New NOD32 4 & Smart Security 4 Released!!!

it does seem though that eset have made a rather large boob here with this firewall , i wont be renewing my sucription to smart security but i will be keeping the eset AV , ill keep it for now because its paid for :mad:

The beauty of ESET is that you can use your license for both ESS and NOD32, whatever you prefer. So no need to be mad :), just uninstall ESS, install NOD32 (use your current license info for username/password) and Comodo Internet Security FREE (just Firewall option when asked what do you want to install, as it will also offer you to install Comodo AV, which is nowhere near NOD32). And enjoy :)

That's what I did last night, works as a charm.

BR
Miki
 

My Computer

System One

  • Manufacturer/Model
    Sony Vaio Z590
    CPU
    Intel Core 2 Duo P9500 2.53GHz
    Memory
    4GB DDR3-1066Mhz
    Graphics card(s)
    Nvidia 9300M GS and Intel X4500M HD
    Screen Resolution
    1600x900
    Hard Drives
    Toshiba MK3252GSX 320GB (5400 rpm)
it does seem though that eset have made a rather large boob here with this firewall , i wont be renewing my sucription to smart security but i will be keeping the eset AV , ill keep it for now because its paid for :mad:

The beauty of ESET is that you can use your license for both ESS and NOD32, whatever you prefer. So no need to be mad :), just uninstall ESS, install NOD32 (use your current license info for username/password) and Comodo Internet Security FREE (just Firewall option when asked what do you want to install, as it will also offer you to install Comodo AV, which is nowhere near NOD32). And enjoy :)

That's what I did last night, works as a charm.

BR
Miki

done :D although my hardware firewall should be ok you can never be too carefull

thank you :)
 

My Computer

System One

  • Manufacturer/Model
    Custom Build
    CPU
    Intel Q9550 @ 4Gig / Titan Fenir
    Motherboard
    XFX 780i
    Memory
    4GB OCZ PC2-8500C5 DDR2
    Graphics card(s)
    Gainward GTX260/216 SLI
    Sound Card
    Creative X-FI Xtreme Gamer
    Monitor(s) Displays
    Dell UltraSharp 2209WA 22"
    Screen Resolution
    1680x1050
    Hard Drives
    western digital raptor 10000rpm sata
    PSU
    OCZ Modstream 700w
    Cooling
    Titan Fenir
    Mouse
    Logitech G5 Gamer
    Keyboard
    Razer Reclusa
    Internet Speed
    8mb
Well according to this chart, NOD 32 looks like its the best. I will try NOD 32 today for the 1st time. Lets see if it outperforms NIS 09 that i always use. I will let you guys know tomorrow as i have to go home now. Its 2:30 AM IST.

Suggestion:

Do not install Security Suite, and instead Install NOD32 Antivirus version 4 (use SysInspector to take snapshot of computer- this is handy for future comparisons/troubleshooting. There is also the option to create a bootable disk if you are so inclined.)

why isn't it good enough? i have heard that Eset smart security includes NOD32 antivirus. is it true?


Yes it is true. the only difference is antispam (which is also included in most Mail pop3 clients-i.e., Windows Mail, and Outlook), and a 2-way firewall (that has to be configured) with Vista's 2-way firewall, and UAC I think it makes it superfluous, and unneccessary as it requires more system resources. Plus I heard that the initial release of Smart Security was a bit buggy (It is perhaps better to wait for the next released Version with the kinks ironed out).

http://www.vistax64.com/system-security/220286-nod32-avast-home-edition-3.html
 

My Computer

System One

  • CPU
    T7600G Core2Duo 2.66 Ghz
    Motherboard
    Intel 945PM + ICH7 Chipset
    Memory
    4GB DDR2 PC2-5300 667MHz
    Graphics card(s)
    Mobility Radeon x1900 256MB
    Sound Card
    Realtek HD
    Monitor(s) Displays
    WUXGA 17"
    Screen Resolution
    1920X1200
    Hard Drives
    640GB 7200RPM SATA/RAID 0 (2x320GB) and 320GB 7200RPM External
    Mouse
    Wireless Microsoft 3000
    Internet Speed
    10 mbps/2 mbps
    Other Info
    Optical Drive: Panasonic UJ-220 DL BD-RE (Blu-Ray)
Latest results from firewall testing:
Results and comments - www.matousec.com

They have tested ESS v4.0.417 and regarding its firewall protection it's total crap. So at the end I have uninstalled ESS v4, installed NOD32 v4 and Comodo Internet Security (just Firewall, btw CIS is totally FREE). Works as a charm, even my wireless network is recognized much faster now, almost instantly.

As I said before this indicates that there is no All-In-One best solution (Suits), rather you have to go after dedicated AV and dedicated Firewall in order to get best of both worlds.

Cheers,
Miki

Ps- this is a garbage "firewall Test" review and should be taken with a grain of salt.

the tests at matousec are not applicable to the firewalls in Antivirus/Antimalware suites as these rely on integrated/shared components (i.e., NOD32 4 has self defense to prevent corruption/impairment of the program. disabling Components also disables self-defense which ultimately can result in the Firewall being shutdown/disabled). a suite has the firewall that works in conjunction with the other features in the suite (i.e., Smartscan). Matousec disables those features, which is why the firewall part scores lower than dedicated firewalls. It is like this in suites, you kill the "brain", the arm doesnt work right anymore, do you catch my drift here? You cannot comparison test Antimalware/firewall suites by disabling the critical components, and then run them up against unmodified standalone firewall programs; you have just "handicapped" the suite by doing so- Of course it will perform poorly.
http://www.av-comparatives.org/forum/index.php?page=Thread&threadID=866

try these:
https://www.grc.com/x/ne.dll?bh0bkyd2
http://www.grc.com/lt/leaktest.htm
 
Last edited:

My Computer

System One

  • CPU
    T7600G Core2Duo 2.66 Ghz
    Motherboard
    Intel 945PM + ICH7 Chipset
    Memory
    4GB DDR2 PC2-5300 667MHz
    Graphics card(s)
    Mobility Radeon x1900 256MB
    Sound Card
    Realtek HD
    Monitor(s) Displays
    WUXGA 17"
    Screen Resolution
    1920X1200
    Hard Drives
    640GB 7200RPM SATA/RAID 0 (2x320GB) and 320GB 7200RPM External
    Mouse
    Wireless Microsoft 3000
    Internet Speed
    10 mbps/2 mbps
    Other Info
    Optical Drive: Panasonic UJ-220 DL BD-RE (Blu-Ray)
archie123,

No problem :)

I have switched off Windows Firewall and let Comodo do all the work. There's big discussion about this is it better to have 2 firewalls (like you said "more" protection) on keeping just one active in order to prevent conflicts. As I don't use 2 AV softwares at the same time (even some might think of this as an "more protection", but in reality they are conflicting each other), I don't see any point of having 2 firewalls as well.

rive0108,

not only it's buggy but it seem kind of unfinished to be honest. Lots of internet drops and cuts, plus if you check Results and comments - www.matousec.com results, you'll see that ESS barely reached level 1 protection (more on this you can find in PDF files on the right. Also if you check ESS results from v3 and v4 you'll see no improvements whatsoever. And having CIS as the best firewall and for free, makes choice more than obvious.

As for this response, I'm not convinced :sarc:. Either you have firewall or not. If this is true (that Suits are not good with this test), how come KIS (also a Suite) scored 89%, reaching level 9 of protection? :huh: I believe it's a lame excuse for a crappy performance.

Another thing, if this is true, how come ESET didn't write statement (if you scroll down below test results, you'll see responses from various vendors) saying you did wrong, our firewall is not that bad, or please turn on this and that module... ESET is known for one of the best AV (NOD32), and that's it.

As I believe in unbiased tests from AV-Comparatives and Virus Bulletin when it comes down to AV software (both putting NOD32 on the top for years), I also believe in maousec when it comes to Personal Firewalls (putting Comodo in top 3 choice, along with Online Armor and Outpost)

Here is a sentence from matousec.com :
Firewall Challenge is designed to test personal firewalls, HIPS products, behavior blockers and other behavior based systems

Cheers,
Miki
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    Sony Vaio Z590
    CPU
    Intel Core 2 Duo P9500 2.53GHz
    Memory
    4GB DDR3-1066Mhz
    Graphics card(s)
    Nvidia 9300M GS and Intel X4500M HD
    Screen Resolution
    1600x900
    Hard Drives
    Toshiba MK3252GSX 320GB (5400 rpm)
archie123,

No problem :)

I have switched off Windows Firewall and let Comodo do all the work. There's big discussion about this is it better to have 2 firewalls (like you said "more" protection) on keeping just one active in order to prevent conflicts. As I don't use 2 AV softwares at the same time (even some might think of this as an "more protection", but in reality they are conflicting each other), I don't see any point of having 2 firewalls as well.

rive0108,

not only it's buggy but it seem kind of unfinished to be honest. Lots of internet drops and cuts, plus if you check Results and comments - www.matousec.com results, you'll see that ESS barely reached level 1 protection (more on this you can find in PDF files on the right. Also if you check ESS results from v3 and v4 you'll see no improvements whatsoever. And having CIS as the best firewall and for free, makes choice more than obvious.

As for this response, I'm not pretty convinced :sarc:. Either you have firewall or not. If this is true (that Suits are not good with this test), how come KIS (also a Suite) scored 89%, reaching level 9 of protection? :huh: I believe it's a lame excuse for a crappy performance.

As I believe in unbiased tests from AV-Comparatives and Virus Bulletin when it comes down to AV software, I also believe in maousec when it comes to Personal Firewalls

Here is a sentence from matousec.com :
Firewall Challenge is designed to test personal firewalls, HIPS products, behavior blockers and other behavior based systems

Cheers,
Miki

I know it is buggy. It is brand new- the beta was released for testing not 5 months ago [Nov 2008], and RC's ALWAYS are buggy [i.e., Vista], but as for testing it, GRC is the way to go. Matousec.com is misleading, as it actually disables and cripples key features of the software suite. Perhaps the test wouldnt be so misleading had they not disabled the software, and allowed the firewall to perform unhindered. It does not take a brain surgeon to figure out by doing this standalones will always outperform Suites. Firewall/AV suites are not tested under the same method as Standalone Firewalls, you cannnot cripple a software program and still expect it to function properly. Matousec are amateurs, who do not know what they are doing. They are not even a certified Lab-It's like a AV comparison test done by CNET.

ICSA Labs tests Antivirus/firewalls for certification, they have yet to test Smart Security.

If Smart Security passes all the GRC firewall Tests, Then I would not worry about it. Firewalls are simple- it either blocks traffic (without User Authorization, or not). Once something gets past the firewall It is up to the Antivirus/Antimalware scanners. Period.

Does anyone not clearly understand the difference between website/editor testing and certified labs? If not, read this:

Computer magazines and ezine Antivirus Testing and Recommendations (i.e., Editor's Pick Awards)

by Andrew J. Lee
AVIEN Founding Member
http://www.avien.net

It is indisputable that any magazine can test and compare the usability, the interface, the update method, the system performance impact, the "user friendliness" and the features of respective products, and, on that basis, many magazines have conducted good and fair reviews of the anti-virus software included.

However, on the basis of their stated methodology for testing the virus detection functionality of the scanners, they often have not. The idea that a magazine will be able to test any virus scanner with their own "quarantined" virus collection is at best foolish and at worst dangerous.

Let me put it simply. When it comes to Scanner testing such magazines usually do not know what they are doing. This is proved by telling us how their test was conducted. It is simply wrong to assume that they can test a scanner just by seeing if it detects the viruses that they have. If it detects them they have proved nothing, except that there are some files they suspect of being viruses that it detects, you cannot extrapolate any further conclusion. If it does not detect, they have no way of telling why.

This is because they don't know whether their samples are viable* either fully or in part, nor whether the samples they have are mutations or variants (i.e. someone or something has made changes to it). The major criticisms that I have of such methodologies are these:

  1. They do not define and publish the sample set used - listing by family, variant and type.
  2. [FONT=Arial, Helvetica, sans-serif]They have not tested the ability to replicate, (the definition of a virus), of each member of that sample set.[/FONT]
  3. [FONT=Arial, Helvetica, sans-serif]They do not publish the methodology of testing, which must be consistent for each product, i.e. how they set it up, were the files tested against in their natural state (as they would appear in the wild) etc.[/FONT]
  4. [FONT=Arial, Helvetica, sans-serif]They do not state whether they have distinguished viruses from Trojans or other non viral malware.[/FONT]
  5. [FONT=Arial, Helvetica, sans-serif]They often state disinfection or healing as a benefit, when it is far from agreed that it is of any benefit.[/FONT]
  6. [FONT=Arial, Helvetica, sans-serif]They often do not state the update or engine level of each product, nor the platforms on which they tested.[/FONT]
[FONT=Arial,Helvetica, sans-serif]Therefore such tests have proved nothing, and are of little value in making a purchasing judgement.[/FONT]


[FONT=Arial,Helvetica, sans-serif]For reliable results check the tests done by respected independent bodies in the field, you will often see that their testing contradicts such arbitrary magazine test results. See these links for some real tests :[/FONT]

[FONT=Arial,Helvetica, sans-serif]http://www.av-test.org/index.php3?lang=en [/FONT]
[FONT=Arial,Helvetica, sans-serif]http://www.virusbtn.com/100[/FONT]
[FONT=Arial,Helvetica, sans-serif]http://agn-www.informatik.uni-hamburg.de/vtc/[/FONT]
[FONT=Arial,Helvetica, sans-serif]ftp://agn-www.informatik.uni-hamburg.de/pub/texts/tests/pc-av/2001-07/0xecsum.txt[/FONT]
[FONT=Arial,Helvetica, sans-serif]http://www.uta.fi/laitokset/virus/[/FONT]
[FONT=Arial,Helvetica, sans-serif]http://www.check-mark.com/cgi-bin/redirect.pl[/FONT]
[FONT=Arial,Helvetica, sans-serif]http://www.icsalabs.com/html/communities/antivirus/certifiedproducts.shtml[/FONT]

[FONT=Arial,Helvetica, sans-serif]Real world anti-virus scanner testing is carried out using thousands of verified viruses under strictly controlled conditions. They are also carried out, at least the recognized tests, by experts in the field, who understand not only the implications of the results, but who are able to correctly interpret the results. Any tests a computer magazine have conducted in the manner described earlier are immediately invalidated by the non scientific method. [/FONT]

[FONT=Arial,Helvetica, sans-serif]*Viable here means able to replicate and infect other files. [/FONT]


[FONT=Arial,Helvetica, sans-serif]Read more...[/FONT]
Source: http://www.claymania.com/scannertest.html
 
Last edited:

My Computer

System One

  • CPU
    T7600G Core2Duo 2.66 Ghz
    Motherboard
    Intel 945PM + ICH7 Chipset
    Memory
    4GB DDR2 PC2-5300 667MHz
    Graphics card(s)
    Mobility Radeon x1900 256MB
    Sound Card
    Realtek HD
    Monitor(s) Displays
    WUXGA 17"
    Screen Resolution
    1920X1200
    Hard Drives
    640GB 7200RPM SATA/RAID 0 (2x320GB) and 320GB 7200RPM External
    Mouse
    Wireless Microsoft 3000
    Internet Speed
    10 mbps/2 mbps
    Other Info
    Optical Drive: Panasonic UJ-220 DL BD-RE (Blu-Ray)
and reply from matousec.com:

Firewalls versus Firewall Challenge, instead of malware
Question: How is avoided a danger that FW vendors will start to focus on fighting against FW challenge instead of malware? The reason can be immediate positive business impact of successfully passed tests.

Answer: We have faced this problem since leak-testing. Some vendors really fight the tests and not their attacking techniques. Some vendors optimize against the given set of tests rather than solving the causes.

If we have a suspicion that the tested product attacks some test directly, we use internally modified versions of the tests to prove it. If we can prove such behavior, we mention this in the report and the product fails the test.

Another situation is when the vendors blindly add functionality to their software to pass some technique. In such case, their users might be confused by absurd, false, misleading or somehow bad alerts, popups and questions. In this case, such a product might get through our tests but it would be unusable for most of users. We hope that vendors will not do this for their own good.

To prevent the unwanted behaviour of the vendors, we are going to add new tests to the system and test selected products against the new tests without prior notices to their vendors. For this purpose we will select, preferentially, the prodcuts of those vendors that concentrate on fighting the tests instead of the real security of their products. This approach should give us more accurate results in a sense of their real security.

Finally, we have also set a fixed rules about the frequency of testing, this should also help. However, our original rules about paid retesting allowed vendors to make quick silent fixes and order retesting with the only intention of replacing the old results with new and better results. This is why we have added new rules that limit paid retesting too.

Termination tests' methodology
Question: The methodology for termination tests seems to indicate that termination of any of the firewall's processes results in a failure in the test. I disagree with that methodology as the main features of the firewall may be unaffected by the termination (e.g. if the process that was terminated was only the tray icon) or the firewall may have some kind of "fail-safe" (e.g. blocking all connections if the processes are not running). I think a test (e.g. "leaktest.exe") should be run after a termination to see if the protection is still working or not. If the firewall stopped the test after the termination it should receive a partial score (e.g. 50% of the normal score for the termination test).

Answer: The idea behind our scoring system is the simplicity of the tests. We can not really say how the termination of one component affects the whole protection system unless we analyse the system deeply. We do not do that in Firewall Challenge. Imagine a product that implements the GUI component which communicates with the user. Imagine that if this component is terminated, the product blocks all connections to the Internet. You say that if we run "leaktest.exe" to verify the protection, it will tell us whether the protection is weakened.

In a classic model of a driver, service and GUI component there are communications channels opened between these components. And these channels may be implemented so that only one connection is allowed to prevent malicious software to connect to the channel and send requests over it. If the GUI component is terminated, it may become possible to connect to these channels and attack the service or driver component through them. The verification you suggest does not reveal this case and there are many other situations that should be verified before we could say that the protection was not weakened.

Termination of any of the product's component is a security issue. In our scoring system it is penalized and we are not aware of any easy modification that would make the system more accurate or more fair.

But let's not get inside this "conspiracy theory", ok. Do you have any test indicating that ESS is better than Comodo?
 

My Computer

System One

  • Manufacturer/Model
    Sony Vaio Z590
    CPU
    Intel Core 2 Duo P9500 2.53GHz
    Memory
    4GB DDR3-1066Mhz
    Graphics card(s)
    Nvidia 9300M GS and Intel X4500M HD
    Screen Resolution
    1600x900
    Hard Drives
    Toshiba MK3252GSX 320GB (5400 rpm)
and reply from matousec.com:

Firewalls versus Firewall Challenge, instead of malware
Question: How is avoided a danger that FW vendors will start to focus on fighting against FW challenge instead of malware? The reason can be immediate positive business impact of successfully passed tests.

Answer: We have faced this problem since leak-testing. Some vendors really fight the tests and not their attacking techniques. Some vendors optimize against the given set of tests rather than solving the causes.

If we have a suspicion that the tested product attacks some test directly, we use internally modified versions of the tests to prove it. If we can prove such behavior, we mention this in the report and the product fails the test.

Another situation is when the vendors blindly add functionality to their software to pass some technique. In such case, their users might be confused by absurd, false, misleading or somehow bad alerts, popups and questions. In this case, such a product might get through our tests but it would be unusable for most of users. We hope that vendors will not do this for their own good.

To prevent the unwanted behaviour of the vendors, we are going to add new tests to the system and test selected products against the new tests without prior notices to their vendors. For this purpose we will select, preferentially, the prodcuts of those vendors that concentrate on fighting the tests instead of the real security of their products. This approach should give us more accurate results in a sense of their real security.

Finally, we have also set a fixed rules about the frequency of testing, this should also help. However, our original rules about paid retesting allowed vendors to make quick silent fixes and order retesting with the only intention of replacing the old results with new and better results. This is why we have added new rules that limit paid retesting too.

Termination tests' methodology
Question: The methodology for termination tests seems to indicate that termination of any of the firewall's processes results in a failure in the test. I disagree with that methodology as the main features of the firewall may be unaffected by the termination (e.g. if the process that was terminated was only the tray icon) or the firewall may have some kind of "fail-safe" (e.g. blocking all connections if the processes are not running). I think a test (e.g. "leaktest.exe") should be run after a termination to see if the protection is still working or not. If the firewall stopped the test after the termination it should receive a partial score (e.g. 50% of the normal score for the termination test).

Answer: The idea behind our scoring system is the simplicity of the tests. We can not really say how the termination of one component affects the whole protection system unless we analyse the system deeply. We do not do that in Firewall Challenge. Imagine a product that implements the GUI component which communicates with the user. Imagine that if this component is terminated, the product blocks all connections to the Internet. You say that if we run "leaktest.exe" to verify the protection, it will tell us whether the protection is weakened.

In a classic model of a driver, service and GUI component there are communications channels opened between these components. And these channels may be implemented so that only one connection is allowed to prevent malicious software to connect to the channel and send requests over it. If the GUI component is terminated, it may become possible to connect to these channels and attack the service or driver component through them. The verification you suggest does not reveal this case and there are many other situations that should be verified before we could say that the protection was not weakened.

Termination of any of the product's component is a security issue. In our scoring system it is penalized and we are not aware of any easy modification that would make the system more accurate or more fair.

But let's not get inside this "conspiracy theory", ok. Do you have any test indicating that ESS is better than Comodo?

I doesnt matter if it is better than comodo- The software programs Are not even in the same ballpark. Configuring the Vista 2-way firewall is better than both (if you know what you are doing-its not that hard).
Baring that, there are programs like Sphinx (with free versions) that will do it for you ( recommended Plus Version $30).Vista Firewall Control : Sphinx Software
Essentially you set the firewall to "block all" incoming and outgoing, and then configure rules to allow installed programs, and Windows components to connect through it. There is even a way to configure outbound data pack filtering.

smart security is buggy, and because of this, and Vista's firewall, and UAC, it is not really neccessary anyways. On top of this you have Hardware firewalls (which are way better than software firewalls) and all you need is an access point/router (and of course, a good Antivirus/Antimalware program).
 

Attachments

  • Capture.GIF
    Capture.GIF
    24.1 KB · Views: 33
  • Capture1.GIF
    Capture1.GIF
    29.4 KB · Views: 37
Last edited:

My Computer

System One

  • CPU
    T7600G Core2Duo 2.66 Ghz
    Motherboard
    Intel 945PM + ICH7 Chipset
    Memory
    4GB DDR2 PC2-5300 667MHz
    Graphics card(s)
    Mobility Radeon x1900 256MB
    Sound Card
    Realtek HD
    Monitor(s) Displays
    WUXGA 17"
    Screen Resolution
    1920X1200
    Hard Drives
    640GB 7200RPM SATA/RAID 0 (2x320GB) and 320GB 7200RPM External
    Mouse
    Wireless Microsoft 3000
    Internet Speed
    10 mbps/2 mbps
    Other Info
    Optical Drive: Panasonic UJ-220 DL BD-RE (Blu-Ray)
im gonna have to jump in here with my limited knowlage , i turned off my routers firewall and went to the PCflanks website and ran its tests , esets smart security suite failed almost every one in a spectacular fashion , after one test i was advised to install a firewall!!!! I have esets firewall properly configured , it still failed , i can quite catagorically say its JUNK , im no expert but as my new commodo firewall seems to PASSING the same tests (all but one) i can only assume the obvious........

Esets firewall is not just buggy its a joke
 

My Computer

System One

  • Manufacturer/Model
    Custom Build
    CPU
    Intel Q9550 @ 4Gig / Titan Fenir
    Motherboard
    XFX 780i
    Memory
    4GB OCZ PC2-8500C5 DDR2
    Graphics card(s)
    Gainward GTX260/216 SLI
    Sound Card
    Creative X-FI Xtreme Gamer
    Monitor(s) Displays
    Dell UltraSharp 2209WA 22"
    Screen Resolution
    1680x1050
    Hard Drives
    western digital raptor 10000rpm sata
    PSU
    OCZ Modstream 700w
    Cooling
    Titan Fenir
    Mouse
    Logitech G5 Gamer
    Keyboard
    Razer Reclusa
    Internet Speed
    8mb
im gonna have to jump in here with my limited knowlage , i turned off my routers firewall and went to the PCflanks website and ran its tests , esets smart security suite failed almost every one in a spectacular fashion , after one test i was advised to install a firewall!!!! I have esets firewall properly configured , it still failed , i can quite catagorically say its JUNK , im no expert but as my new commodo firewall seems to PASSING the same tests (all but one) i can only assume the obvious........

Esets firewall is not just buggy its a joke

Could be. I myself dont need, and therefore dont use it. (I use Windows firewall, UAC and a router firewall), But it sounds like to me you either did not configure the firewall, or did it improperly. This is actually a Firewall meant for advanced Users (like Vista Firewall where outbound is configured by default to allow all traffic unless rule specified)- It is not a "default" Firewall meant for inexperienced Users like Norton's/OneCare/Comodo.


Any firewall first needs to be set to block all traffic (Policy based/strict protection), then configured through rules to allow selected programs in/out
if applications have a ruled defined, the rule will be obeyed, otherwise the firewall will deny all connections without notice of the user. (i.e., PCflanks website tests would therefore be blocked as there exist no rules to allow app through.)

I assume you have properly configured the firewall (set it for strict protection mode), and tweaked the settings as opposed to running it disabled/default, with generic connection rules created (i.e., allow all programs unless rule defined)?

The most important attributes in the Personal firewall > Setup section are Filtering mode and Rule setup. These attributes allow you to specify rules, zones and other parameters. This dialog window looks almost the same as the one above (post #28), except for the option Discard previous settings on the target computer. If this option is enabled, all current rules on the target computer will be removed and replaced by those in ESET Remote Administrator. If disabled, original rules will not be deleted or modified by new rules.

ESET Smart Security's firewall comes with options for creating rules for applications to connect to the outside or receive data. You can dive right into Zone and Rule setup panel and configure all the applications that need Internet connection if you do not want to be prompted when they are launched. The options permit you defining the direction of the connection (in, out or both), set the action (permit, deny or ask you), select the protocols, set up both local and remote ports (or a port range) as well as the remote IP address for the connection (supports both IPv4 and IPv6).

A third filtering mode, which can be activated only from Advanced Setup panel, is called Policy-Based. Again, the name gives you a strong hint on how it works: if applications have a ruled defined, the rule will be obeyed, otherwise the firewall will deny all connections without notice of the user. Of course, rules can be added for this mode whenever the user desires.



Eset firewall User guide and setup:
http://download.eset.com/manuals/ESET_PersonalFirewall_UG_EN.pdf
 
Last edited:

My Computer

System One

  • CPU
    T7600G Core2Duo 2.66 Ghz
    Motherboard
    Intel 945PM + ICH7 Chipset
    Memory
    4GB DDR2 PC2-5300 667MHz
    Graphics card(s)
    Mobility Radeon x1900 256MB
    Sound Card
    Realtek HD
    Monitor(s) Displays
    WUXGA 17"
    Screen Resolution
    1920X1200
    Hard Drives
    640GB 7200RPM SATA/RAID 0 (2x320GB) and 320GB 7200RPM External
    Mouse
    Wireless Microsoft 3000
    Internet Speed
    10 mbps/2 mbps
    Other Info
    Optical Drive: Panasonic UJ-220 DL BD-RE (Blu-Ray)
yep i set it to interactive filtering straight away and cofigured seperate rules , still no good it would appear , that said ive never had an infection ;)

it doesnt matter how you configure esets firewall , if i turn my hardware firewall off eset fails every time , commodo doesnt , esets rubbish
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    Custom Build
    CPU
    Intel Q9550 @ 4Gig / Titan Fenir
    Motherboard
    XFX 780i
    Memory
    4GB OCZ PC2-8500C5 DDR2
    Graphics card(s)
    Gainward GTX260/216 SLI
    Sound Card
    Creative X-FI Xtreme Gamer
    Monitor(s) Displays
    Dell UltraSharp 2209WA 22"
    Screen Resolution
    1680x1050
    Hard Drives
    western digital raptor 10000rpm sata
    PSU
    OCZ Modstream 700w
    Cooling
    Titan Fenir
    Mouse
    Logitech G5 Gamer
    Keyboard
    Razer Reclusa
    Internet Speed
    8mb
rive0108,

thanks for Sphinx link, others have also pointed this software to me, I'll check this.
Of course you can set up 2 way firewall to block everything, asking user every time for permission, nothing wrong about that, but when talking about majority of users with limited knowledge or no interest to "bother" with advanced settings, then one strong out-of-the-box solution is more appropriate (for them). In that sense, I'm petty pleased with Comodo, as it gives user (in a nice and simple way) total control over inbound/outbound traffic with various protection settings upon click.

Cheers,
Miki
 

My Computer

System One

  • Manufacturer/Model
    Sony Vaio Z590
    CPU
    Intel Core 2 Duo P9500 2.53GHz
    Memory
    4GB DDR3-1066Mhz
    Graphics card(s)
    Nvidia 9300M GS and Intel X4500M HD
    Screen Resolution
    1600x900
    Hard Drives
    Toshiba MK3252GSX 320GB (5400 rpm)
I personnally would set it up this way:
strict protection mode (block all Inbound/Outbound without rule)
Option-Discard previous settings
Luanched apps will then prompt for User action (allow/continue blocking, thus creating rules to that effect)


If you are inexperienced enough to allow apps that you do not know the purpose of in or out, then the firewall is basically Useless anyways.
 

My Computer

System One

  • CPU
    T7600G Core2Duo 2.66 Ghz
    Motherboard
    Intel 945PM + ICH7 Chipset
    Memory
    4GB DDR2 PC2-5300 667MHz
    Graphics card(s)
    Mobility Radeon x1900 256MB
    Sound Card
    Realtek HD
    Monitor(s) Displays
    WUXGA 17"
    Screen Resolution
    1920X1200
    Hard Drives
    640GB 7200RPM SATA/RAID 0 (2x320GB) and 320GB 7200RPM External
    Mouse
    Wireless Microsoft 3000
    Internet Speed
    10 mbps/2 mbps
    Other Info
    Optical Drive: Panasonic UJ-220 DL BD-RE (Blu-Ray)
I will go to PCflanks with nothing more than Windows firewall fully enabled for outbound, and post the results here....

Ps- the pcflanks "leaktest" is buggy...I passed the test (see below result- no IP/date/Text), but it still says I failed:rolleyes:, and of course I also passed the GRC leaktest. PCflanks might be a scam, as they say only Outpost and Tiny passed ( I suspect they are endorsing these). See results below for both leak tests.

If your firewall fails on these then perhaps you should have someone properly configure it for you. Or get Sphinx and use Vista's Firewall. I can configure Eset Firewall to give the same results, it is not difficult.



attachment.php





attachment.php
attachment.php
 

Attachments

  • Capture.GIF
    Capture.GIF
    9.7 KB · Views: 23
  • Capture1.GIF
    Capture1.GIF
    5.9 KB · Views: 23
  • Capture3.GIF
    Capture3.GIF
    26.7 KB · Views: 27
  • Capture4.jpg
    Capture4.jpg
    27.8 KB · Views: 290
  • Capture6.jpg
    Capture6.jpg
    18 KB · Views: 288
  • Capture7.jpg
    Capture7.jpg
    32.3 KB · Views: 294
Last edited:

My Computer

System One

  • CPU
    T7600G Core2Duo 2.66 Ghz
    Motherboard
    Intel 945PM + ICH7 Chipset
    Memory
    4GB DDR2 PC2-5300 667MHz
    Graphics card(s)
    Mobility Radeon x1900 256MB
    Sound Card
    Realtek HD
    Monitor(s) Displays
    WUXGA 17"
    Screen Resolution
    1920X1200
    Hard Drives
    640GB 7200RPM SATA/RAID 0 (2x320GB) and 320GB 7200RPM External
    Mouse
    Wireless Microsoft 3000
    Internet Speed
    10 mbps/2 mbps
    Other Info
    Optical Drive: Panasonic UJ-220 DL BD-RE (Blu-Ray)
yep i set it to interactive filtering straight away and cofigured seperate rules , still no good it would appear , that said ive never had an infection ;)

it doesnt matter how you configure esets firewall , if i turn my hardware firewall off eset fails every time , commodo doesnt , esets rubbish


Hmm, I wonder, do the above test results mean Vista firewall is better than Comodo?, or is it simply a matter of properly configuring a firewall to work that makes the difference? :p

So again, I stress There is no need for Eset security. All you need is Eset Antivirus 4, Windows firewall, hardware firewall (i.e., router), IE8, and UAC, but If you are gonna use Smart Security, take the time to properly configure it for optimal results.

Smart Security is new, fresh out of Beta testing, and therefore buggy. It is also a firewall that must be configured for optimal performance/protection. In time it will become more user friendly, and less buggy.
 
Last edited:

My Computer

System One

  • CPU
    T7600G Core2Duo 2.66 Ghz
    Motherboard
    Intel 945PM + ICH7 Chipset
    Memory
    4GB DDR2 PC2-5300 667MHz
    Graphics card(s)
    Mobility Radeon x1900 256MB
    Sound Card
    Realtek HD
    Monitor(s) Displays
    WUXGA 17"
    Screen Resolution
    1920X1200
    Hard Drives
    640GB 7200RPM SATA/RAID 0 (2x320GB) and 320GB 7200RPM External
    Mouse
    Wireless Microsoft 3000
    Internet Speed
    10 mbps/2 mbps
    Other Info
    Optical Drive: Panasonic UJ-220 DL BD-RE (Blu-Ray)
PCflanks might be a scam, as they say only Outpost and Tiny passed ( I suspect they are endorsing these).

Funny thing is they haven't included major firewall vendors. Tiny is very good firewall, been using it in few years ago, still....

As for question about methodology used in matousec tests:

Methodology and rules
The tested firewalls are installed on Windows XP Service Pack 3 with Internet Explorer 6.0 set as the default browser. The products are configured to their highest usable security settings and tested with this configuration only. We define the highest security settings as settings that the user is able to set without advanced knowledge of the operating system. This means that the user, with the skills and knowledge we assume, is able to go through all forms of the graphic user interface of the product and enable or disable or choose among several therein given options, but is not able to think out names of devices, directories, files, registry entries etc. to add to some table of protected objects manually.

There are several testing levels in Firewall Challenge. Each level contains a selected set of tests and it also contains a score limit that is necessary to pass this level. All products are tested with the level 1 set of tests. Those products that reach the score limit of level 1 and thus pass this level will be tested in level 2 and so on until they reach the highest level or until they fail a limit of some level.

Most of the tests are part of Security Software Testing Suite, which is a set of small tests that are all available with source codes. Using this open suite makes the testing transparent as much as possible. For each test the tested firewall can get a score between 0% and 100%. Many of the tests can be simply passed or failed only and so the firewall can get 0% or 100% score only. A few tests have two different levels of failure, so there is a possibility to get 50% score from them. The rest of the tests have their specific scoring mapped between 0% and 100%. It should be noted that the testing programs are not perfect and in many cases they use methods, that are not reliable on 100%, to recognize whether the tested system passes or failed the test. This means that it might happen that the testing program reports that the tested system passed the test even if it failed, this is called a false positive result. The official result of the test is always set by an experienced human tester in order to filter false results. The opposite situations of false negative results should be rare but are also eliminated by the tester.

To be able to make right decisions in disputable situations, we define the test types. Every test has some defined type. Tests of the same type always attempt to achieve the same goal. Here is a list of the defined types and their goals:

General bypassing test: These tests are designed to bypass the protection of the tested product generally, they do not target a specific component or feature. This is why they attempt to perform various privileged actions to verify that the protection was bypassed. These tests succeed if at least one of the privileged action succeeds. Like the termination tests, general bypassing tests can not be used without modifying the configuration file.
Leak-test: Leak-tests attempt to send data to the Internet server, this is called leaking. Most of the leak-tests from Security Software Testing Suite are configured to use a script on our website that logs leaks to our database by default. For such tests, you can use My leaks page to see whether the test was able to transmit the data. For leak-tests that do not use this script, we use a packet sniffer in unclear situations.
Performance test: Performance tests measure impacts of using the tested product on the system performance. The measured values provided by the tests on the system with the tested product installed are compared to the values measured on the clean machine. Every software affects the system performance at least a little bit. To give products a chance to score 100% in these tests, we usually define some level of tolerance here. This means that if the performance is affected only a bit, the product may score 100%.
Spying test: These tests attempt to spy on users' input or data. Keyloggers and packet sniffers are typical examples of spying tests. Every piece of the data they obtain is searched for a pattern, which is defined in the configuration file. These tests usually succeed if the given pattern has been found.
Termination test: These tests attempt to terminate or somehow damage processes, or their parts, of the tested product. The termination test usually succeeds if at least one of the target processes, or at least one of their parts, was terminated or damaged. All the termination tests from our suite must be configured properly using the configuration file before they can be used for tests.
Other: Tests that do not fit any of the previously defined types are of this type. These tests, for example, may check stability or reliability of the tested product.

Cheers,
Miki
 

My Computer

System One

  • Manufacturer/Model
    Sony Vaio Z590
    CPU
    Intel Core 2 Duo P9500 2.53GHz
    Memory
    4GB DDR3-1066Mhz
    Graphics card(s)
    Nvidia 9300M GS and Intel X4500M HD
    Screen Resolution
    1600x900
    Hard Drives
    Toshiba MK3252GSX 320GB (5400 rpm)
PCflanks might be a scam, as they say only Outpost and Tiny passed ( I suspect they are endorsing these).

Funny thing is they haven't included major firewall vendors. Tiny is very good firewall, been using it in few years ago, still....

As for question about methodology used in matousec tests:

Methodology and rules
The tested firewalls are installed on Windows XP Service Pack 3 with Internet Explorer 6.0 set as the default browser. The products are configured to their highest usable security settings and tested with this configuration only. We define the highest security settings as settings that the user is able to set without advanced knowledge of the operating system. This means that the user, with the skills and knowledge we assume, is able to go through all forms of the graphic user interface of the product and enable or disable or choose among several therein given options, but is not able to think out names of devices, directories, files, registry entries etc. to add to some table of protected objects manually.

There are several testing levels in Firewall Challenge. Each level contains a selected set of tests and it also contains a score limit that is necessary to pass this level. All products are tested with the level 1 set of tests. Those products that reach the score limit of level 1 and thus pass this level will be tested in level 2 and so on until they reach the highest level or until they fail a limit of some level.

Most of the tests are part of Security Software Testing Suite, which is a set of small tests that are all available with source codes. Using this open suite makes the testing transparent as much as possible. For each test the tested firewall can get a score between 0% and 100%. Many of the tests can be simply passed or failed only and so the firewall can get 0% or 100% score only. A few tests have two different levels of failure, so there is a possibility to get 50% score from them. The rest of the tests have their specific scoring mapped between 0% and 100%. It should be noted that the testing programs are not perfect and in many cases they use methods, that are not reliable on 100%, to recognize whether the tested system passes or failed the test. This means that it might happen that the testing program reports that the tested system passed the test even if it failed, this is called a false positive result. The official result of the test is always set by an experienced human tester in order to filter false results. The opposite situations of false negative results should be rare but are also eliminated by the tester.

To be able to make right decisions in disputable situations, we define the test types. Every test has some defined type. Tests of the same type always attempt to achieve the same goal. Here is a list of the defined types and their goals:

General bypassing test: These tests are designed to bypass the protection of the tested product generally, they do not target a specific component or feature. This is why they attempt to perform various privileged actions to verify that the protection was bypassed. These tests succeed if at least one of the privileged action succeeds. Like the termination tests, general bypassing tests can not be used without modifying the configuration file.
Leak-test: Leak-tests attempt to send data to the Internet server, this is called leaking. Most of the leak-tests from Security Software Testing Suite are configured to use a script on our website that logs leaks to our database by default. For such tests, you can use My leaks page to see whether the test was able to transmit the data. For leak-tests that do not use this script, we use a packet sniffer in unclear situations.
Performance test: Performance tests measure impacts of using the tested product on the system performance. The measured values provided by the tests on the system with the tested product installed are compared to the values measured on the clean machine. Every software affects the system performance at least a little bit. To give products a chance to score 100% in these tests, we usually define some level of tolerance here. This means that if the performance is affected only a bit, the product may score 100%.
Spying test: These tests attempt to spy on users' input or data. Keyloggers and packet sniffers are typical examples of spying tests. Every piece of the data they obtain is searched for a pattern, which is defined in the configuration file. These tests usually succeed if the given pattern has been found.
Termination test: These tests attempt to terminate or somehow damage processes, or their parts, of the tested product. The termination test usually succeeds if at least one of the target processes, or at least one of their parts, was terminated or damaged. All the termination tests from our suite must be configured properly using the configuration file before they can be used for tests.
Other: Tests that do not fit any of the previously defined types are of this type. These tests, for example, may check stability or reliability of the tested product.

Cheers,
Miki
Well thats it then, they only configure the suites advanced settings to the level of a noob. I am sure if they tested Vista firewall, it would fail miserably too.(contrary to test in post #34)

Issues:
testing to "noob" suite config of advanced settings
testing on an outdated-soon to be non-supported O/S
testing without certified Lab testing standards (see post #26)
"It should be noted that the testing programs are not perfect and in many cases they use methods, that are not reliable on 100%, to recognize whether the tested system passes or failed the test..."


summary
take these amateur tests with a grain of salt, and wait for the next version of Smart Security and certified lab test results;)
 
Last edited:

My Computer

System One

  • CPU
    T7600G Core2Duo 2.66 Ghz
    Motherboard
    Intel 945PM + ICH7 Chipset
    Memory
    4GB DDR2 PC2-5300 667MHz
    Graphics card(s)
    Mobility Radeon x1900 256MB
    Sound Card
    Realtek HD
    Monitor(s) Displays
    WUXGA 17"
    Screen Resolution
    1920X1200
    Hard Drives
    640GB 7200RPM SATA/RAID 0 (2x320GB) and 320GB 7200RPM External
    Mouse
    Wireless Microsoft 3000
    Internet Speed
    10 mbps/2 mbps
    Other Info
    Optical Drive: Panasonic UJ-220 DL BD-RE (Blu-Ray)
yep i set it to interactive filtering straight away and cofigured seperate rules , still no good it would appear , that said ive never had an infection ;)

it doesnt matter how you configure esets firewall , if i turn my hardware firewall off eset fails every time , commodo doesnt , esets rubbish


Hmm, I wonder, do the above test results mean Vista firewall is better than Comodo?, or is it simply a matter of properly configuring a firewall to work that makes the difference? :p

So again, I stress There is no need for Eset security. All you need is Eset Antivirus 4, Windows firewall, hardware firewall (i.e., router), IE8, and UAC, but If you are gonna use Smart Security, take the time to properly configure it for optimal results.

Smart Security is new, fresh out of Beta testing, and therefore buggy. It is also a firewall that must be configured for optimal performance/protection. In time it will become more user friendly, and less buggy.

have you been reading my posts ;) Im not using smart security , i am using eset AV commodo and a properly configured hardware/router firewall , i was using esets firewall till i read some posts here and tested it at pc flanks

noob tests or not eset still failed them and commodo passed and as for the firewall leak test heres what i get using commodo , and please do tell me how to configure esets firewall to pass the leaktest (as so far no one else has been able too) and ill reinstall and test , i want to use it i paid for it and before i configured my router firewall properly i even relied on it....unfortunately :P

commodo.jpg
 

My Computer

System One

  • Manufacturer/Model
    Custom Build
    CPU
    Intel Q9550 @ 4Gig / Titan Fenir
    Motherboard
    XFX 780i
    Memory
    4GB OCZ PC2-8500C5 DDR2
    Graphics card(s)
    Gainward GTX260/216 SLI
    Sound Card
    Creative X-FI Xtreme Gamer
    Monitor(s) Displays
    Dell UltraSharp 2209WA 22"
    Screen Resolution
    1680x1050
    Hard Drives
    western digital raptor 10000rpm sata
    PSU
    OCZ Modstream 700w
    Cooling
    Titan Fenir
    Mouse
    Logitech G5 Gamer
    Keyboard
    Razer Reclusa
    Internet Speed
    8mb
You might have corruption of your user account (permissions error)

as for configuring it, I told you how:

I personnally would set it up this way:
strict-Policy protection mode (block all Inbound/Outbound without rule)
Option-Discard previous settings
Luanched apps will then prompt for User action (allow/continue blocking, thus creating rules to that effect)
or
use Interactive filtering mode to automatically create rules through everyday interaction with the network. After all rules are specified, you can switch to Policy-based filtering mode


Any firewall first needs to be set to block all traffic (Policy based/strict protection), then configured through rules to allow selected programs in/out
if applications have a ruled defined, the rule will be obeyed, otherwise the firewall will deny all connections without notice of the user. (i.e., PCflanks website tests would therefore be blocked as there exist no rules to allow app through.)

I assume you have properly configured the firewall (set it for strict protection mode), and tweaked the settings as opposed to running it disabled/default, with generic connection rules created (i.e., allow all programs unless rule defined)?

The most important attributes in the Personal firewall > Setup section are Filtering mode and Rule setup. These attributes allow you to specify rules, zones and other parameters. This dialog window looks almost the same as the one above (post #28), except for the option Discard previous settings on the target computer. If this option is enabled, all current rules on the target computer will be removed and replaced by those in ESET Remote Administrator. If disabled, original rules will not be deleted or modified by new rules.

ESET Smart Security's firewall comes with options for creating rules for applications to connect to the outside or receive data. You can dive right into Zone and Rule setup panel and configure all the applications that need Internet connection if you do not want to be prompted when they are launched. The options permit you defining the direction of the connection (in, out or both), set the action (permit, deny or ask you), select the protocols, set up both local and remote ports (or a port range) as well as the remote IP address for the connection (supports both IPv4 and IPv6).

A third filtering mode, which can be activated only from Advanced Setup panel, is called Policy-Based. Again, the name gives you a strong hint on how it works: if applications have a ruled defined, the rule will be obeyed, otherwise the firewall will deny all connections without notice of the user. Of course, rules can be added for this mode whenever the user desires.



Eset firewall User guide and setup:
http://download.eset.com/manuals/ESE...wall_UG_EN.pdf
 
Last edited:

My Computer

System One

  • CPU
    T7600G Core2Duo 2.66 Ghz
    Motherboard
    Intel 945PM + ICH7 Chipset
    Memory
    4GB DDR2 PC2-5300 667MHz
    Graphics card(s)
    Mobility Radeon x1900 256MB
    Sound Card
    Realtek HD
    Monitor(s) Displays
    WUXGA 17"
    Screen Resolution
    1920X1200
    Hard Drives
    640GB 7200RPM SATA/RAID 0 (2x320GB) and 320GB 7200RPM External
    Mouse
    Wireless Microsoft 3000
    Internet Speed
    10 mbps/2 mbps
    Other Info
    Optical Drive: Panasonic UJ-220 DL BD-RE (Blu-Ray)
Let’s summarize the most important points regarding deployment of the ESET Smart Security Personal firewall:
The maximum level of protection is provided through Policy-based mode, though this method often requires fine-tuning of rules and zones.
• The ESET Personal firewall automatically blocks any communication which is not permitted by a rule. This is true for all modes except for Interactive filtering mode, which prompts the user to perform an action.
• If you are deploying the Personal firewall, we recommend that you configure at least one Trusted zone (Home network), regardless of the filtering mode. This will prevent users from seeing dialog windows asking them to add the current subnet to the Trusted or Not trusted zone.
• ESET Smart Security does not contain any predefined rules for handling communications within ESET Smart Security itself, as a security precaution. If you want to enable communication (updates, connection to ESET Remote Administrator Server, etc.), particularly in Policy-based mode, you must create corresponding rules.
• One of the most effective strategies for rule creation is to use Interactive filtering mode to automatically create rules through everyday interaction with the network. After all rules are specified, you can switch to Policy-based filtering mode, export the configuration to an .xml file and distribute it to other client computers.
 

My Computer

System One

  • CPU
    T7600G Core2Duo 2.66 Ghz
    Motherboard
    Intel 945PM + ICH7 Chipset
    Memory
    4GB DDR2 PC2-5300 667MHz
    Graphics card(s)
    Mobility Radeon x1900 256MB
    Sound Card
    Realtek HD
    Monitor(s) Displays
    WUXGA 17"
    Screen Resolution
    1920X1200
    Hard Drives
    640GB 7200RPM SATA/RAID 0 (2x320GB) and 320GB 7200RPM External
    Mouse
    Wireless Microsoft 3000
    Internet Speed
    10 mbps/2 mbps
    Other Info
    Optical Drive: Panasonic UJ-220 DL BD-RE (Blu-Ray)
Back
Top