It uses https scanning system wide, so no extension is used.
Do the MiTM/intercept https certificates by installing their own in the browser or not ? I find the AV doing MiTM a bit intrusive
It uses https scanning system wide, so no extension is used.
They do, I go back and forth between turning it off and relying on extensions and my router filtering, and leaving it on. But, one way to look at it if you want the protection is that the AV already has access to just about everything on your system. MiTM isn't going to change anything if they want to breach your privacy. And they have improved flagging bad/unencrypted/broken connections. Still I understand being wary of MiTM with certificates. They also have added support for TLS 1.3.Do the MiTM/intercept https certificates by installing their own in the browser or not ? I find the AV doing MiTM a bit intrusive
It does not bypass all protections. ESET does not intercept EV Certificates. It will open a banking mode browser if you so choose, but it does not intercept those communications on EV sites even in the banking browser.Yeah I am still not a fan of MiTM SSL interception. Browsers go out of their way to do extended certificate validation (such as pinning for popular services in Chrome and supplementing the revocation list) and enforce policies around mixed SSL content. By presenting to a browser a manually force-trusted certificate it not only bypasses all the browser provided security features (which I guarantee is better than what any 3rd party AV has implemented), but it also leaves on disk a private cert that any attacker can use to generate HTTPS pages that the browser trusts.
I understand the things they gain out of SSL inspection but that's something I'm never willing to go with, and it automatically erodes my trust when an AV program automatically opts me into this kind of feature without explicitly asking for consent while explaining the pros and cons to SSL inspection.
BTW, Cisco has been working on malware inspection techniques that don't involve SSL decryption: Detecting Encrypted Malware Traffic (Without Decryption)
This was productized last year as Encrypted Traffic Analysis on their high end equipment: Cisco Adds Encrypted Traffic Analysis Function
Glad to hear that is the case! I should also add that legally the interception of banking and healthcare web traffic can be problematic and can violate a lot of regulations particularly in the EU unless you have put your product through a certification process. I’ve had to deal with this nightmare before with centralized SSL filtering appliances.It does not bypass all protections. ESET does not intercept EV Certificates. It will open a banking mode browser if you so choose, but it does not intercept those communications on EV sites even in the banking browser.
It does not bypass all protections. ESET does not intercept EV Certificates. It will open a banking mode browser if you so choose, but it does not intercept those communications on EV sites even in the banking browser.
Notice that that article is 5 years old. Most vendors have changed. ESET now supports TLS 1.3.I wouldn't touch the HTTPS scanning feature with a ten foot pole.
"Not only that, inspecting SSL negotiation with Wireshark shows the ESET application actually downgrades your SSL connection to TLSv1.0 even if your browser and the site you are visiting would normally use the much stronger TLSv1.1 or TLSv1.2."
Source: Don't use ESET SSL protocol filtering
They were downgrading encryption to protect you from malware and exploits that an up-to-date browser alone would have probably protected you from.
Notice that that article is 5 years old. Most vendors have changed. ESET now supports TLS 1.3.
ESET is the main vendor of enterprise products in EU.Glad to hear that is the case! I should also add that legally the interception of banking and healthcare web traffic can be problematic and can violate a lot of regulations particularly in the EU unless you have put your product through a certification process. I’ve had to deal with this nightmare before with centralized SSL filtering appliances.
At any rate I'm very glad they don't intercept EV certs but that also means they too are cognizant of the implications of SSL interception. It's still my personal opinion that I dislike these features and would like to be explicitly asked to opt in rather than finding out by surprise. Everyone else is welcome to make their own choice!
Some people agree with it, some don’t. I was just sharing the current facts. I understand why you are opposed to https inspection.Until the specs change and it takes them forever to update it. Or they re-use the private key. Or they support old encryption cyphers. All of which has happened in the past. And if you want my opinion, AV manufacturers have been so consistently bad at it that I wish they would just stop altogether. If the last three out of three cars you've bought from an auto manufacture have had engine failure, why do you think this latest model is going to be any different?
Out of curiosity did you try those same samples on any other AV?Did a small test with Eset and the " implemented security changes " they made were silent when i released some malware on it.
Its a nice and light AV but lacks the detection rate some other AV have.
Agreed, most of the code is written in this
Is it really or is this the ongoing myth about their software? Coz writing in assembly is incredibly inefficient for today's standards.
I think people are just baffled by how light ESET is while still having good protection.It's entirely pointless there days and I doubt there's even a talent pool of assembly developers to maintain a project, I'm not aware of any active assembly-only (or at least mostly assembly) projects these days - perhaps they exist in the embedded space, which I'm not familiar with.
int 21
I tend to agree. I haven’t had less than 16 in a long time. And it hasn’t hindered anything.The "light" is such a weird definition these days. I mean, I have freaking 32GB of RAM pretty much just because I can. And it wasn't even stupid expensive. Before this I had 18GB (triple channel X58, hence the funny number). And even if I only had 16GB, last time I opened task manager to worry about RAM was back when Windows XP was a thing and I had system with 1GB of RAM iirc.
You're comparing lightness with ram usage only which is wrong. There are many other parameters beside ram usage.The "light" is such a weird definition these days. I mean, I have freaking 32GB of RAM pretty much just because I can. And it wasn't even stupid expensive. Before this I had 18GB (triple channel X58, hence the funny number). And even if I only had 16GB, last time I opened task manager to worry about RAM was back when Windows XP was a thing and I had system with 1GB of RAM iirc.