-
cooldoc #2115 Eset Smart Security Beta 1 Test/Review by [deXter]
--------------------------------------------------
------------
Program Test
------------
Overview:
Firstly, this isn't just a simple bundle of Firewall + Antivirus + Antispam. Its a completely integrated (single) product; a single service "Eset Service" controls and contains the entire app. (You cannot disable this service from the service manager)
Interface:
The interface is a fresh change from the old NOD32 look. It has a slick vista-inspired look. The interface also reminds one of Kaspersky Internet Security. All notification messages are delivered using a sleek popup baloon, that fades in/out.
Performance:
As expected, performance was great! It didn't slow down a PIII PC with 256 MB ram. Although memory usage was higher than what NOD32 users are normally used to (~30 Msmiley, the CPU usage was constantly zero. But considering that you're getting a Firewall, AntiVirus and AntiSpam all in under 30 MB, it does use considerably lesser memory compared to its competitors.
Bugs:
The hotkeys Ctrl+R, Ctrl+M doesn't work. The Real-time filesystem protection couldn't be disabled from the main interface. Links like "Configure", "Enter antivirus protection advanced setup", etc in the Advanced mode sometimes don't work. Clicking on Enable/Disable on the other modules worked, but the interface doesn't update (you need to change between advanced/simple interfaces)
Limitations:
Keyboard shortcuts aren't present for the main options. It's not possible to scroll down the window using the Arrow/PgDn keys. It's not possible to quickly disable the entire program, if needed.
_deXter_ on 2007.04.07 11:13
--------------
Firewall Tests
--------------
I) GRC Shields UP!
------------------
- Port Test:
"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests."
- Messenger Spam:
No spam was received
II) Firewall Leak Tester
--------------------------
1. LeakTest:
Passed! When Leak Tester attempted to connect, Eset firewall presented a neat prompt asking me whether to allow it to connect it or not.
2. TooLeaky:
Passed! There was no leak.
3. FireHole:
The AntiVirus module picked this up as a trojan and didn't allow to download. Since I couldn't disable the antivirus, I had to remove "EXE" from the file-types to be scanned.
Failed! FireHole was able to connect by injecting code into the Internet Explorer process, since IE was allowed to connect normally, ESS didn't prompt or alert. This however, shouldn't be a problem if you're on Vista.
4. Yalta:
Can't Say - ESS did give a allow/deny prompt , but it was too late - Yalta had already sent UDP packets. However, when "Deny" was clicked, a new rule was created and Yalta was unable to send any further packets.
5. Outbound:
Did Not run - Outbound was unable to detect the ethernet adapter, and hence was unable to work.
6. PCAudit:
Failed!
7. AWFT:
Test 1 - Failed!*
Test 2 - Failed!*
Test 3 - Failed!**
Test 4 - Failed!*
Test 5 - Failed!
Test 6 - Failed!
Note: All above tests failed on Windows XP but passed on Windows Vista.
8. Thermite:
Failed!
9. CopyCat:
Failed!
10. MBTest:
Did not run. Apparently the MAC has to be hardcoded, but the source files aren't available for download.
11. WallBreaker:
Test 1 : Failed!*
Test 2 : Failed!*
Test 3 : Failed!*
Test 4 : Failed!*
12. pcAudit
Failed!
13. Ghost
Failed!
14. DNStester
Failed!
15. Surfer
Failed!*
16. Breakout
Did not run. File not found.
_deXter_ on 2007.04.07 11:13
--------------------------------
Summary of areas where ESS fails
--------------------------------
- DLL Injection / Process patching
- Launching under different context
- Timed attacks / PID Changing
- DDE based attacks
---------
Verdict
---------
ESS is a very promising product. Although the firewall is open to a few exploits like DLL injection, it shouldn't be a problem under Windows Vista. Secondly, most of the failed tests in the end manipulated IE, which gives the security-conscious user a good reason to block IE in the firewall. ESS falls short on a few areas, but its too early to pass the verdict on the final product, since its only the first beta. If they manage to plug these leeks by the final, ESS will be without any doubt the best security suit!
Pros : Low resource usage, easy to use interface, good inbound security
Cons : Firewall has average outbound security.
--------------------------
* = Assuming you allow Internet Explorer to connect.
** = Assuming you allow Windows Explorer to connect.