Do I need ESET internet security???

[Robert X 0]

The general advice is "I'd recommend that you trial ESET Internet Security ,contains also RDP bruteforce protection "

However, I have several home PC's , behind a router; all of them running Win10.

All of them have “Don’t Allow Remote Connections” to this Computer.

Do I still need ESET internet security or NOD32 is enough?

[Marcos 5,074]

It depends. Even if you are behind a router, use NAT and don't use port forwarding, if malware was run on one of the machines in LAN and the others would not have a particular vulnerability in network protocol patched, it could spread through your network. For instance, Network protection in EIS/ESSP and ESET Endpoint Security was able to block the infamous Wannacry ransowmare exploiting EternalBlue  at the network level before it could do the damage. On the other hand, the chances of encountering such scenario in a home network and with Windows 10 installed on the machines are quite low.

[Robert X 0]

Thank you for your answer, but....still I did not get it.

 

If I have “Don’t Allow Remote Connections” to this Computer selected , I am still exposed to RDP brute force????

[peteyt 393]

I don't know your exact question but I think having the firewall and network protection adds extra layers so its always a good thing 

[Robert X 0]

14 minutes ago, peteyt said:

I don't know your exact question

Hello peteyt,

What do you mean by "I don't  know your exact question?"

My "exact question"  is in the post above:

 

"If I have “Don’t Allow Remote Connections” to this Computer selected , I am still exposed to RDP brute force????

 

[peteyt 393]

3 minutes ago, Robert X said:

Hello peteyt,

What do you mean by "I don't  know your exact question?"

My "exact question"  is in the post above:

 

"If I have “Don’t Allow Remote Connections” to this Computer selected , I am still exposed to RDP brute force????

 

Sorry i meant I don't know the answer to your exact question but having the extra layers is always good. I don't know enough about router security myself although Internet security also comes with a feature to scan for other devices on your network and warns you if your router might be vulnerable 

[itman 1,659]

3 hours ago, Robert X said:

"If I have “Don’t Allow Remote Connections” to this Computer selected , I am still exposed to RDP brute force????

If this is in regards to Win 10 Home versions, RDP is disabled by default. It can be installed in the Home versions but a bit of work is needed to do so: https://www.thewindowsclub.com/how-to-use-windows-10-remote-desktop-in-windows-home-rdp .

So if you are using a Win 10 Home version with default RDP settings, the answer is you don't have to worry about external network based RDP brute force attacks. However in your case, either you are using Win 10 Pro or manually installed RDP in Win 10 Home.

Is this setting:

Don’t Allow Remote Connections to this Computer

bulletproof as far as disabling RDP? The answer is no. An attacker can enable it with a simple registry modification:

https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html

Also, these type of attacks are predominately targeted against server OS installations. If the attacker can gain access to the server, he pretty much "owns" the internal network.

Edited December 19, 2020 by itman

[Robert X 0]

50 minutes ago, itman said:

 An attacker can enable it with a simple registry modification:

An attacker has to gain Administrative privileges on your PC , before registry modification.

How an attacker may get admin privileges without login credentials????

[itman 1,659]

30 minutes ago, Robert X said:

How an attacker may get admin privileges without login credentials????

There are numerous UAC bypasses that accomplish this: https://cqureacademy.com/cqure-labs/cqlabs-how-uac-bypass-methods-really-work-by-adrian-denkiewicz

Additionally, there are methods to elevate to Admin or even System privileges from a standard user account.

[Robert X 0]

2 hours ago, itman said:

There are numerous UAC bypasses that accomplish this: https://cqureacademy.com/cqure-labs/cqlabs-how-uac-bypass-methods-really-work-by-adrian-denkiewicz

Additionally, there are methods to elevate to Admin or even System privileges from a standard user account.

If you reached the point to have UAC bypassed , neither NOD32 nor ESET internet security can help you.

The main idea is, as a home user with Win 10 and RDP disabled, you do not need ESET internet Security and NOD 32 will suffice.

All over this forum , the advice is to buy ESET internet Security (more expensive) , which has RDP brute force protection:

https://forum.eset.com/topic/26634-is-nod32-eset-really-that-good-legitimate-question/?do=findComment&comment=126009

"..As for ESET, I'd recommend that you trial ESET Internet Security (contains also RDP bruteforce protection)"

https://forum.eset.com/topic/26518-is-eset-antivirus-a-good-choice-does-it-cover-all-my-bases/?do=findComment&comment=125382

" NOD32 Antivirus would not protect you from RDP brute-froce attacks which is a common infection vector of attackers to gain access to victim's computer and run malware, steal data, etc. "

https://forum.eset.com/topic/26432-eset-nod32/?do=findComment&comment=125023

"I'd recommend trying out ESET Internet Security or ESET Smart Security Premium (ESSP) which are products that also protect your from brute-force RDP/SMB attacks"

 

 

[itman 1,659]

Here's a feature comparison between Eset home use products: https://support.eset.com/en/kb318-features-available-in-windows-eset-home-products . You will have to refer to either Internet or Smart Security documentation for further details on features contained in both that are not contained in NOD32.

Edited December 19, 2020 by itman

[peteyt 393]

2 hours ago, itman said:

Here's a feature comparison between Eset home use products: https://support.eset.com/en/kb318-features-available-in-windows-eset-home-products . You will have to refer to either Internet or Smart Security documentation for further details on features contained in both that are not contained in NOD32.

The main question really that I belive the user is asking is if they are a home.user with remote access disabled would internet security protect them anymore than nod32 and windows firewall 

Edited December 19, 2020 by peteyt

[itman 1,659]

16 minutes ago, peteyt said:

The main question really that I belive the user is asking is if they are a joke.user with remote access disabled would internet security protect them anymore than nod32 and windows firewall 

The answer to that is yes. Hacking Win firewall rules for example is rather trivial since they are stored in the registry in clear text. Add to this, disabling the Win firewall is no big deal.

[peteyt 393]

11 minutes ago, itman said:

The answer to that is yes. Hacking Win firewall rules for example is rather trivial since they are stored in the registry in clear text. Add to this, disabling the Win firewall is no big deal.

I suppose home users won't be targeted as much by hackers but a firewall is still good for blocking rouge applications, spyware etc