Failed Leak Test..............

All of these defenses of ESS are well and good. In fact I rather enjoy ESS.
But it seems the big issue from this thread ESS defenders keep side stepping is


ESS has no self defense. Its very own process can be terminated by malware!


Can some of you defending ESS please say something about this?
Ok, so it can detect threats but that's pointless if ESS becomes disabled and can't do anything about it.
I hope Eset addresses this serious flaw soon.

 

Some simple thinking would've provided you with the answer to that question. If ESS detects and quarantines the threat, how is it supposed to disable ESS?

What is self-defense, anyway? Nothing but hype and BS. It's only sensible to talk about self-protection when you can prevent malicious programs from running with the same access rights as the program you're trying to protect. Otherwise, it's nothing but a bag of hot air. All those other antivirus software that claim to have "self-protection" can all get disabled within seconds. All they do is stop the more common tricks like blocking taskmgr.exe, but there are ways to kill them and it can be easily done by any malware writer who wants to. But they provide a false sense of security, and I guess that's what matters to most people.

If you want to protect your antivirus from tampering, you should consider a HIPS, Windows group policies or limited user accounts, not asking for snake oil in the form of "self-defense" that does nothing other than placate you and make you feel good.

 

I've lost count how many times Nod has saved me from trojans that were on seemingly innocent song lyric websites. Your scanners certainly do the job.

FTR, I only accessed those websites for cds I bought that did not contain the lyrics in the sleeve. Lyrics are important to me as I love to write myself...

 

Marcos: while I will agrre every day with this statement you have just wrote, It is also true that when you are selling a Security Suite (not just an antivirys) perseption of Bullet Proof concept becomes VERY important.
Regardles of what common sense dictates most of the time you are dealing with people that just sits on there computers and use them, trusting blindly on what they see and read from "experts" like Matousec and Gibson and they tend to take their word for what they state as "a secure firewall" or what ever they are "testing" so you have to realize that it is most times a question of perception rather than reality and even if this was not the case, the point is that they tested ESS's firewall and not the suite (as it is their right) against not just suites but also firewalls and their opinion is that the firewall could do much better in terms of detecting leaks.

Personaly I don't think so, BUT there is also true that some technologies have evolved and realy pose a Security improvement, like HIPS for example, and it's implementation (while risky) could be a good move.

In any case I already bought ESS and I think it rocks!!

 

?? I was critiquing a product not calling your sister ugly.

I enjoy ESS for protecting my home computer. Not sure I'd use it at work. If I get your comment you are assuming malware can't kill ESS if the malware is quarantined. Using your example my point was between detection and quaratining if the process is killed then the whats the use. It's an issue of when. I have twice seen other major security software detect malware and then become impotent as the security software was brought to a crashing halt Before the malware could be isolated in quarantine.

HIPS does solve a lot. But it's rather duplicitous for a company to advertise a comprehensive security suite then turn around and say they are leaving known holes in it which can be overcome with additional third party security software. Defeats the objective of comprehensive.

Nothing's perfect. But how hard could it be for Eset to try and strengthen the code against process termination? And then offer an optional HIPS plug in for the crowd who believes that is important. Those who don't can go without the plug in. Everyone's happy.

 

I get short on patience when forced to explain the obvious.

What you have just described is the hallmark of a security software with some very serious flaws. Assuming that that security software is an antivirus, and what you said is true, that antivirus allowed the threat to execute unhindered even though it was detected. ESS has its flaws, but it's not this stupid.

No one company can do it all. I daresay this is as comprehensive as any individual company that needs to stay focused can get, and as much as the general populace would expect. We need to stay grounded to reality, folks, not to mention your logic is a never-ending one - ESET could do what you said, and someday along the line you'll be asking why they aren't writing their own NDIS network drivers and producing their own OS security patches if they claim to provide comprehensive security.

Already explained. "Strengthening" your processes against termination is a token gesture at best, and snake oil at worst, if everything else also runs with admin rights. Why would you want a false sense of security, instead of REAL security?

 

I wasn't calling ESS stupid (or an ugly sister or a silly poo poo head.) I don't have lots of technical expertise. I was just expressing a concern as a customer from what I have read in this thread. Wondering if a process could be killed why is it possible at one juncture in the detection and infection timeline but ludicrous to suggest at others junctures in that same timeline. I don't have the technical expertise to understand that.

My logic doesn't need insulted for you to defend a software product thank you. And anyone can project a course into the future, point at a hypotheical absurd future and then dispose of the original suggestion as absurd. (ie. If I buy my kid that ice cream cone he will come to like it so much all he does is eat ice cream cones and he is guaranteed to be obese by 25 years old. Therefore ice cream should never be sold anywhere in America ever again and my kid is a weak minded fatso.) Hmmmm ........ logic.

In dealing with reality and not suggesting Eset produce everything in the world, the idea of a HIPS plug in would be good for everyone. Those who want HIPS are happy with Eset. Those who don't want HIPS don't use the plug in and are happy. And Eset gains and retains more customers which probably makes them happy. My customer suggestion and feedback.

I don't have the knowledge to reply to the first part. Second part good point. I totally agree with you.

 

You say that self protection is token gesture...ok let's see...if we take that way then I can say that every feature in security software is token.

maybe off topic but here's an example: in ESS you have a option to enable "ARP poisoning attack detection"...the fact is that nobody of ESET developers didn't answered questions related to ARP defense in ESS...see for yourself:

https://www.wilderssecurity.com/showthread.php?t=201338
https://www.wilderssecurity.com/showthread.php?t=205722

from my point of view that "feature" can give false (not REAL) sense of security!

About leak tests...that's for HIPS...I'll always go for good inbound firewall instead of leak proof firewall.

 

the guy who tests firewalls is not quite all there IMHO. He's very negaitive. ESS is a good program and has good detection. I feel secure using it but like anything it isn't perfect. Mr M feels he has a right to take any firewall & find fault with it. I have always said if you looking for negatives I'm sure you'll find one...if you looking for positives you see that too. It all depends on your point of view...

 

I guess you missed the sentence where I said we need to keep our feet on the ground.

Personally, I'm guessing that won't happen. Not worth the invesment spent to appease an overwhelming minority, and there's already quite a few good (and free) HIPS floating around. Not to mention that many people who ask for HIPS, really don't know anything much about what they're clamoring for.

 

This is all nice and well when looking at known threats. Why allowing yourself to get compromised "easily" in case new, undetected malware hits you (that might even exploits known ESS specific flaws), or the user didn't get the latest update, etc... sure there are all these options to detect heuristics, etc, but isn't is false sense of security by solely trusting those measures instead of also deploying additional measures in case something does slip through - and it always does in the real world?

IMHO lab tests have one major flaw - they take the human (user error) factor out of it, which is the biggest problem with everything security related.

 

Use the built-in security tools of any modern OS. Create a standard/limited user account and only elevate privileges when needed.

 

LEAK! LEAK! LEAK! LEAK! "FFS" Shut Up About Leak Tests If your that Naive to believe Leak Tests mean a ****!, Then God Help You

 

Actually, the entire premise of the importance of the firewall per se is fallacious. Who cares? There are factors far more important in computer security than the firewall- like keeping malware from executing in the first place. Failed/passed leak test- what difference does it make?

 

Nod32 has always had excellent detection of malware, meaning that it kinda leaves the leaktesting results of the firewall redundant anyhow. Use Nod32 with Spyware Blaster & WinPatrol ( both free ) and I doubt anything will get through without you noticing. Unless you really like your porn, warez and illegal music from untrusted sites, you don't have too much to worry about anyway...

 

I have ESS, which must be complex protection against everything... and if ESS does not protect me from such simple thing as leaks than it's worth nothing...

 

Why don't you just switch to interactive mode then? That way you will control everything coming in & out.

 

I think the firewall may be too good, actually. In the sense that the pre-defined rules restrict critical system services for AD domains to function properly. Also, I imagined ESS Firewall's performance to be as good for firewalls as NOD32 was for virus protection, however this is not the case. ESS firewall runs sluggish somewhat on systems vs Windows Firewall, causing things to time out and perform slowly. Web pages load slower, connection to remote desktops is slower, vnc sessions, etc.

See this thread:

https://www.wilderssecurity.com/showthread.php?t=207317

 

Can't say I've noticed a performance slug myself. I found the firewall to be perfectly adequate and lets not forget that its the first year of the suite. Things will improve, not that I believe much improvement is needed. What I would like is for all incoming to be auto-blocked or in cases where it can't allowed and only control over outgoing. This will be great as most people can easily set outbound permissions but inbounds are a new territory for many.

 

Shhhhhhhh. Folks, calm down. First, I cross-swapped ESS for NOD32. I heard discussions about the leaktests, but that is not the primary reason that I did.

While I had ESS I downloaded, or attemted to download, all the leaktests from
http://www.firewallleaktester.com/
but the antivirus module of ESS stopped some downloading, and stomped others when I tried to run them, It stopped all except two, but they were neutered by system policies. I forgot which. I have go search for my results. But it did much better than the Matousec tests show for only the firewall. System policies are important too. My cousin uses system policies (XPPro), Windows Firewall, and AVG Free, along with Rootkit Unhooker and Gmer; she has never been infected.

Here is why I swapped the suite for the av of Eset. Hope my reasoning is not too tortuous. I don't use the major selling antiviruses Norton, McAfee, and Trend Micro because malware creators aim at them, try to devise ways around them. Malware creators target Windows for the same reason, and are beginning to target Apple's more too. I also don't like those three for other reasons, but some of those are not relevant now for this discussion. The ISP/cable company that I subscribe to uses McAfee on its servers and they give it free to their customers. I do not use McAfee for a very good reason. If a new malware slips through their McAfee, it will probably get through mine. That is why I've used AVG, CA, Avira, Avast1, ClamWin, several others, yea, even the notorious Norton until it conflicted with about eight of my production programs. I figure that if you choose an av from the top five or so according to independent testing that you are okay. NOD32, Kaspersky, Avast, AVG Anti-Malware, Norton, McAfee, F-Secure, and Antivir are sometimes among the top ten or so best. I don't use the best sellers and the one my ISP uses. I choose from the ones that remain. I am safer because I don't choose a best seller, or the one my ISP uses. I check several independent test sites, peruse online forum discussions, ask friends, associates, and my daughter. I choose NOD32 after all this.
Now why no ESS, I've said that my personal tests exonerate ESS from the charge that it doesn't protect against leaktests, so that is not my consideration. My music system is made up of separate components, one from Denon, one from Pioneer, one from Onkyo, and one from Technics. Gone is my desire for all in one unit where one unit malfunctions I have to send the whole unit to the shop. I apply that to computer defence. I want a firewall separate from my av. The antivirus and antispyware belong together though. I chose Online Armor because it is low ram usage and a good firewall, but not because I believe ESS has a bad firewall. Components. I installed ESS on my exwife's computer because she doesn't want the component, extra work she says, approach. her computer remains infection free. It sends me emails to report to me the status.My own system uses a minimalist array that is approved by an editor of a good tech support pub. I sent him my array of NOD32, Online Armor(paid), Sandboxie(paid), Trojan Remover, SpywareBlaster, ewido anti-spyware microscanner, Rootkit Unhooker, and IceSword. If a friend prefers a suite or asks my recommendation for a suite I recommend ESS, along with Sandboxie, Trojan Remover, SpywareBlaster, ewido a m, and Rootkit Unhooker. Tests are important, but not the only consideration. If you check Matousec now, you will see with the added tests to it that Online Armor is not number one anymore but still good.

I want good layers, components, no best sellers, none used by my ISP, and with low ramprint. I have only two realtime security programs, unless you include my PGP Desktop Mail or the security addons of McAfee SiteAdvisor in IE7 and Firefox, or Keyscrambler, RefControl, NoScript, and CSLite addons in Firefox.
I can recommend Eset Smart Security to others without hesitation or doubt. Separate components are just my preference. Any of my defence programs could probably be knocked out by some malware, but not all at once.

This discussion has begun to sound like a dispute between Muslims and Jews, Mac partisans versus Windows users, Democrats and Republicans, and between Obama camps and Clinton camps. I am an expert newbie. I expect you experts to have calm reasoned discussions so that I can learn. You deny me my rightful education when you become too emotional.

 

Hi,
I had the same problem and installed the latest version
of ESS and turned on the Interactive in the firewall.
I then ran Leaktest and it was stopped by Smart Security.