New ESET Internet Security for 2018 under the microscope of AVLab with a contest for readers
ConclusionsIs ESET a good product? It's solid, it's good, but there are areas to work on. Perhaps it is better because the producer will not rest on his laurels until he reaches perfection. That in the security industry can never be worked out. Fighting cybercrime means constant improvement and getting to know your enemy.
As a company specializing in security software testing and on the occasion of previous surveys prepared by AVLab, we have tested the effectiveness of ESET's security in practice. And with full responsibility we state that it is good. How to do "very well" from "good", we give below. These practical configuration changes prepared by AVLab will allow users to enjoy better protection against threats, which even advanced users are not necessarily aware of.
We have also prepared a competition where you can win 10 annual licenses for ESET Internet Security. To get one of the licenses just read the following review carefully and answer the competition question, which is at the end of the article.
The pre-session word
ESET, headquartered in Bratislava at the end of October, announced the launch of the latest solutions for home users. The Polish developers from the Krakow research and development department, who have improved the mechanisms for detecting threats, including viruses, which have been activated before the operating system was launched, had a significant share in the development of security technologies. There are of course more changes in ESET's latest products, and all of them are mentioned in this review.
ESET has existed on the Polish market for over 16 years. True, one and a half decades is a long time, but the Slovaks were not the first. Users in the IT industry, older people remember the times Polish antivirus program "mks_vir" . It was the end of the nineties. Exactly in 1987, the first version of the "usable" program for the MS-DOS system went to the administrators and computer gics, while a year later a visual version for Windows 98 and ME was tried. Since then, for about a decade there have been no major distributions of antivirus software in Poland that we know today. The industry void was filled in 2000 by the representation of Kaspersky Lab, which opened a foreign office in Poland and as the second on world. Exactly at the same time Tomasz Kojm at the University of Toruń started work on ClamAV , the author's open-source antivirus project currently used by technological giants, including Google, which scans files for threats in Dropbox, Google Drive Gmail and others. And since we're at Google, there's hardly anyone who knows that Google in your solution is Google Chrome Cleanup
built a ESET-based technology security tool that automatically informs Chrome users about the detection of potentially unwanted applications (e.g. browser add-ons) and gives you the option of deleting them. Chrome Cleanup uses ESET technology to identify and eliminate suspicious or unwanted programs on a Windows computer. The tool works in the background, without slowing down the user's work. It has been introduced to the latest version of the Google Chrome browser, whereby Chrome Cleanup is not an "antivirus" - it is very important.
In the meantime, thanks to the official distributor - Dagma, ESET NOD32 appeared on the Polish market.
In fact, anti-viruses developed by our southern neighbor started life already in 1987, and in the following years ESET software only grew in popularity (the full history of ESET can be traced here ). It is worth adding that in 1992 current antivirus distributor ESET - the company Dagma, imported from the UK Dr Solomon's Antivirus software, which at the time protected most operating systems: Microsoft Windows up to 98, Novell, SCO Unix, Sun Solaris and OS / 2 .
Currently, ESET employs over 1,300 people and has over 110 million users worldwide. By 2022, ESET plans to employ an additional 800 people, mainly IT specialists. The construction of a new campus has already begun in Bratislava, which is to occupy 25 thousand zlotys. sqm. and accommodate up to 1,400 people.
ESET has taken root also in Polish soil. In the old capital, in Krakow, there is a research and development center, where about 70 employees, mainly risk analysts and developers, are responsible for the development of the antivirus engine. This is where the analysis of malicious software that requires human intervention in the reverse engineering process is carried out. There are also new malicious procedures stuck in the virus code, as well as cybercriminals' cybercrime techniques. The Krakow office is also making important decisions that have an impact on the further development of protective technologies, the effectiveness of which for all these years was conducive to popularizing the ESET brand in our country.
Today, it is estimated that Slovak company products protect over 4 million computers and mobile devices in Poland - at the end of 2016, research by ARC Rynek i Opinia , which based its survey on a relatively small number of respondents nationwide. Unfortunately, it only concerned individual users. More reliable information was provided by the Gartner consulting company. Published report on revenues allows you to estimate which companies enjoy the highest trust among Polish clients and products which Polish companies reach most often. It turned out that in 2012, ESET, Kaspersky Lab and F-Secure anti-viruses were most commonly used to secure up to 4 workstations, but the most, because 24% of shares in sales on the consumer market belonged to the supplier from the south. The solution for companies, ESET Endpoint Security, in the " Gartner Peer Insights Customers Choice 2017 " prepared based on the opinions and assessments of IT department employees and business owners, it can boast a brown distinction in the ranking based on the opinions of users and the general review they provide.
Privacy and security with ESET
As every year, all ESET products have been refined, so current customers should not be concerned about technical innovations. Among the improved solutions are:
- Legendary ESET NOD32 Antivirus (antivirus and antispyware).
- ESET Internet Security (complete security package with Anti-Theft and successor of ESET Smart Security).
- ESET Smart Security Premium ("premium" security package, which in addition to the extensive protection of a computer connected to the network, offers the option of encrypting data and password manager).
- ESET Security Pack (ESET solutions package to protect your computer and smartphones) is available in two versions:
- Letting you protect 1 computer and 1 smartphone / tablet.
- Protects 3 computers and 3 smartphones / tablets.
All presented solutions from ESET's portfolio are addressed to home users as well as micro and small companies who want to protect up to several devices. In this year's edition, we will no longer find ESET Smart Security software because it has been replaced with the ESET Internet Security article reviewed in this article.
ESET Internet Security is a pretty nice treat for users who value mobile work. It has security in the form of Anti-Theft module: in the case of theft or loss of a laptop, allows you to locate the device, block access to the account in the system and send a message to the new "owner" (in the mobile version for devices with Android, ESET Mobile Security has more features "anti-thieving"). In these circumstances, the license owner can remotely lock the device through the "my.eset.com" portal, and the potential thief will be able to log in "only" to the newly created account with guest privileges.
The first moments of "chewing" the functionality of the "widomo" account allowed us to assume that it is a simplified honeypot, where any unauthorized person who tries to use a stolen device will gain access only to false data. Thief with advanced IT knowledge can get access to user data, in most cases the ESET solution will work very well.
Recipients who choose the solution ESET Smart Security Premium (instead of ESET Internet Security) will receive the "Secure Data" module in their package - this, allows you to encrypt files on your computer and removable drives. ESET Smart Security Premium contains so two in one - protection against malicious software and data encryption.
If the device is not stored strictly documents, then you can try Microsoft's system tool - BitLocker, which will prevent amateur fans from browsing other people's laptops. BitLocker also has a dark side - you have to remember that Microsoft is suspected of implementing a backdoor in this solution, in BitLocker never passed independent audit.
Data encryption and backup are the only reliable way to protect files, not only against cybercriminals, but also against threats from the krypto-ransomware family. For demanding, home administrators, ESET can still offer DESlock + solution . Although it is mainly intended for business users, a reasonable price and free trial period can encourage a specific audience to test DESlock + for free.
Very good protection of the computer against unauthorized logging into the system are Yubikey keys , which use the power of asymmetric encryption with an unbreakable RSA-4096 cryptographic key for modern devices. Users need to know that Yubikey is not a security software - it's for something completely different. The "Yubi" keys do not protect the device against malware: they do not protect against spam, malicious websites containing malware or cryptocurrency excavators. In the same way, they will not protect against malvertising, drive-by downloads or spoofing of ARP tables. In contrast, security software is a perfect complement to comprehensive security.
Another very important feature from the point of privacy and security (in this context, it is synonymous words) is the function of protecting access to the webcam. During such a trial, the security software will display a warning, in the event that similar access is "requested" by malicious software not detected by the antivirus engine. In such a situation, even a person without appropriate technical qualifications can easily locate the threat, i.e. a process that requests such access. As a result, it will be possible to follow the source suspicious process - the user will be informed about the executable file that is trying to access the camera. In the case under consideration, access to the webcam "asks" the website via the Firefox browser.
If someone still thinks that the protection of the webcam is unnecessary functionality, then the director of the FBI, who zakleja webcam probably can not be wrong? The boss of Facebook also takes care of his privacy in the same way. It is also done by Pope Francis on his tablet.
With ESET's products, you can forget about stickers. The camera's protection function will work very well, although it is sure that only the black, self-adhesive tape will convince the most fearful users.
(Un) secure online banking
We've already written a lot about online banking. At the beginning of 2017, AVLab carried out a test to prove whether so-called "secure browsers" or "virtual environments" that isolate sensitive processes from the Windows operating system, are actually suitable for what they were programmed for. Detailed information can be found in the report " Test of anti-virus modules for the protection of online banking ".
In general, the functionality of "ESET Online Banking Protection" secures the system WinAPI against key interception, ie when entering bank account numbers or logging into online banking, the user is protected from manipulation of input data at the browser interface level. But that's not all, when an HTTPS page is viewed, an attacker who gains control of the system is unable to inject malicious DLLs into the "secure browser" processes. It is also not able to carry out MiTM attacks within the range of Wi-Fi networks and inject false SSL certificates without an anti-virus warning message - if it succeeded, the attacker could decrypt packets passing through HTTPS protocol, modify and re-encrypt them by sending to the browser. The data is protected by a very good, proven by AVLab in practice, two-way firewall containing intrusion detection system (IDS), which detects attacks poisoning ARP tables, attacks modifying DNS entries, fake PING queries, attacks using gaps on SMB, RPC, RDP protocols and port scanning attacks.
Internet banking protection in ESET is unfortunately not perfect. There are certain aspects that the manufacturer needs to work on. Nevertheless, regardless of the software for the protection of online banking, we recommend taking precautions before we even begin to interact with the bank's virtual branch. First, let's make sure that the operating system contains security updates and that it is protected by reputable security software, the effectiveness of which has been confirmed in independent tests for Internet attacks.
Protect your home Wi-Fi network
Do you remember KRACK ? Until now, it was thought that the WPA2 protocol for wireless networks (IEEE 802.11) is a completely sufficient security. Unfortunately it is not. KRACK (Key Reinstallation AttaCK) refers to 11 vulnerabilities in the WPA2 protocol, with some devices may contain more than one vulnerability. However, before you start to log in to the wireless networks in blocks, at school, at work or at the university, make sure that the routers and access points contain security patches installed. Yes - this is bothersome: you can use a simple script which, when running in a Python interpreter, will verify the vulnerability of nearby points access on KRACK:
[15:48:47] AP transmitted data using IV=5 (seq=4) [15:48:47] AP transmitted data using IV=5 (seq=4) [15:48:47] IV reuse detected (IV=5, seq=4). AP is vulnerable!
Who will want to verify each access point?
KRACK is a compulsory issue for everyone who uses wireless Internet. This case is so serious that unregulated security rules can lead to the decoding of all communication transmitted between the device, the access point and the server. At the same time, it should be remembered that encryption-proof protocols, such as HTTPS, SFTP, SMTP, IMAP and others, are resistant to eavesdropping. It is also worth using VPNs that create something like a special tunnel between the device and the server. Encrypting all communication gives complete resistance to KRACK.
A very important tip - if in practice it is difficult to verify any access point for KRACK vulnerability, it is better to avoid public (and even secured) Wi-Fi networks. It is simply safer to use the operator's links, ie the mobile Internet.
"Home Network Monitor" in the context of KRACK vulnerability will help identify potential weaknesses in home network security, but not only. In public places it will check whether the access password to the router is strong enough, identify the devices connected to the router and what is very important - it will give the user an insight into unknown devices nearby. Then it is worth to watch and disconnect from such a network or connect to the Internet using the mentioned VPN. In addition, the "Home Network Monitor" will indicate the gateway address, i.e. the IP address of the access point through which devices in the local network communicate with the Internet, and less technical users to whom this module is addressed will gain knowledge about devices located near the access point.
ESET software according to AVLab
We want to devote a comprehensive paragraph to comprehensive antivirus protection. There are good reasons for this. First of all, all the latest ESET solutions have a function that blocks threats that try to activate and attack the user right after turning on the computer before the operating system starts - this is the so-called UEFI scanner. Secondly, and more importantly, we must pride ESET - their proprietary mechanisms have been gaining very good ratings for many years confirming the effectiveness of security measures. The well-configured firewall module is already in the default mode, which detects the malicious communication used by botnet networks, the mentioned "ARP spoofing" attacks allowing the attacker to capture data sent within the local network segment, and "DNS cache poisoning" network attacks that make the most impression on AVLab experts. on the attacker sending false information to the DNS server associating the domain name with the IP address. Of course, the manufacturer writes about such safeguards in his advertising materials, but the most important for end users is the fact that it all just works in practice. It should also be remembered that the firewall is available in the ESET Internet Security and ESET Smart Security Premium solution, so if you need to save several dozen zlotys a year on a version that does not have a two-way firewall, and you make transfers, log on to sites seemingly protected by the HTTPS protocol, consider , are you sure you can choose the software that will replace the intrusion detection system.
Better Windows protection with ESET and AVLab
Users with more technical knowledge are aware that the default configuration of antivirus programs is not always appropriate. Sometimes the manufacturer consciously decides to reduce the level of protection at the expense of better performance or to save the users nerves, which are most often caused by the "hyperactivity" of the security solution. End users who require almost full automation from antivirus are the overwhelming group of customers in relation to computer giks who are "aware" of Internet threats and attacks, but they are not necessarily able to deal with them. If something goes wrong, they hang dogs on the software for losses caused by, for example, ransomware. With each failure you should come out stronger and smarter, so you have to ask yourself - why the security software did not live up to the task and what could have been better to help yourself?
Dear readers, if you do not know, we know. We have prepared a practical configuration of ESET software that will significantly increase the protection of Windows computers with minimal technical knowledge of the user:
1. In advanced scanner settings, we enable the detection of potentially unwanted and dangerous applications. The first category includes mainly adware and bloatware, to the other all varieties of so-called. riskware: crackers, license key generators, hacking tools, password cracking programs, programs extracting license information from the registry, and more. You can activate the option "Enable detection of potentially unwanted applications" at the installation stage. Other settings need to be made after installing the product.
2. In real-time protection settings, we enable detection of viruses written in high-level languages (mainly scripting) and packed programs. In 99% of cases, malware authors use so-called packers for compressing executable files that allow you to fool antivirus signatures. It must be remembered, however, that legitimate software installers can also be compressed.
3. In the firewall settings, we enable detection of attacks that falsify packets sent to the DNS server (DNS poisoning). Optionally, we can enable an information message that will display an information window when the event occurs.
4. In packet scanning settings, which are decapsulated and re-encapsulated, we enable protection for incoming connections with SMB, RDP and RCP protocols. It is through the vulnerability in the SMB protocol that the invasion of WannaCry ransomware and recently started BadRabbit . But not only, the EternalBlue, EternalSynergy, EternalRomance and EternalChampion exploits that were stolen from the NSA network and forwarded to the ShadowBrokers group were put up for sale for over $ 130,000. Probably, the lack of volunteers resulted in making the GitHub website available to almost ready-made exploits, which are now used by both security researchers and cybercriminals.
Well, the presented configuration certainly does not protect the user against all internet attacks and any malware sample. This change of settings will significantly increase the level of protection, and ESET software, while taking precautions and common sense, will not cause any problem.
ESET Internet Security performance
Compliance with the above guidelines should not have a significant effect on performance, especially when the computer has an SSD. If someone has been delaying his purchase so far, it's probably the right moment to drastically speed up the start of Windows and all installed programs.
Since we are at performance, let's be honest - we will meet both positive and negative comments about the impact of ESET software on the work of the computer. For people who do not believe that the antivirus can be light, we recommend to try free versions for 30 days , which can be downloaded from the manufacturer's website. However, it is worth solving the performance problem definitively. Once and for all. Thanks to SSD disks, even old devices will gain a second youth.
On a workstation with a 6-core AMD-FX 6300 and 8GB of RAM, we checked the performance of ESET Internet Security. The purpose of this test was to examine the demand of antivirus processes on CPU and RAM. This method allows to separate the processor's consumption and the use of RAM by installed applications from the antivirus program.
In idle mode, during a 5-minute test, we collected CPU time consumption results only through anti-virus and RAM processes. The results were averaged. And yes:
- On average (in idle mode), the program needed 0.183% of the time of one processor core. The so-called "overhead" on the processor was virtually unnoticeable. A slight change can only be seen at the end of the test in the last 10 seconds.
- Similarly, on average, the program needed approximately 72 MB of RAM.
During the scan, the maximum CPU usage at one second of the test reached 95%, which means that at this point one of the antivirus processes has reserved 95% of the time of one processor core, and did not need more power to operate. If the consumption exceeded 101%, we could talk about the use of the full one core and the other core in a degree of 1%. If the consumption exceeded 201%, we would know about the full use of two cores and 1% for the third core. And so on.
- On average, all anti-virus processes needed 37.05% of the time to run only one CPU core.
- On average (during scanning), the program needed a total of about 79 MB of RAM for all of its processes.
Why did ESET's scanning software use so little RAM? We are hurriedly explaining:
- The scanning engine is simply very well optimized. We will not be pioneers if we say that RAM usage depends on the software. One is bigger, the other is smaller. ESET products have never belonged to those that were characterized by increased resource appetite.
- We've been guided by a policy that almost everyone knows and it is very important: after installing any anti-virus, we recommend that you perform a full scan of all disks. This is an extremely important operation for the entire system's performance - at work or entertainment, anti-virus in the background and "silently" will verify the security of files used by the browser, office suite or processes and files running the game. In the case when all data will be scanned beforehand, the "overhead" of antivirus processes on the CPU and RAM will be smaller, because anti-viruses "remember" recently scanned files and do not verify their security until it changes their state or some process requests access to them.
The very small impact of ESET software on the computer's work is confirmed not only by our internal test, carried out for the purposes of this review. In October, AV-Comparatives published a study checking performance, in which the solution of the Slovakian company reached an almost maximum score of 99.2 points / 100 .
ESET obtained these results in AVLab tests
Let's stay still for a moment in protection: the basic difference between AVLab tests and the tests carried out by the AV-Comparatives and AV-Test laboratories is the practical approach to protection. While other laboratories use a large amount of malware, the Polish company AVLab approaches it differently - even more practically - uses malicious software, tools and techniques to circumvent security measures that are used in real attacks by cybercriminals.
Spośród najnowszych testów AVLab w szczególności polecamy:
- Great software test for home and for companies to protect against krypto-ransomware . The ESET solution won the "AVLab BEST ++" certificate.
- Test of anti-virus modules to protect online banking . Although most of the tested products could not boast a very good result, the global uniqueness of this test means that every person who uses online banking should read this report from cover to cover.
- Anti-virus protection against drive-by download attacks . ESET's products have won the highest distinction of "AVLab BEST +++" and proved in practice that the company ESET with drive-by download attacks is doing very well.
- Test for protection against fileless viruses . In the study we used undetectable malware for each solution, so the more reliable firewall module with an intrusion detection system deserves praise. Again, ESET solutions achieve the maximum "AVLab BEST +++" rating.
- A little less reflective of aspects of practical protection, but it is still interesting comparison of free antivirus scanners from September 2017 < / a> which each of us uses from time to time to verify the computer's security status. ESET's software has again obtained the "AVLab BEST ++" certificate.
How can you protect yourself against unpredictable? It's best to have mobile antivirus software on board. And since we are reviewing the ESET solution, we must also mention the mobile product ESET Mobile Security for Android, which costs less than PLN 30 for a 12-month license. ESET Mobile Security for Android is also available as part of the ESET Security Pack package.
The Android system is as vulnerable to malware as Windows. We are dealing here with an unwritten rule of greater responsibility for entering data into the device. And as usual, there is some deviation from this principle: the final recipient can not be blamed for damages that he could not have foreseen. If Google Play contains a lot of malicious programs < / a>, in addition, fails to detect them , we can not only take responsibility for the user. This, installing the application from a seemingly secure and official source, "entrusted" its security to the sole provider of applications for Android. Unfortunately, we often describe incidents when malware authors place a non-infected copy of the application on Google Play to update the program with malicious features after a few weeks (or months). As a result, each user who downloaded and installed such an application will be infected with an updated copy, which previously Google Play Protect verified as safe.
It's true that a mobile antivirus that does not have root access will not be able to remove the most dangerous viruses that have already exploited vulnerabilities in Android and installed themselves with root privileges. Prevention is the best protection, so it is worth protecting yourself against harm. First and foremost, it should be done by less technical users who do not yet have the advantage of mobile malware. In addition, the protection function is only part of the capabilities of mobile anti-viruses.
After pairing the mobile device with the "my.eset.com" portal, we get the possibility to track the phone. We can also lock the screen after 2, 3 or 5 incorrect attempts to unlock the screen. If we decide so, the device will also be blocked after removing the SIM card and, as a last resort, we can remotely erase the data on it. We manage commands from the console in the cloud using simple SMS commands. We can also take a picture of a person who has "got" possession of the phone, send it a "polite" message or accurately track the device using GPS and Wi-Fi coverage. Law enforcement agencies, in addition to the IMEI number of the device (which can be obtained from the injured or operator) may be useful for the current position of the smartphone on the map.
The real bane of the Android system is security updates. Currently, top devices are patched by the manufacturer for a maximum of 2-3 years from the date of its premiere. This, unfortunately, reflects on safety, and that's a lot. For example, when the first official information about the vulnerability in Stagefright appeared on July 27, 2015, the problem concerned about 95% of smartphones operating under the control of a green robot system. ESET has even prepared a special application to check the device's vulnerability. The hole in the Stagefright library is responsible for media processing - sending a crafted MMS file can run malicious code on the device. The whole process runs in the background, without the user's knowledge and involvement. Interestingly, a criminal can delete a message immediately after a successful action, and the victim will not see any interference. Although Stagefright's susceptibility was discussed at the BlackHat conference in the same year, virtually nothing came of it.
Eliminating the gaps in the source code of the operating system is a task for device manufacturers. They must remove the defects and provide upgrades for the different versions of the operating systems on users' devices. All liability can not be left to the antivirus software developers, because these are increasingly limited by Google, which encapsulates the Android system.
You could still write a lot about ESET products and company successes. In addition to the aforementioned solutions for protecting Windows and Android systems, a good anti-theft module, my.eset.com portal consolidating information about licenses, a great two-way firewall module with built-in intrusion detection system, solid anti-virus protection and gained trust by more than 110 million customers worldwide, it is worth mentioning technical assistance for end users. Well, home and end users buying any ESET software receive Polish technical support performed by certified engineers. The distributor is available by phone and email. Also, the website contains an extensive guidance system that will help you solve the most common problems.
Is ESET a good product? It's solid, it's good, but there are areas to work on. Perhaps it is better because the producer will not rest on his laurels until he reaches perfection. That in the security industry can never be worked out. Fight against cybercrime means constant improvement and getting to know your own enemy:
If you know yourself and your enemy, you will successfully survive a hundred battles. If you do not recognize your enemy, but you recognize yourself, win one battle and lose the other. If you do not know about yourself or the enemy, each skirmish will be a threat to you - Sun Zi, VI w. P.en.
Competition: one of the 10 ESET Internet Security licenses can be yours
Have you read the review from cover to cover? Here are Regulations and a competition question:
Which of the ESET Internet Security settings allows you to protect against viruses in high-level languages?
Tip: This option is described in one of the screenshots.
Please post comments to reviews and answers to the competition question. We respect the privacy of our readers, therefore we do not log their activities. In order for us to contact the winners, please fill in the E-MAIL field when providing answers.
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.