Now I understandThe attack will be blocked on nearly 1/2 of computers. The attackers do not like the attack methods that can decrease the chances by 50% when there are several more promising methods (like some other LOLBins, etc.).
Now I understandThe attack will be blocked on nearly 1/2 of computers. The attackers do not like the attack methods that can decrease the chances by 50% when there are several more promising methods (like some other LOLBins, etc.).
So it's not meant for end users?Eset is designed to be hardened by those that know how and are capable.
You can perfectly take this test as real life, you are wrong. AVs are tested under predetermined conditions.I'm going to post a probably not popular view but none the less the double standards also set with not testing as designed as I already mentioned.
If CS were to test CIS against this, all of you would expect to see it done with CS's set up she uses, basically tweaking the settings. This is normal because CIS was designed to be tweaked. Yet the testing of this product also designed to be tweaked is tested at defaults and no one ever questions that. Eset is designed to be hardened by those that know how and are capable.
So again as stated, this is certainly not real world testing.
Ah wel let's all ignore the results of Cruel Sister's video. The result is irrelevant because it is not based on real world situations. It is like the car crash test! How often do you drive into a solid piece of concrete? Besides look at the driver, it is a doll, not even a human who can configure ESET's HIPS (sorry car) to brake and evade the collision easily.
So for each test each software should be tweaked? But to what standard? For e.g kasperksy to NOT trust digitally signed software AND put all apps that can't be categorized into High Restricted as well as the apps that load prior to KTS?I'm going to post a probably not popular view but none the less the double standards also set with not testing as designed as I already mentioned.
If CS were to test CIS against this, all of you would expect to see it done with CS's set up she uses, basically tweaking the settings. This is normal because CIS was designed to be tweaked. Yet the testing of this product also designed to be tweaked is tested at defaults and no one ever questions that. Eset is designed to be hardened by those that know how and are capable.
So again as stated, this is certainly not real world testing.
Finally a user in the thread that understands the product being tested. That is exactly it and why I posted what I did, besides your response the other ones demonstrate the comprehension of testing and product abilities, meaning they do not fully grasp.ESET is known for striving for balance: detection/FP, performance, user-friendliness.
That's why I think they will default to a "sure" setting that doesn't generate FP and customer support queries. On the other hand, the wide options of advanced settings allow to individually block single and more specific attack paths.
I would like the ability to set clickable "levels/modes" of protection: for example - basic, medium, hard. Where selecting it would harden the predefined settings of the individual software components - HIPS, firewall, etc. And in "hard" such behavior would be blocked on the firewall for example. This could generate trouble/FP, but that would be expected in "hard" mode.
So you are saying CS should only test CIS on defaults from now on to keep things fair between product then ?So for each test each software should be tweaked? But to what standard? For e.g kasperksy to NOT trust digitally signed software AND put all apps that can't be categorized into High Restricted as well as the apps that load prior to KTS?
For a normal software sold to end users I would expect it to be good at default settings since most user will never look into any settings at all.
At one time, BD used to offer something along that line, regarding the below. I don't remember what the the options for the Firewall were.ESET is known for striving for balance: detection/FP, performance, user-friendliness.
That's why I think they will default to a "sure" setting that doesn't generate FP and customer support queries. On the other hand, the wide options of advanced settings allow to individually block single and more specific attack paths.
I would like the ability to set clickable "levels/modes" of protection: for example - basic, medium, hard. Where selecting it would harden the predefined settings of the individual software components - HIPS, firewall, etc. And in "hard" such behavior would be blocked on the firewall for example. This could generate trouble/FP, but that would be expected in "hard" mode.
The fact that Lenny gave this reputation tells me much about the extent of knowledge either of you have of this product. It's exactly what I mean. You do understand this product has a Hips and you can creat custom rules for it and the firewall correct? You can actually create rules to allow, block or ask for applications, you can assign file operations, select target folders to protect, you can create rules to prevent modification of file directories, ect. It's a daunting task for those unaware of the products capabilities, the operating system, and ability to determine false positives. Definitely takes an advanced user to utilize its abilities.You can perfectly take this test as real life, you are wrong. AVs are tested under predetermined conditions.
I am sure that Eset configured to the maximum will not protect you from that malware, since it is a signature-dependent AV.
So you are saying it's not meant for home users. Correct?Definitely takes an advanced user to utilize its abilities.
I'm saying if you want to squeeze all the capabilities out this product you must learn it. Which is exactly what that statement reads.So you are saying it's not meant for home users. Correct?
They had a full blown HIPS in 2008. It covered startup items and a few other system points, BD would issue a prompt. The settings you are displaying were also offered for IDS under firewall (which is policy-based behavioural blocker, e.g. Adobe reader not allowed to create executables). IDS had 5 different levels. There was also a Data Loss Prevention feature that scanned the traffic for certain data, like credit card details (it did not support HTTPs and was killed).At one time, BD used to offer something along that line, regarding the below. I don't remember what the the options for the Firewall were.
View attachment 282951
This would require a phishing attack or something of the nature to deploy, hence the route for infection stated many times through out this thread. Fileless malware are truly fileless or lack executable's? Would not scanners detect more then just executable's in a file. How would we know since the video is done half arse. Its just pure speculation because the product was not tested properly.Finally, about the malware used in this video- the entry point was a LoLBin; this opened the door to fileless malware attack which would have not been successful if the product tested was aware of the initial entry, and in these times ignorance is sub-optimal (ESET- Knock, Knock).
The was no malicious item in the first video, just a demo of the file bypass which of course worked because the product does not block these as they can be used for good or bad, and already explained its a security tool. Route of infection is very important for a product to work as designed. Notice I'm not putting emphasis on any particular product right now. The second video same demonstration of a modified to drop a infection but again, route of infection was not displayed. The product was not given a chance regardless if it could stop the infection or not.When following real world procedures (like AV-test and AV-comparatives) most AV's have near perfect scores. The point Cruel Sister was making in her first video is that allowing a dropper through a LoLbin is a considerable risk factor (you don't know whether the downloaded file is good or bad). Her (in my opinion correct) warning that ESET could do better, triggered a bombardment of critisism that the file dropped was not really malicious. That is why she posted the second video (which dropped something harmefull and bricked user files).
Now they are critising @cruelsister 's video again with the arrgument that it did not come through the "front door". That argument in itself is valid. People can't be infected out of nowhere. But for average PC users the most common routes of infection through the 'front door" are responding to an email with either a prize or an tax invoice. The trick is to trigger an emotion (greed, anger and fear work the best). Another often used rout eof infection is an average home users being redirected to websites looking like an antivirus telling you are infected (using the fear emotion) and you need to download something.
So getting through the front door is trival, but even using the front door approach ESET has its limitations (and CS video shows why they probably missed the 1.8 percent of tthe "in the wild samples, using real world scenario's" in the picture below).
View attachment 282949
But as @Showdara posted, it just confiorms his experience.