bld
-
Posts
14 -
Joined
-
Last visited
Posts posted by bld
-
-
Please refer to the old post below. Has SSL scanning (HTTPS/IMAPS/POP3S) finally made it into the macOS product yet?
Old Forum Post about lack of SSL Scanning
I first started asking about this NINE YEARS ago.
-
You're missing the point. You do state in your product literature that you support email and web site scanning, and to the average user the fact that you are not scanning SSL email or SSL web sites means that you will be skipping most of the content they would believe you are. Quickly, here are a few comments from product pages that I think overstate things at best:
"Comprehensive security and privacy online" . <-- the exclusion of email and web site content (the vast majority of which is encrypted) is hardly "comprehensive"
"Antivirus and Antispyware built on our record-breaking ESET NOD32® technology will help to protect your Mac against malware. Anti-Phishing steers you clear of websites stealing usernames and banking details." <-- "built-on" implies a superset of NOD32, and the Mac product doesn't even have feature parity, much less a superset. You also can't claim anti-phishing for non-encrypted email or web sites, so again the vast majority of that content.
And listing out the ports normally reserved for encrypted POP and IMAP in the default settings is misleading even for knowledgable users. When I saw that, I really had to double check that you meant.
IMO, you absolutely shouldn't be shipping this product without SSL email and web site support and probably not even without NOD32 feature parity. But if you're going to do so, you should be making a much bigger deal of the lack of SSL support, rather than making users figure it out by your lack of explicit mention. This is an expected feature of a security tool -- and for you not to have it is bad enough -- but to present things in such a way that it's hazy to end users is awful.
And I still am just stunned that here you are SIX YEARS later not having done so -- just indefensible.
I have said all that I can say on this. Either you'll recognize the huge loss of trust and try to fix it -- or you won't.
-
One of the most serious concerns today are phishing scams, which require inspection of actual email and web content. You are simply unable to do that today for a Mac.
And as far as malware goes, while your point about real time scanning is not without merit, I know you're certainly aware that recognizing the signature of malicious software before they start executing is far more effective at containing damage. Real time file system protection is of course vital -- but malware can still do a lot of damage even with that if it executes at all. The worst thing, however, is that most users are going to think they have a level of protection they do not -- even I, an experienced software engineer, had to really look twice to know that you weren't doing what your marketing materials claim. That's inexcusable.
I still feel like your response was a deflection. To ever consider this product for the Mac again, personally, I need to see executive management take real ownership, apologize and explain the lack of this critical functionality all this time and the deceptive marketing. I'm sure the vast majority of people buying this product right now think they are getting something they are not. It's not right that it takes people like me in your forums to point this out. It's that bad -- and until I see something in a public forum -- maybe even a big letter on your web site -- there is no way I'd entrust my Macs to your software. This is so bad it's making me take another hard look at NOD32, which I've relied on for years. You're in the trust business -- and ESET blew it big time with this. Frankly, I don't see how the Mac product was ever allowed out the door without secure email and web content scanning -- and the fact that you still don't have it after SIX YEARS is really just so absurd as to be beyond rational defense.
BLD
-
Tomas,
Thank you for taking the time to respond. However, the "analyze and prioritize" argument just doesn't pass muster. Phishing and malware in email and web sites are arguably two of the top most important security issues on any platform, and that content in email is extremely likely (probably close to 100%) to be over SSL (I can't think of a single client on any of my machines that uses unencrypted traffic for email). Web site traffic is less likely than email to be encrypted but it's still very significant. The fact that you have gone SIX YEARS not covering this HUGE GAP in your security coverage does not give me faith in the tool whatsoever. It makes me extremely uncomfortable that ESET during this time continued to market the product as if it had this coverage when in practical terms it did not at all. I know "false advertising" and "fraudulent" are strong words, but that's how bad I think this was.
This is very sad too, because NOD32 is excellent.
I think at this point -- to have any hope of restoring user confidence in this product -- it would take a letter from your executive management posted here explaining without deflection why ESET so completely dropped the ball here.
BLD
-
I just downloaded the early access verision 6.7.400.0 that you appear to have posted just last month. I was hoping the docs were just out of date.
First off after the install, the launch of ESET COMPLETELY hung my machine, including commands as root in Terminal. I had to hard reboot my machine.
Now on reboot things appeared to look promising as ESET proceeded to as me about permitting a ton of outbound connections. And the screen for email looks promising in the preferences because it references the secure ports used for POP3 and IMAP. But are you saying that's a red herring, and that ESET can't actually scan encrypted data on those ports?
So nope -- still no dice on secure email or web sites, As I mentioned in the original thread, I'm a software engineer familiar with stacks on both Windows and Mac -- and there's no way it would take SIX YEARS to provide SSL integration with these protocols. And you're still promoting email scanning in your literature and even worse showing the ports normally reserved for encrypted traffic in your POP3 and IMAP preferences. I'll repeat -- that's flat out deceptive. Shame on you.
I'm the fool for wasting another 30 minutes on this product -- installing, rebooting and cleaning it away from my machine.
-
Wow -- I opened up the original thread in 2013 and almost SIX years later, after a scan of the current user guide, ESET on the Mac STILL hasn't reached feature parity with NOD32 to offer scanning of secure email and secure web sites. Pathetic. This is clearly not a serious product.
-
For crying out loud, is Eset for Mac *still* not even remotely close to parity with the Windows product? No IMAPS/POP3S/HTTPS scanning yet? Ridiculous! Come on Eset -- the product is seriously crippled without that.
-
No, I have found no viable alternative. And I think ESET's claims for email-scanning under MacOS X border on flat out fraudulent advertising.
-
Marcos,
I'm glad to see that other users are chiming in -- I do hope that ESET Product Management will prioritize this highly. The lack of it was enough to make me demand a refund -- I was completely shocked that ESET Mac did not have it. I think your post deflects too much -- ESET claims that it scans outgoing/incoming email. In practical terms, unless it supports SSL, it cannot possibly be living up to this with the vast majority of SMTP/IMAP/POP transactions (and this will only become more so as another poster already noted). In my opinion and apparently others', this is a major feature hole and frankly bordering on false advertising. I would not be surprised to find that many of your users think they have email scanning when in fact they do not. At a bare minimum, ESET should call out this issue boldly in the Mac product marketing materials.
As someone familiar with the networks stacks between Windows and MacOS X, I can tell you that your excuse on the development time is just that, an excuse. Since you have already incorporated SSL into your Windows products, the integration into your Mac line should be, if the code is factored well, quite straight-forward. It is true that Windows and MacOS X have cosmetic differences between their APIs for accessing SSL, but functionally they are largely equivalent. And I would presume that your QA testsuites, both manual and automated, should also translate between Windows and Mac with some but not substantial effort. Given that this is a major feature gone missing from the product, I would hope the remedy is imminent. But given your deflection, I am not too hopeful.
-
I find it mind-boggling that mine would be the first request. Most mail servers these days require external connections through SSL.
Why would a feature that you support in NOD32 for Windows have just been blithely dropped in the Mac version?
When Eset Cyber Security (Pro) supports HTTPS/POP3S/IMAPS scanning and smooth integration with the default mail application under MacOS X, Apple Mail, then I will consider it again.
-
And the same is true for HTTPS scans for web browsing. Eset for MacOS just doesn't handle SSL over HTTP, POP3 or IMAP.
Sorry, Eset, but this is just BROKEN and USELESS. Can't believe no reviewers called this out.
-
I turned on the options to always append tag messages to subjects and footers of scanned email, and added the IMAPS port 993 to the IMAP oirt list one the chance that would work. Eset didn't see or do anything with IMAPS email.
So this feature is definitely missing from the MacOS X version of Eset -- and as far as I'm concerned means that the Email Scanning feature of Eset under MacOS X is for the most part never actually seeing any email in real world deployments. This renders a huge portion of the product moot.
-
Unlike the NOD32 for Windows settings, I only see 'Enable IMAP protocol checking' and 'Enable POP3 protocol checking' in the Email Protection Setup. There is nothing for IMAPS or POP3S as there is under NOD32 for Windows.
I have opened a case with ESET tech support to get a definitive answer if the feature is justing missing from the Mac product or the UI just masks it. There are also no settings for Email Client integration. Tech support also told me ESET only integrates with Outlook for the Mac, not Apple Mail, which is by far the most commonly used mail application under MacOS X.
If these features are missing, I don't know how ESET can call this a serious product for the Mac. No email client configuration I've seen in years is going to connect via unencrypted IMAP/POP3/SMTP to its mail servers.
SSL (HTTPS/IMAPS/POP3S) scanning in macOS product yet?
in ESET Cyber Security (for Mac)
Posted · Edited by bld
In the thread I linked above, you said the same thing: "SSL filtering will be included in v7 products which are planned for 2019/2020." It's now almost FOUR YEARS past that.
I see the macOS product is still the same crippled thing it has been for a decade. Clearly, this is never going to be fixed.
This is so disappointing and disgusting that you have finally shaken my faith in NOD32 for Windows too. My 3-year license is expiring, which is why I was back here looking. You could have had me for both platforms -- but trust has finally been eliminated. I am no longer your customer.