for those who thinking Windows7 and Nod32 is safe

spacesnow · March 17, 2023

So I have an quite old PC which I kept on Windows 7 and I have bought Nod32 Antivirus software. And yesterday arriving home I found "Your computer is encrypted bla bla bla" on screen. Computer was left on when last time accessed remotely by myself. It has been like this about 25 years :). My own fault and quite interesting it didn't happen during the last decades. My point here is that latest updated version of NOD32 which works for Win7 didn't helped to avoid that. Maybe it helped last 10 years I paid for it, You never know...

Marcos · March 17, 2023

Microsoft ended support for Windows 7 on Jan 14, 2020:

https://support.microsoft.com/en-us/windows/windows-7-support-ended-on-january-14-2020-b75d4580-2cc7-895a-2c9c-1466d9a53962

As of then the OS became vulnerable since no security updates were released. Also you have NOD32 Antivirus installed which provides basic protection, ie. network protection is missing as well as ESET LiveGuard (available in ESET Smart Security Premium) which performs analysis of suspicious downloaded files in a cloud sandbox before the files are allowed to run.

rotaru · March 18, 2023

On 3/17/2023 at 1:04 PM, Marcos said:

Also you have NOD32 Antivirus installed which provides basic protection

NOD 32 has an "Ransomware Shield" which , for 1000 times proves again to be just a fancy thing!

itman · March 18, 2023

There are strong suspicions that the initial attack vector was a brute force RDP attack. Of note is both EIS and ESSP Network Protection include Network and Brute-force attack protection:

Edited March 18, 2023 by itman

rotaru · March 19, 2023

1 hour ago, itman said:

There are strong suspicions

As always, not ESET's fault......

Nightowl · March 19, 2023

4 hours ago, rotaru said:

As always, not ESET's fault......

If someone can log into RDP and disable ESET , then ESET is not capable of defending anything

Still it is not recommended to be using Windows 7 at all , since if ESET missed the threat since that can happen with any AV available on the market , then there is no way of defense against that malware

Since Microsoft doesn't fix anything with 7 and 8 anymore , you are better of with 10 and 11 , or even Linux if you are against using those two systems , but not 7 and 8.

rotaru · March 19, 2023

10 hours ago, Nightowl said:

If someone can log into RDP and disable ESET , then ESET is not capable of defending anything

You are right!

But...

ESET doesn't have a true anti ransomware shield ; it is just rebranded part of HIPS to satisfy the market .

Absolutely every time when an user complained about having his files encrypted , ESET blamed somebody else.

itman · March 19, 2023

More FYI on ransomware attacks;

https://www.eset.com/fileadmin/ESET/US/resources/ESET_MSP_Advanced_Anti-ransomware_Settings.pdf

Nightowl · March 19, 2023

Firewalling the RDP port to specific IP addresses , password protecting ESET , account auto lock for failures for RDP , it will limit the attack space for RDP attacks.

peteyt · March 23, 2023

On 3/19/2023 at 3:55 PM, rotaru said:

You are right!

But...

ESET doesn't have a true anti ransomware shield ; it is just rebranded part of HIPS to satisfy the market .

Absolutely every time when an user complained about having his files encrypted , ESET blamed somebody else.

While there's things I'd like to see added to eset which have been debated on and off for a while by others, part of the issue is a lot of the complaints of eset not protecting well are made by people who don't know the factors for the issue.

As mentioned here, the requester has already confirmed they are using windows 7 a version that is no longer supported and updated so there will be vulnerabilities. Using an unsupported OS is like having a prison with a hole in the fence. It can have security but there's a gapping hole.

The requester has also mentioned using remote access. This may have been using a weak or even a leaked password and might have not been set up to block things like certain IPs and also multiple unsuccessful login attempts.

As mentioned if Eset was not password protected, they could easily remote on, disable Eset protections that would have possibly blocked the ransomware and then cleared any logs to hide what they had done.

As mentioned they used Nod32 so no network protection or brute force protection and there's no mention of the version of eset so it could have been an older version with less protection.

The thing is Eset may or may not have blocked it if it was on a newer OS with the features mentioned enabled, but security starts with the user and you can't blame an AV when your using old unsupported stuff with bad habits.

rotaru · March 24, 2023

Hello Peteyt,

In your answer you mentioned:

The requester has also mentioned using remote access. This may have been....
and might have not to block things like certain IPs
if Eset was not password protected
and there's no mention of the version of eset so it could have been

By using lots of may, might, if, you could you can create any scenario...Point is, I have been using ESET for years , with HIPS in "Smart mode" and I never got a single alert HIPS related.

I am strongly convinced that HIPS and consequently anti ransomware module (just rebranded part of HIPS) are sub par , close to doing nothing.

I still have 8 NOD32 licences , unused , bought this year , for $9 each

Edited March 24, 2023 by rotaru

Marcos · March 24, 2023

Let me sum it up:

If you install a security system to your house and put the code in front of the house, don't blame the security system because the theft was able to disarm it and steal things from your house.

I barely remember a case where the encryption was caused by ESET's fault. An unpatched system where the attacker was able to remote in and disable ESET prior to running ransomware.
In order for ESET to protect users, the following conditions must be met:
- using a fully supported operating system and applications with all available security updates installed
- secured RDP allowing access only from the local network or from specific IP addresses
- using a password to protect ESET settings when other users can access the machine
- enabling detection of potentially unsafe applications to detect and block tools that might kill or remove the AV
- practicing safe computing when it comes to passwords, permissions, applications that one installs and uses, etc.

We recommend using a higher tier product that ESET NOD32 Antivirus which provides only essential security and comes without network protection that is able to stop brute-force attacks.

Having said that, we'll draw this topic to a close.

Sign In

for those who thinking Windows7 and Nod32 is safe

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Recently Browsing 0 members

Quick search

FAQ

Topics