Smart Security 4 fails GRC Leak Test

Discussion in 'ESET Smart Security' started by sziltner, Mar 10, 2010.

Thread Status:
Not open for further replies.
  1. sziltner

    sziltner Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    14
    Location:
    San Diego, CA
    I haven't visited the Gibson Research www.grc.com website for a long time. Today I did and decided to run their leak test on my new Windows 7 install.

    I am running Smart Security 4.0.474.0 and was really surprised when my SS firewall failed the test. :mad:

    Do I not have something set right....I run SS as it comes from eSet with nothing changed. But still it shouldn't "leak".

    Steve in San Diego
     
  2. dwmtractor

    dwmtractor Registered Member

    Joined:
    Dec 9, 2009
    Posts:
    46
    Location:
    San Jose, CA
    Steve,

    To begin, I am only an ESET user and not in any way connected to the company. In the default mode, ESS does not control outbound connections at all, only attacks from inside. The assumption appears to be that hostile activity comes from outside, and attempts to access the internet from within are by definition desired or friendly. As the LeakTest page on grc.com explains, this assumption is not necessarily valid; there are plenty of worms and trojans that connect to the outside world using IRC, chat, or other miscellaneous ports, that could be foiled by an outbound connection inhibitor. We can only hope that ESS catches most of those at install, before they try to phone home :D but if that line of defense fails, the firewall portion of ESS isn't going to stop the activity IN DEFAULT MODE.

    I tested LeakTest by changing the firewall from Automatic Mode to Learning Mode (in the Advanced Setup > Personal Firewall section) and in this mode ESS recognizes LeakTest making the connection and automatically creates a rule allowing it access. That doesn't change things.

    If, however, you change it to "Policy-based mode" it blocks LeakTest successfully. If you change it to "Interactive mode" (which probably makes the most sense) it gives you a choice to block or allow. Of course, many users find that this mode drives them crazy because too many things ask them for permission to use the internet. Frankly, that is a security choice you have to make for yourself--do you want higher security, or less irritation? I can't make that choice for you. ESET have chosen on the side of irritation-reduction by default, but you DO have the power to change that.

    What ESS DOES do in all modes, is stop a great deal of attack activity that originates from outside your computer. Whether that's enough or not, obviously, remains a matter of some debate. As they say, your mileage may vary.

    Cheers,

    Dan
     
  3. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    https://www.wilderssecurity.com/showthread.php?t=203689

    Advanced Search within ESS Forum for Gibson Research produced the above Thread involved with your question. See Marcos Replies in posts #6 & 12 to get an ESET Reply perspective. Read everything & from there you'll either accept the explanation or not.
     
    Last edited by a moderator: Mar 11, 2010
  4. sziltner

    sziltner Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    14
    Location:
    San Diego, CA
    Thanks Dan!!! :thumb: Excellent answer. Now it's up to me.
    Steve
     
Thread Status:
Not open for further replies.