown malware which terminates the protection etc.
     
  11. stratoc

    stratoc Guest

    i just wish companies would stick at what they're good at. for years nod has been the best av imho by miles. i wouldnt buy any suite for this reason.
    you have to remember people new to nod seeing that report would probably not buy it. however looking at the tables a year ago they would.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd say that the ThreatSense engine protects you against much more malware than covered by the leak tests. We have optimized the engine for detection of malware that exploits the weaknesses used in leak tests. The thing is the firewall itself doesn't check files for malware, there are other scanners that do that and thus the whole suite protects you perfectly.
     
  13. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    You should realize, Marcos, that you're fighting against years of clueless newbies misinterpreting and extrapolating Matousec test data. An uphill battle at best. There should at least be a sticky on something like this.
     
  14. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    As I said, and as you've hopefully read, ESS will stop malware before it even infects your cumputer. That is not my point. My point is that, for instance, it can be terminated by other applications. There's no self-defence.

    As an avid NOD32 fan I know the ESET NOD32 AV v3 is one of the best. I'm just saying I wouldn't use ESETs _SECURITY SUITE_ before it implements self-protection/HIPS.
     
  15. saffron

    saffron Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    82
    If ESET programmers spent a few hours "teaching" NOD32 how to recognize all the useless rubbish included in scans by many AV testers, without making any other changes to the program, the forums would be flooded with posts praising ESS as great anti-virus.

    Why don't ESET programmers do that? Because it's dishonest!

    If ESET programmers spent a few hours "teaching" ESS how to recognize Gibson's and Matousec's leaktests, without making any other changes to the program, the forums would be flooded with posts praising ESS as a great firewall.

    Why don't ESET programmers do that? Because it's dishonest!

    I prefer honesty to snake oil.
     
  16. saffron

    saffron Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    82
    Well said!
     
  17. kingaljr

    kingaljr Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    22
    Wah Wah.
     
  18. techcafe

    techcafe Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    13
    nevertheless... the ESS firewall is a mess, and DOES need a lot of work
     
  19. matt_w

    matt_w Registered Member

    Joined:
    Apr 15, 2008
    Posts:
    2
    I am looking at my options for a security suite, and know that the NOD32 AV is second to none. From ESET's own responses about the firewall being the weaker product from the suite (did I interpret your responses correctly there?) and also user opinion it looks like I would be better to purchase NOD32 AV and a seperate software firewall...
     
  20. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Hi,

    It all really boils down to whether you subscribe to ESET's ideology. Matousec's idea of how things should be done is that a good firewall should alert the user about everything, whether good or bad. On the other hand, ESET thinks that malicious programs that try to connect to the internet should be identified by the antivirus engine and quarantined away completely. So you pick the concept you're more comfortable with.

    A word of advice: do not count too much on your belief that NOD32 AV is "second to none". Many people have done that, and many have either been disappointed or faced the consequences of believing so.
     
  21. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I take liberty to correct you: A word of advice: do not count too much on your belief that a specific antivirus is "second to none".

    The thing is no AV program catches 100% of all threats and no firewall 100% protects you againt attacks, unless configured too restrictively.
     
  22. matt_w

    matt_w Registered Member

    Joined:
    Apr 15, 2008
    Posts:
    2
    I agree with the comments, that no security can protect against everything. I am fully aware of this, but I do believe NOD32 AV is currently better than any competing comparable product.

    However this opinion that malicious programs should be identified by the AV and not by the firewall - why even produce a firewall suite if you believe that?

    It has reaffirmed my opinion though that I should steer clear of the NOD suite, and go with their AV and Online Armour or Comodo for the firewall.
     
  23. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    NOD32 ranks as a top-tier product in my book, but among the other top-tier products (Symantec, Avira, Kaspersky) it is the worst one as far as detection goes. That's what my limited personal experience shows me, so feel free to take or disregard that at face value.

    Simple: because the job of the firewall doesn't end at stopping programs from connecting outwards; in fact, that's one of the last things a firewall should be doing. Again from personal experience, ESS excels at inbound protection, and has a very nice IDS that includes the ability to stop DNS cache poisoning (and man-in-the-middle) attacks. It also provides basic outbound control, meaning it does ask you when a program tries to connect. But it doesn't defend against application-level manipulations to hijack the OS and/or other programs to bypass the firewall. Processes that display these capabilities are clearly malicious in nature, and ESET's philosophy is to let the antivirus part of the suite deal with them.

    But like I said, it's up to you. Choose the approach you feel comfortable with. But I, for one, applaud ESET for not falling for the mass hysteria and bowing to pressure created by Matousec's "tests". It's one thing they got right, at least.
     
  24. Nitrous

    Nitrous Registered Member

    Joined:
    Feb 4, 2008
    Posts:
    29
    Location:
    Russia, St.Petersburg
    So...Eset thinks that malicios software must be already on my computer trying to connect to the internet, and then antivirus module will detect this threat. Is this correct? So what I must do, if this malicious program terminate antivirus module completely when I will be offline? I'm paying money for security suit and not for good anvivirus + bad firewall + "so-so" antispam:mad: :thumbd:
    P.S. Sorry for my english:D
     
  25. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    No, ESET thinks that the threat will be detected and blocked/quarantined as soon as it tries to enter your system.

    If ESET detects the threat and blocks/quarantines it, how will the threat terminate the antivirus module?

    But here ESET's arguments fall apart. What if the threat goes undetected by the antivirus module? Granted, ESET is good, but not excellent, and far from stellar, when it comes to detection, in part thanks to their attitude when it comes to adding detection for new samples?

    But again, the answer to that question lies not in an "invincible" firewall, which creates more problems than it solves. ESET has the right idea in preventing infection in the first place instead of containing infections that have already taken place. The question the user should be asking is "what should I do to improve my defenses against infection?" rather than "how should I make sure the virus stays in my computer and doesn't get out?"

    The firewall is quite good actually, since it does all the things a firewall is supposed to do. What Matousec "tests" (and tries to get unwitting newbies to believe should be the tasks of a firewall) are features that rightly belong in HIPS instead. If you want a firewall that has HIPS capabilities, that's all well and good. But for those of us who don't subscribe to the belief that more useless popups equals more security, however, a firewall like ESS' and a good behavior blocker/sandbox is the way to go.
     
Thread Status:
Not open for further replies.