Why does ESS fail leak test with all modules activated?

Discussion in 'ESET Smart Security' started by enron, Apr 26, 2009.

Thread Status:
Not open for further replies.
  1. enron

    enron Registered Member

    Joined:
    Apr 26, 2009
    Posts:
    2
    I understand why ESS performed so poorly on the Matousec.com tests with only the firewall module activated. However, I ran the Leak Test at:

    http://www.pcflank.com/pcflankleaktest.htm

    ESS did not even make one authorization prompt after a fresh installation in interactive mode. Some random exe can open, launch internet explorer and leak text to a website but I have to authorize firefox. :|

    Is this just some completely artificial proof of concept or is this something that should be addressed?

    I don't want to come off negative, because over all I am very satisfied with the performance and integration of the suite. But this test result is disconcerting.

    *Edit: I am using version 4.0.424 and replicated this on two computers running Vista x64
     
    Last edited: Apr 26, 2009
  2. DarrenDavisLeeSome

    DarrenDavisLeeSome Registered Member

    Joined:
    Mar 23, 2009
    Posts:
    315
    Location:
    Riverside, CA U.S.A
    What a load of crap.

    Like an inexperienced user is going to know how to send something resembling malicious code.

    Whoopee, they now my IP Address. So I can send a line of text over the internet to somebody's so-called test server...big deal. Doesn't prove a damn thing.

    My impression is that they're all meant to invoke and spread a lot of fear for the inexperienced users, possibly trick them into buying something they really don't need. If you ask me they're nothing more than hoaxes and gimmicks. They've been around since the dawn of the Internet.
     
  3. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    I just checked out this supposed leak test. All it does is send a packet over port 80 to pcflank, just like any browser does when it connects to a website or port 443 for https. The amusing part is that even when you block the communication to pcflank, it still notifies you that you failed the leak test. Checking their site showed no text message that I sent.

    Basically it's just as Darren said - a scam and a pathetic one at that :thumbd:
     
  4. enron

    enron Registered Member

    Joined:
    Apr 26, 2009
    Posts:
    2
    I agree that site may be shady and possibly even a scam. However, I still believe that Eset should not allow any traffic to leave my computer without authorization whether its port 80 or not. Especially from some shady executable that may be a "scam".
     
  5. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    Hi Enron

    Without going into great detail, I'll explain what this leak test does. Basically it injects code into IE's address space and 'forces' IE to execute the code. Seeing as you most likely have permission set for IE to access any site over port 80, you'll therefore receive no alert.

    If you're concerned about this, you could look at complimenting ESS with a host intrusion prevention system (HIPS) or running your browsers, any suspicious executables and opening any strange attachments etc in a sandbox.... or both.

    regards
    stackz
     
  6. Handries

    Handries Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    75
    Location:
    Canada
    This leak test does'nt look very kosher to me as well.
    Instead I would suggest, use Steve Gibson's LeakTest 2.1. which is much more accurate and reliable, I've used it for years myself to test various firewalls and it will be unable to connect to the grc server when blocked by ESS 424, with the firewall set on the interactive mode.
    Free download from: http://www.grc.com/lt/leaktest.htm
     

    Attached Files:

    Last edited: Apr 28, 2009
Thread Status:
Not open for further replies.