Networking stack flaws

Discussion in 'ESET Smart Security' started by guest, Apr 16, 2009.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    Hi

    I am an advanced computer user and I use eset smart security 3. I LOVE the anti virus and the firewall, even if it is a basic, is exactly what I need.

    Now, I am protected in about all ways, but I want to know about flaws in ip or tcp protocols and networking stack.

    What if a packet comes to my computer. Is ESS looking at it to see if it is completly valid? If yes what does it looks at? At the end, the tcp or udp payload will be analysed by the antivirus, but I want to know before. Some remote code exectutions in the networking stack of various os have been discovered in the last years and I wanted to know how ESS 3 protected me from that.

    So is ess 3 looking at the ip and tcp header for unexpected data and maliciously (just unusual) crafted packets?? What it is looking at?

    Thanks for your help

    Alex
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Alex,

    I did not complete my testing as I wanted to give Eset some time to resolve reported issues.
    From the minimal tests I did make, which are from my own testing (not official).

    This is filtering of returned packet from an outbound request/connection;-

    TCP is being checked to IP/Ports, flag filtering to remove illegals, and various IDS interceptions(complete tests still to make)

    UDP, I only looked at DNS (as I was looking for the problems with the DNS attack reports) This is checked to IP/Port, transaction ID, checked for size/ correct format of payload for protocol (unexpected data packet is dropped).

    I will give it a few more weeks for Eset to sort out any problems, then will make full tests.

    - Stem
     
  3. guest

    guest Guest

    THANKS!

    Thank you for your answer! I was started to think that it was impossible to have an answer here...

    Anyway, I still use ESS version 3 (the bugs of 4... and 3 works well so I don't see why I would change!) so... is the things you say are tested in the version 3 or is it different than version 4?

    Thanks

    Alex
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Alex,

    I have just downloaded V3, so I will check it out and post back the info.


    - Stem
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Alex,


    I have just made some quick tests on V3 and the TCP UDP filtering are giving the same results.
    The changes in V4 firewall appear more around the ARP and the extra modes. So you are OK.


    - Stem
     
  6. guest

    guest Guest

    Wow! Thanks a lot for making all those tests! I would be able to do them myself, but I don't have the hardware I would love to have... I only have one pc (and I can't afford to install stuff for testing on this one...) ... I should get a cheap pc used only for testing stuff...

    Anyway, If ESS is protecting me at the ip, tcp and udp packet header level (for maliciously crafted packets targeted at flaws in windows networking stack, even if they are still unknown...) I should be protected...

    I mean, ESS protects for this, my router protects for inbound traffic and for some kind of attacks (spi firewall...), my av protects for viruses and noscript with firefox takes care of the payload of the http packet... The only way to infect me would be by using a unknown flaw in Firefox and also be able to disable all the security of vista (DEP, UAC and all that stuff)...

    This, with a minimum ammount of intelligence will be able to prevent all problems ;)
     
Thread Status:
Not open for further replies.