Opinion on ESET Smart Security

[Hamzah Abusamak 0]

Why to lie let's face it,  users of Eset products mostly are advanced/experienced users, I myself is a networks engineer and Windows LAN admin, I have tried every security products since 1992 till now, I can not find what I am looking for in any of them, in those past days, lets say 1998 I was crazy about "outpost firewall", it was wow in the past but not now, about Eset, I started with nod32 v2.7 or 2.something, now we are in 2014 and we got V8, that's a huge upgrade scale, any way, the products are great but I'm not fully satisfied with it, for some reasons, like, 1. I care so much about networking, so the Personal Firewall which I hate the attached "Personal" with it lacks for some nice polish, e.g. the ability to copy/paste IP addresses/host names, rule-sets, click-able IP/host to send you to whois, sometimes I want my firewall to even block Eset itself to connect to anywhere without my permission, the connection view is not that advanced, we still need some other tools instead, also we need you to add to the tray menu, "Tools" this Tool will open a sub-menu with all those tools accessed by the main GUI. 2. Update, we need more control about when to consider time to update, the issue now with Eset SS that if you missed some days with no internet it turns RED like hell and it feels you that the world just collapsed! about "Rescan quarantined files after every update" it's a bad idea to activate this by default, it takes cpu cycles and disk activity for no any real benefit for the end user, mostly who cares about those quarantined files, they were not good in the first place. 3. Alerts, I hate the effects/animations from the bottom of my heart, plus this "Close message boxes automatically after (sec), the min is 10 sec only,  for me I want it for 2~3 sec only.

That's all for now, ~pEaCe
 

[Arakasi 549]

Hello Hamzah, you make some decent points, but i also have rebuttal.

You can change the option of notifications from 10 down to 3 already.

A little true about quarantined files, but there is also situations where a vendor got added to the av db list, and they want to fix the problems in their program and then request ESET check it out again to be removed from the list.

Well if it didnt rescan the program would remain moved on the users computer unless, like you said, an advanced user and understands to go check etc.

I am a huge networking fan myself as well, and i would also like to see more networking functions, even if tied in with the firewall module.

[Marcos 5,070]

"Rescan quarantined files after every update" it's a bad idea to activate this by default, it takes cpu cycles and disk activity for no any real benefit for the end user, mostly who cares about those quarantined files, they were not good in the first place.

 

Obviously you don't know how this feature works. Rescanning doesn't mean that ESET would scan all files in quarantine like it does during ordinary scans. It's literally just about comparing a few bytes in this case so it cannot take a lot of cpu cycles or disk activity.

[Utini 1]

1. I care so much about networking, so the Personal Firewall which I hate the attached "Personal" with it lacks for some nice polish, e.g. the ability to copy/paste IP addresses/host names, rule-sets, click-able IP/host to send you to whois, sometimes I want my firewall to even block Eset itself to connect to anywhere without my permission, the connection view is not that advanced, we still need some other tools instead.

That's all for now, ~pEaCe

 

 

I agree, there are a view things (like the ones I quoted) that ESET could/should add to improve the product. Those features might already be state-of-the-art for other security vendors but then they lack other things that ESS offers.

 

I am also an advanced user who has used a lot of security products and I have ended up with ESS. It is fast, lightweight and has the best interface I have seen so far. It's dedection rate is good enough (could be better with online check up of files and block unknown files ;P). I offer the features we need but doesn't bomb us with unneeded features. But I agree that there are a few things that (as an advanced users) I really wish for e.g. copy & paste IP's from notification pop ups or let us add DNS addresses instead of IP-only.

 

If ESET fixes those things with the next release then I think ESS has hit the sweet spot for "unexperienced home users" and advanced users that want to get the last bit of juice out of ESS! Until then I will keep using ESS v8

Edited December 23, 2014 by Utini

[Marcos 5,070]

It's dedection rate is good enough.

 

If you come across undetected malware, please submit it to ESET as per the instructions here. From my experience, new malware that I run into is usually already blocked by Live Grid or Advanced memory scanner upon execution. If not, a detection is added in the next update which cannot be said about most of other vendors whom it takes hours or even days or weeks to add a detection for the given malware.

If there's really new completely unrecognized malware, it must be one that none of ESET's users around the world with Live Grid enabled has had on their machine.

[Hamzah Abusamak 0]

If you set HIPS filtering mode "interactive mode" then it's game over for current/future malwares, hence even the virus asking you a permission to run or not. that's the funny part all of it.

[Utini 1]

 

It's dedection rate is good enough.

 

If you come across undetected malware, please submit it to ESET as per the instructions here. From my experience, new malware that I run into is usually already blocked by Live Grid or Advanced memory scanner upon execution. If not, a detection is added in the next update which cannot be said about most of other vendors whom it takes hours or even days or weeks to add a detection for the given malware.

If there's really new completely unrecognized malware, it must be one that none of ESET's users around the world with Live Grid enabled has had on their machine.

 

 

I can take any virus example that ESET currently dedects and obsfuscate/crypt it into 20 different files that will be undedected ti ESET. And tomorrow I will make 20 new ones. HIPS will probably dedect it but still it would be awesome if ESET checks a file onlinw before executing it (e.g. like comodo does and then automatically sandboxes unknown filea).

[Arakasi 549]

Well thats kind of what Live grid is/does.

It checks launched or executed processes against a cloud database.

[Utini 1]

Well thats kind of what Live grid is/does.

It checks launched or executed processes against a cloud database.

 But it doesn't block or warn if it is unknown?

[Marcos 5,070]

I can take any virus example that ESET currently dedects and obsfuscate/crypt it into 20 different files that will be undedected ti ESET. And tomorrow I will make 20 new ones. HIPS will probably dedect it but still it would be awesome if ESET checks a file onlinw before executing it (e.g. like comodo does and then automatically sandboxes unknown filea).

 

Let's send me such malware Advanced memory scanner scans already unpacked code in memory so obfuscating it with whatever packer shouldn't be a way to evade detection. Also I just don't understand how it would help ordinary users if HIPS queried cloud before executing a file. Would it tell the user that the file is not prevalent and may pose a risk? There are tons of legitimate applications that are not prevalent so how the user should know if it's ok to allow it or not?

[Utini 1]

 

I can take any virus example that ESET currently dedects and obsfuscate/crypt it into 20 different files that will be undedected ti ESET. And tomorrow I will make 20 new ones. HIPS will probably dedect it but still it would be awesome if ESET checks a file onlinw before executing it (e.g. like comodo does and then automatically sandboxes unknown filea).

 

Let's send me such malware Advanced memory scanner scans already unpacked code in memory so obfuscating it with whatever packer shouldn't be a way to evade detection. Also I just don't understand how it would help ordinary users if HIPS queried cloud before executing a file. Would it tell the user that the file is not prevalent and may pose a risk? There are tons of legitimate applications that are not prevalent so how the user should know if it's ok to allow it or not?

 

 

Mhh I have a password stealer and a trojan which are both 1-2 years old and the built in crypter still makes the malware.exe fully undedected to most anti virus (including ESET). As the malware builder is bound to my hardware id I can only provide the malware files itself if you wish but not the builder/client.

 

Well what I am talking about is smth like app-phishing. E.g. I download ccleaner.exe or some other software and ESET will know the original ccleaner.exe and run it without a warning. How ever if the ccleaner.exe that I downloaded was manipulated (e.g. server.exe binding) then ESET will not know the file anymore as "trusted" and warn me. That way I will check again if the file is original, where it came from, etc.

 

For example: there are "malware spreading techniques" where the malware.exe binds itself to a file you download so whenever you share that file with somwone else the other person will be infected too. So I download the original file but it will get manipulated by malware on my pc. ESET would notice that because when I open the manipulated.exe it is not in the "trusted database".

 

Well thats how I imagine it and know it from Comodo

Edited December 24, 2014 by Utini

[Arakasi 549]

Your forgetting about size and hash or md5 of files. Or sha-1

Or if a second file is binded, once the alternative process is started, it's not going to be ignored by ESET once the binding is over, or second process starts asynchronously etc.

Edited December 24, 2014 by Arakasi

[Marcos 5,070]

Mhh I have a password stealer and a trojan which are both 1-2 years old and the built in crypter still makes the malware.exe fully undedected to most anti virus (including ESET). As the malware builder is bound to my hardware id I can only provide the malware files itself if you wish but not the builder/client.

That would probably suffice. Please upload the file to a safe location and pm me the download link.

Well what I am talking about is smth like app-phishing. E.g. I download ccleaner.exe or some other software and ESET will know the original ccleaner.exe and run it without a warning. How ever if the ccleaner.exe that I downloaded was manipulated (e.g. server.exe binding) then ESET will not know the file anymore as "trusted" and warn me. That way I will check again if the file is original, where it came from, etc.

Assume that you have a legitimate application that is not signed. If the author updates it, how an antivirus program should know whether it was modified intentionally or by malware?

[Utini 1]

 

 

Assume that you have a legitimate application that is not signed. If the author updates it, how an antivirus program should know whether it was modified intentionally or by malware?

 

Hmm dunno but Comodo has sorted that out. 

 

Btw I think this is also an "easy trick" for them to score high at reviews.... Block everything that isnt trusted/whitelisted automatically. 

[rugk 397]

Btw I think this is also an "easy trick" for them to score high at reviews.... Block everything that isnt trusted/whitelisted automatically.

Yes and annoy many users, which use not so well-known software...

[Utini 1]

 

Btw I think this is also an "easy trick" for them to score high at reviews.... Block everything that isnt trusted/whitelisted automatically.

Yes and annoy many users, which use not so well-known software...

 

During two years of CIS usage I havent enountered a problem with that. Not even the anti-cheat system coded by a random polish guy for a random online fps made problems as CIS whitelisted even that. Besides that, when you get promped about an unknown file, you can upload the file and let Comodo check and eventually whitelist it

[rugk 397]

Well thats similar to ESET LiveGrid. It will also upload unkown files, but for showing a message about a completly (!) unknown file I would think SweX suggestion he made some time ago was quite good.

However...

What is if you're a software developer and make (really unique and because of this also unknown) pices of software?

In this case you're own files will always be unknown and will always cause a notification...

Edited December 25, 2014 by rugk

[Marcos 5,070]

If Comodo is effective in that, is it therefore also used in server and critical production environment like ESET's products are? Just to make sure we're not comparing apples to oranges.

[Utini 1]

If Comodo is effective in that, is it therefore also used in server and critical production environment like ESET's products are? Just to make sure we're not comparing apples to oranges.

 

I really have no clue. All I know is that it is effective and not causing much problems (atleast I haven't enocountered any troubles eventhough I like testing different piece of software, also unknown stuff, especially as I am coding myself and try little programs of others). How Comodo does it -> no idea

 

It is not the best way of protection as it will only work when the file is already downloaded on the system and being executed (e.g. ESS mostly blocks the files before they are even fully downloaded onto the system) but it is an additional layer of protection that can be very useful without the cost of high ressources (atleast from the clients perspective).

Edited December 27, 2014 by Utini