Jump to content

Recommended Posts

Posted (edited)

The thing that ESET sends the license data unencrypted was already discussed here and here.

  1. Yes ESET sends license data unencrypted.
  2. Yes I also find that this is a security problem.
  3. Yes ESET don't found that this is such a serious problem.
  4. But in a long discussion they said they wanted to fix this is the next version of the ESET software, where the license data is send over an HTTPS connection. (and you can disable this for troubleshooting)
Relying on the man-in-the-middle (MitM) attack, “one can install new files and/or replace existing installation files,” which “ often translates in completely owning the machine with the AV engine installed as updates are not commonly signed.”

I think ESET updates are signed. At least the signature database updates - so this shouldn't be a problem. The others I don't know.

 

I'm not able to say something about the other things, but maybe someone of the ESET moderators or ESET stuff could say something about this.

Edited by rugk
Posted

Yes we have discussed this before, here but also on Wilders.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...