LoneGeek810 7 Posted July 30, 2014 Posted July 30, 2014 I saw this post at wilders and would like to know the opinions of the ESET staff? hxxp://www.wilderssecurity.com/threads/antivirus-is-as-vulnerable-as-any-other-product.366540/#post-2395243
rugk 397 Posted July 30, 2014 Posted July 30, 2014 (edited) The thing that ESET sends the license data unencrypted was already discussed here and here. Yes ESET sends license data unencrypted. Yes I also find that this is a security problem. Yes ESET don't found that this is such a serious problem. But in a long discussion they said they wanted to fix this is the next version of the ESET software, where the license data is send over an HTTPS connection. (and you can disable this for troubleshooting) Relying on the man-in-the-middle (MitM) attack, “one can install new files and/or replace existing installation files,” which “ often translates in completely owning the machine with the AV engine installed as updates are not commonly signed.” I think ESET updates are signed. At least the signature database updates - so this shouldn't be a problem. The others I don't know. I'm not able to say something about the other things, but maybe someone of the ESET moderators or ESET stuff could say something about this. Edited July 30, 2014 by rugk
SweX 871 Posted July 30, 2014 Posted July 30, 2014 Yes we have discussed this before, here but also on Wilders.
Recommended Posts