Jump to content

Utini

Members
  • Content Count

    96
  • Joined

  • Last visited

Contact Methods

  • Website URL
    http://www.whymacsucks.com

Profile Information

  • Gender
    Not Telling
  • Location
    Austria
  • Interests
    http://www.whymacsucks.com
  1. What about a "suggestions" overview / databse ? E.g. list all suggestion and how many people voted for it. And also which suggestions are in progress already? It would make everything easier and offer a better overview?
  2. Maybe also do screenshots with available cameras when a wrong password was entered and windows logon / unlock ? I once coded my own program for that purpose but I wished ESET could do that too
  3. Ofcourse...but first there has to be a rule for the file ;P a useful pre-defined rule for example
  4. Automatic mode creates rule in a way of "let EVERYTHING out but nothing in". That is not secure in my opinion. It is user friendly to home users but it is definitely not secure enough if you want to focus on privacy. Apps (especially windows services/files) should be restricted to what they do. They should be allowed to connect to every port and every server. They should be allowed to use the 3 ports that they usually use and the connect to the microsoft servers and that's it. Or do you want a trojan to inject in one of those files and connect to some random chinese botnet server? svchost is also a windows standard process and it has a pre-defined rules. Same with logonui.exe , services.exe and all the other system rules that are pre-defined. The above files are more files/services that should be added to the pre-defined rules as they are just like everything that is pre-defined so far out-of-the-box windows files/processes that in automatic mode could do what ever they want. They just vulnerable as svchost.exe and need to be take care of just like ESET did with svchost,winlogon,etc.
  5. Also please add default rules or description for the following windows files: So far, I have noticed that the following processes all want to make regular connections: Host Process for Windows Services (svchost.exe) Host Process for Setting Synchronization (SettingSyncHost.exe) User Account Control Panel Host (UserAccountBroker.exe) Windows Explorer (explorer.exe) Windows Host Process (rundll32.exe) Store Broker (WSHost.exe) Windows Driver Foundation - User-mode Driver Framework Host Process (WUDFHost.exe) Device Association Framework Provider Host (dasHost.exe) Host Process for Windows Tasks (taskhost.exe) For example, right now I am worried about WSHost.exe because I don't even use the windows store and still it wants to send data to microsoft? You are worrying about that programs you install may call "home", but you don't worry about that the OS (Windows) might call home to MS once in a while? Well WSHost.exe is part of the OS and a lot in the OS wants to connect to MS, but that doesn't mean you have to allow everything that's part of the OS to connect out, you can even block stuff from connection out without breaking the OS. If you Google around you can find more info about what is essential to be allowed and what isn't. IMO you are just making this harder for yourself, the pre-set rules that are in-place today should be enough out of the box, or else I assume ESET would have added rules for the ones in your list already if they are that essential. I think it is better to have a small pre-defined set out of the box like today, and users that want to add more rules can do so afterwards if they like, so no one have to spend time removing rules that they don't want right after install. The pre-defined rules are fine, and the Automatic mode will do the rest once users start using the computer. Again, there is a reason why Automatic mode is the default.... I know that you can block some stuff without breaking anything. And obviously I googled every of those files and hwat other people recommend. A lot seems to make "useless" connections (e.g. feedsync when u dont use it or windows store). Besides that: there should be a rule set which lets you use windows out of the box with interactive mode without much configuration to be needed. For everything non-windows related you need to worry on your own. But all the above files are originally from windows and need configuration in interactive mode.
  6. Thanks, I guess they come from the usage of different security products for a long time together with knowledge of malware/trojans/password stealer/etc. Alright, I just don't want my suggestions to be lost and forgotten ;P
  7. Also please add default rules or description for the following windows files: So far, I have noticed that the following processes all want to make regular connections: Host Process for Windows Services (svchost.exe) Host Process for Setting Synchronization (SettingSyncHost.exe) User Account Control Panel Host (UserAccountBroker.exe) Windows Explorer (explorer.exe) Windows Host Process (rundll32.exe) Store Broker (WSHost.exe) Windows Driver Foundation - User-mode Driver Framework Host Process (WUDFHost.exe) Device Association Framework Provider Host (dasHost.exe) Host Process for Windows Tasks (taskhost.exe) For example, right now I am worried about WSHost.exe because I don't even use the windows store and still it wants to send data to microsoft? Also: Let us sort rules in the rule editor up and down. I am curios in which way the rules get requested anyway, like first rule first, then second then third ,... until the needed rule was found? If that is the case let us sort the rules so we can sort the most used rules first in the rule editor.
  8. Also please add default rules or description for the following windows files: So far, I have noticed that the following processes all want to make regular connections: Host Process for Windows Services (svchost.exe) Host Process for Setting Synchronization (SettingSyncHost.exe) User Account Control Panel Host (UserAccountBroker.exe) Windows Explorer (explorer.exe) Windows Host Process (rundll32.exe) Store Broker (WSHost.exe) Windows Driver Foundation - User-mode Driver Framework Host Process (WUDFHost.exe) Device Association Framework Provider Host (dasHost.exe) Host Process for Windows Tasks (taskhost.exe) For example, right now I am worried about WSHost.exe because I don't even use the windows store and still it wants to send data to microsoft?
  9. Yes, you already said this. This could be an idea, but it can even be very bad if the DNS server is compromised or there is a kind of "DNS server malware" on your computer which redirected all DNS queries to a fake/another/bad/... DNS server. So to use IP addresses there is more secure. Yes great idea. I think you mean something like I described in post #149 in this topic[/topic]. Well, maybe this can be an idea. Although svchost.exe of course does much more than just Windows updates. What rules? Do you mean the firewall rules? I think it's quite good if not too much rules are created by default... Yes, that's a great idea! A search function would make it much easier if you want to find specific rules. Thanks! But also have a look on my update I added there. So you can make ESET already detect OpenCandy. Thanks too! I also think this could be a good idea. That's why I made the post. Allowing to add DNS is the only real way to e.g. allow windows update servers for svchost.exe. Their server IP's change daily so I would need to add update.microsoft.com as "allowed". Yep svchost.exe does a lot.. one if windows update and it should be allowed ;-) Well either allow or deny rules.. what ever is safe for those files. I don't what is safe but get asked by ESET ;P
  10. This: https://forum.eset.com/topic/51-future-changes-to-eset-smart-security/page-14#entry17761 Also: Let us enter DNS Adresses for rules (remote dns adress and also let us add dns adresses to zones) Also: When a fw pop up appears, let me copy the information in this windows (e.g. the ip adress). Right now I cant mark & copy anything in the notification window Also: Add windows update rule to the standard rule set of svchost.exe (port 80 & 443 and maybe restrict it to microsoft update servers only) Also: Add spoolsv.exe standard rules Also: Add rundll32.exe standard rules Also: Let us search within the rule editor... e.g for filenames Update: Make this a standard rule? https://forum.eset.com/topic/3701-block-pua-inside-installers-from-nero-burning-rom-orbit-downloader-imgburn-dvdvideosoft-install-them-without-opencandy/ Also: https://forum.eset.com/topic/3437-poodle-attack-security-flaw-in-ssl-v3-eset-blocking/
  11. Deny where? It appears only in interactive mode of firewall and HIPS but selecting Deny automatically would not only render interactive mode useless but would also cause too many troubles if every action/communication was denied without asking the user. The rules say "allow on failure".. I think what mar122999 meant is that "block on faliure" is more secure?
  12. Yep, today I did a few more tests with ESS and compared it to CIS (which is the product I used for the last 1-2 years): ESS seems to have the better AV and HIPS compared to CIS. How ever, CIS has the advanted of blocking & notifying me for every "unknown" file that I execute. This way I get the chance to validate the file e.g. on virustotal. I will also be notified that this file might not be original (e..g. if I download ccleaner.exe but I get a block & notification, I will know this can't be the original ccleaner.exe). In the end this little advantage of CIS gave better dedection & block results. ESS has advantages over CIS (and other security produtcs) but I believe that one (major?) disadvantage is to not have an "online backround check" of apps.
×
×
  • Create New...