- Apr 25, 2013
- 5,355
Very Good Malware Blocking
Unlike Emsisoft Emergency Kit, Emsisoft Anti-Malware includes a collection of real-time protection components. Certainly you'll agree, while removing a malware infestation is good, preventing it from ever happening is even better.
Real-time scanning activates any time a file is accessed, but different products define "access" differently. For most, the minuscule access that occurs when Windows Explorer displays the filename is enough to trigger a scan. At the other end of the spectrum, GridinSoft Trojan Killer, Ashampoo Anti-Virus 2015, and a few others don't scan until just before the file executes.
I thought at first that Emsisoft fell into the latter category, which is a pain to test. Then I found that the act of moving a file to a new location was sufficient to trigger a scan. You can also tweak the File Guard settings in either direction, setting it to scan on any access for thoroughness, or to only scan on execution, for speed.
Emsisoft detected and eliminated 79 percent of the samples in my malware collection when I copied them to a new folder. It got most of the rest when I tried to launch them. In a couple of cases, it popped up an alert recommending that I quarantine a file based on its behavior; I complied.
One way or another, Emsisoft detected 93 percent of my samples and scored 9.0 of 10 possible points, the best score of any product tested with this same sample collection. Tested with my previous collection, F-Secure Anti-Virus 2015 at F-Secure and G Data Antivirus 2015 managed 9.3 points, while Webroot SecureAnywhere Antivirus (2015) took a perfect 10.
The samples for my malware blocking test are by no means new, but for my malicious URL blocking test I use URLs discovered by MRG-Effitas no more than a few hours before. Emsisoft's Surf Protection blocked some of these. Many similar products replace the blocked site with a notification message in the browser. Emsisoft simply pops up a notification, leaving the browser to display an error message.
Even though they're very new, many of the URLs in the malware feed are already defunct by the time I test them. I continue testing, noting whether the product blocked access to the URL, wiped out the malware download, or did nothing, until I've got 100 date points.
In a test earlier this year, Emsisoft's previous edition did quite well, with 70 percent protection. I'm not sure what happened in this re-test, but this time it only managed 33 percent, a bit below the current average of 38 percent. McAfee AntiVirus Plus 2015 remains the record-holder, with 85 percent protection.
Behavior-Based Blocking
Whenever I see a product use behavior-based detection on malware, I run a sanity check to make sure it's not going overboard. Specifically, I try to install about 20 PCMag utilities that must hook deeply into Windows to perform their function.
Just as I feared, Emsisoft's behavior-based detection kicked in when it shouldn't have. It warned about modification of autorun entries during three program installations. When I chose Block Once, the programs still ran OK. That same warning kicked in for two installed programs. Of course they didn't run when I clicked Block Once.
All of those warnings were tinted amber. I didn't realize they came in different colors until I encountered a red-bordered one warning that one utility was "attempting to manipulate other processes." What's an average user to make of that?
I'm not a fan of behavioral detection systems that flag every little action. This offloads the task of deciding what's good and what's not onto the user, who probably isn't qualified to make that decision. Webroot relies strongly on behavior analysis, but it looks at the aggregate of a program's activities and makes its own decisions. The SONAR component in Norton likewise watches program behavior and makes its own decisions.
A Good Choice
I'm impressed with Emsisoft's consumer focus, evidenced in the shrinking renewal price policy and the promise to do whatever is necessary to eliminate malware. It scored very well in our hands-on malware removal test and in tests by the independent labs that include it. When challenged to detect and block malware-hosting URLs and phishing URLs, though, it didn't do quite as well.
Emsisoft Anti-Malware 10.0 can be a good choice for those who feel they may need some extra hand-holding as far as security goes. Even so, our Editors' Choice honor in the commercial antivirus area remains unchanged, shared by Bitdefender Antivirus Plus 2015, Kaspersky Anti-Virus (2015), and Webroot SecureAnywhere Antivirus (2015).
Full Article