Jump to content


Most Valued Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by rugk

  1. @chrcoluk

    if a client doesn't support HSTS and HSTS is enforced by the server problems occur.

    Well... no that's not correct. HSTS is just a HTTP header and clients which "know" it and can handle it do this the right way they can do it. (And Firefox of course supports HSTS)

    The error you displayed may be based caused by the fact webserver now redirects you to http or otherwise the HTTPS connection failed. And now because of HSTS you are not allowed to skip this warning.



    Your statement is also confusing.  https scanning is off by default, but you have stated without it https browsing doesn't get full livegrid protection, also nod32 online knowledgebase tells people with ssl issues to disable https scanning to resolve them, but doesn't warn they lose proper livegrid protection by doing so.  This is a real problem that needs resolving.

    This was not exactly my statement. So let's go them one by one:

    https scanning is off by default

    Yes, that's correct.

    but you have stated without it https browsing doesn't get full livegrid protection,

    Not exactly. At first I didn't talked about ESET LiveGrid and as Marcos explained today ESET LiveGrid is used by more parts of the software so this is not directly connected to SSL scanning.

    Secondly I didn't talked about "protection". I talked about the fact that the sites can't be scanned which is obviously if they can't be decrypted, so you have to decide if you think this makes your protection better or worse.

    also nod32 online knowledgebase tells people with ssl issues to disable https scanning to resolve them

    Yes I would tell you the same. :)

    but doesn't warn they lose proper livegrid protection by doing so

    Well that's not really needed as it's obviously too. If the scanning is disabled for a feature (which is SSL scanning and so only affects HTTPS sites) it of course doesn't scan the content, also not with methods like ESET LiveGrid. And no that's not really a big part of protection as LiveGrid (and other scanning methods of course) are still used for non-HTTPS connection.


    Just keep one thing in mind (maybe you even confused this a bit here): Protocol scanning is something different than SSL scanning. You should always enable protocol scanning as it is just scanning all non-encrypted communication, which is of course not problematic, but is in fact a big protection layer (which also uses ESET LiveGrid of course)


    If you going to intercept https traffic you need to keep up to date with modern ssl security practices.

    Yes there I can fully agree. So ESET keep on HPKP and DANE or other features which are being introduced by some webservers already and may be get more later!


    I think the way forward with v9 is to replace https scanning with a browser addon, only scan "after" the browser has decrypted the traffic.

    Well this would be a safe possibility, however add-ons have other disadvantages (may be need quite fast updating, e.g.) so this is also not the ultimate solution.


    Ok an update, I have now got HSTS working, it seems I had to enable the root certificate option with firefox closed.

    Yes this seems to do something which the mode ESS/NOD32 uses to "inject" the SSL scanning root certificate into the Firefox root store. So yes you have to do this without closed browser. If you do it without closed browsers a message from ESS/NOD32 should be displayed that you need to close your browsers.


    However running ssllabs test and checking ciphers in use doesn't look good.


    Firefox reports me using TLS 1.0 to view my site.  I don't know if that's the cipher used between nod32 and the browser or between nod32 and the website.


    ssllabs reports no tls 1.2 support, apparently this is coming but seems to be taking its time?

    ssllabs reports no OCSP STAPLING support

    ssllabs reports no session ticket support

    ssllabs reports rc4 ciphers been enabled

    ssllabs reports sslv3 enabled

    ssllabs reports none forward secrecy ciphers at top of preference list (bad)

    Well... that's strange, especially that many indicators there showing different things than Marcos said here SSL scanning would be enabled. On the other hand I don't know how these scans are performed by SSLLabs, but I still have no idea why they would show wrong results. Also it would be interesting to know whether ESS/NOD32 are vulnerable by the Logjam attack?

    If they would have SSLv3 enabled this would be creepily bad, however I didn't think this was the case, but I've also suggested to add an option block all (also client communication) which is trying to use SSLv3, but didn't get any statement from ESET about this until now.

  2. And does it work now?


    And BTW as far as I understand this is the important part:

    when i do run the program (and don't force a shutdown of my user) it always gives me a "blue screen of death".


    "not loading" is a nice term for a BSOD. So if you had mentioned this right in your first post there wouldn't be this confusing and maybe someone from ESET would be curios to get your memory dump for analysing.

    And here are more information where to find these memory dumps.

  3. Well.. according to small look at the Wikipedia article Bonjour is a legitimate software and not a kind of PUA. If something should be detected then maybe an installer which install this (potentially unwanted) software.

    However if the software is needed or used by other software then it may not really be a PUA as it can be considered as wanted by the user.

    It's the same with Google software and their Google Updater. Google Updater is just a part of their other software and needed/used (although someone may argue he wouldn't think this) so it would even be really difficult to classify this as a PUA - I think also for legal purposes as the explanation has to be waterproof for this.

    Some things which doesn't apply to Bonjour which are characteristics of PUA:

    • unexpected
    • third-party software bundled (it's the same "author")
    • it's not a part of an ad(-network)
    • unexpected/unwanted changes (no, just sitting on your disk and maybe in RAM)

    So basically if you're installing iTunes you have to expect that this is also installed. Show your complaints to Apple and not to ESET...

  4. Thanks @SweX and @kakashi no I'm not hating you. I'm just showing that most of your ideas are not "simple ideas in order to make a better product" in an ironical way.

    So if I'm suggestion something I would at first try to write at least in decent English. I'm not an native English speaker too and my English is not nearly perfect, but anyway you can at least try to put the spaces, commas and other things at the correct position. Additionally you can even just use an online translator tool like Google Translator or - if you want to write it yourself - an (Online) dictionary for English to look up words (especially the spelling) and installing an English spell checker in your browser should also not be that difficult.

    Secondly I'd like to remember you about my "suggestions" for you I posted some time ago:

    Okay, seriously now...

    1. This is a feature thread, so please don't report problems here.
    2. Check before posting whether these features are already included in ESS.
    3. The first post in this topic includes an explanation how you should report ideas (for features etc) here.
    4. Also pay attention to the blue message there!


    Also you can't just add some nice sounding words to a feature to improve the feature. Even if ESET adds a "super-intelligent smart enhanced advanced ultra-power-heuristics-engine AI with super turbo fast implementation protection" this doesn't change anything. Calling things like this may be impressive in pokémon games, but in reality that's just gibberish.

    And these are the obvious things which make your post (to say it polite) not that useful, so it also won't help you if add things like "don't ignore this this is important for all the security users" like you did in your last post.

    And I don't want to get into detail now, but in my first reply to your post you can already get some ideas of how useful or reasonable some of your ideas are - and most of the post just consists of quotes from you.


    Anyway just keep in mind that I'm not saying you shouldn't express your suggestions here and of course I'm not hating you. You just have to suggest features which are not taken from a pokémon game and most importantly they have to make sense! And you have to explain your features, just throwing words around doesn't help anybody and as I "explained" your ideas in my first reply you can see what they look like.

    Or tell it as Arey wrote, because I doubt you read the first post (although I've linked several times to it now):

     If you have a specific feature or functionality you would like to see added (or improved) please post it here, but general requests to "make things better" are not helpful because they do not give ESET detailed enough information.

  5. @kakashi

    Just shut off your computer then you have the protection you are suggesting. And your computer will be "turbo speed blocking" any "anti stealth protection" and "criptolokers" (yeah crispy lockers, bad things) and "dont slow down the pc performance" while blocking "any malware can bypass this". Don't forget you will have a "dns encryption" ("nothing" is quite undistinguishable I think, so that's encrypted), a "new secure" "ssl" "protocol" "that cant be intercepted"¹ and of course a very "low hardware and harddrive impact".

    The "Ai header engine" can take a header if water is in your computer so everything spouts out. The "Ai smart anti exploit mitigation" will protect you from software which tries to mitigate exploits, which is the only useful thing to do because it would be bad if you miss heroic deeds.

    And all "software holes ,like bios,cpu,hardware" will be blocked too of course. So all this software holes are not needed anymore. Just uninstall your BIOS, CPU or hardware. No problem! Additionally "bugs" will be smashed as these crawling critters don't have a warm and comfortable environment in your computer. And the "keyboard" blocking is by default of course - no one needs a keyboard.

    "4 firewall" will protect you from "artificial intelligence technology" - just image all these AIs which try to kill people. All of them will be barbecued! :)(There's only one problem: What will happen to the other AIs like the "Ai forensics engine"?)

    The "smart engine anti publishing" is not really new but very effective - usually it's called "control my brain". But of course it's improved as it's smart now. Now it will not only control the brain of one user it will also try to control other users brains with whom the user spoke.

    "Add a new fast intelligence run package" - Yes of course the next NSA marathon will come soon!

    "Fix eset driver crash" - No the ESET drivers are reliable, there driver's license was never revoked at all and all

    "Add low impact starting up" - Until you are not hitting your shutdowned computer you already have a low impact.


    ¹ (quite difficult to bring the words into the right order while still quoting correctly...)

  6. Yeah one issue with doing this would be cost as I presume more features could mean a higher price which would be a problem for those not using specific features. I gathered it would be complicated to implement to.

    Haha, yes, you're right. So we would also need a modular buying/paying system for each of every feature. :lol:

    Well... j just kidding. That's not really what we want. :)

  7. The thing you're talking in your last post looks rather than an VSD update error than a product upgrade error as you initially stated.

    So what exactly doesn't work? The product upgrade?


    If so then you can try to download the latest version from the website and install it manually.

    If this fails again you can check again for the logs Marcos requested and continue with his instructions.

  8. @Sonoran Desert

    No not forcing users - that wouldn't be good. You can convince users to upgrade to a new version, but this is the only thing which you should do. The user should know that it's a goo decision to do so and not complain about an forced upgrade process.

    There may also be legitimate reasons to use older version - on the one hand for testing of course, but this might be quite rarely. But on the other hands newer version may not be compatible with older operation systems (like it happened with v8, which isn't compatible with Win XP SP2 or lower).

    Another reason might be if the upgrade to the newer version fails or something isn't working afterwards. If the user then installs the older version (if he is able to do it, because he maybe found the old installation file on his disk somewhere) then he would be instantly after installing (or maybe worse - already during installing) forced to upgrade to the newest version with no alternative. And of course this new version fails to install.


    So no don't force the user - let him the decision. It's his computer, it's his security he has to know what he wants to do. Educate him, convince him, help him, but please don't force him!

    So yes you could redesign the upgrade messages or make more clear why an update is important or differently spread the information about a new upgrade - that's okay and it may help the user, but he should still be asked what should happen on his own device.

    And for what it's worth ESET already has a kind of "automatic upgrade wizard". It's just that the user has to do one click and ESET will upgrade itself completely automatically.

  9. Nice explanation. However I think you inverted something there. AFAIK the potentially unsafe application are those with the potential for misuse.

    But you wrote this:

     Unlike PUAs, potentially unwanted applications are usually perfectly legitimate tools that can be installed in corporate networks and used by administrators, however, they can be misused in the wrong hands.


    The same way it's also sted in the product internal help of ESS as an explanation for potentially unsafe application:

    [They are] legitimate programs whose function is to simplify the administration of networked computers. However, in the wrong hands, they may be misused for malicious purposes.

  10. Well... you can of course try it.

    If it's stated this way in the manual then it maybe works indeed. (Your OS is in fact Windows XP SP2+ 64 bit and as the Service Packs for XP 32bit and 64bit seem to be different there is a chance that it works.)


    Just be sure to inform us about the result. :D

  11. It seems to be something wrong with your search and your SSL/TLS connection. If I search something Firefox displays this warning:


     That seems to be because it is initally loading hxxp://forum.eset.com/index.php?app=core&module=search&do=search&fromMainBar=1 (not HTTPS). After this it's redirected correctly to the HTTPS version and then it displays this error message:

    One or all of your search keywords were below 3 characters or you searched for words which are not allowed, such as 'html', 'img', etc, please increase the length of these search keywords or choose different keywords.

    Note that I just searched for 'test'.

    BTW: The advanced search is working.


    Additionally you forum.eset.com is vulnerable to the Logjam attack. (SSLLabs, More information about logjam)

    And it doesn't support Forward Secrecy - somewhere I already complained about this. However I think Logjam is (mainly) an attack on Forward Secrecy, but nevertheless you should fix this problem - and of course to support Forward Secrecy would be nice.

  12. Well... I would also really enjoyed a HTML5 version. Not only because of security issues but of many other advantages HTML5 has like the possibility for a responsive and more flexible design.

    However the Training as it is already really nice and maybe ESET will improve ESET CyberSecurity Education later. (actually they have a survey at the end of the training)

  13. post-3952-0-63982700-1432333196_thumb.jpg
    You can win a trip to the Comic-Con 2015 just by submitting a caption for this nice ESET robot picture!

    Our partners ESET will be in San Diego this year for Comic-Con International 2015, and it wants you to be there with them. That’s why they’re offering a VIP trip for two people to the west coast city, with flights, hotel and spending money all thrown in.


    The best captioner will score a trip to San Diego during Comic-Con (July 9 - 12), which includes airfare for two, hotel for 3 nights/4 days, $500 spending cash, VIP to Nerdist's exclusive Comic-Con party and more!

    More information
    or directly to the Contest site

    Related: More pictures of the ESET robot, wallpapers and more

  14. You mean an activation code instead of a username/password license?

    That's indeed something different however in this case it's the same as I explained before - if you have a PC/desktop license then you can't use them for EMS for Android.

    But of course there are also boxed versions (where this kind of activation code is usually included) of ESET multi-device security.

  15. I had attached an USB stick when I did the scan, could it be ESS was reporting an MBR error reading of this media, because it is marked as MBR sector of the 2, My HDD is MRB sector of 1, Am I right?  :unsure:

    Yes this can be. If you want to look what device is "physical disk n" then look in the disk management of Windows. There you can see what device is "causing" the problem.


    Why I should upgrade? I am happy with ESS V., where can I learn more about ESS V.5 vs ESS V.8?

    The recent ESET versions introduced many new features like Live Grid, Advanced Memory Scanner, Exploit Blocker, Anti-Theft. More about these features you can e.g. red here or here.

    As for a list of new changes  of v8 over v7 you can find them here. If you want to you will also find changelogs from the older versions in this forum.


    At first you don't have to uninstall the older version of course so you could stick with your settings. However if you want to do a clean install that's no problem, as you're wrong, because you can indeed export and import the configuration of ESS in a XML:

    So I hope your upgrade to the new version will be successful. If not a system restore point should have been created and you can use it to restore the previous state. (You can of course also manually create one before.)
    And yes there is a boxed version (just look in a shop of your choice, also many online shops) and yes ESS 2015 is ESS v8 (ESS 2015 is the "marketing name" for ESS 8).
    However keep in mind that you don't have to buy a new version as you can upgrade for free with a valid license of ESS.
  • Create New...