Emsisoft Anti-Malware 10.0 PCMag review

Status
Not open for further replies.

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,354
Ashampoo_Snap_2015.06.26_09h14m27s_001_.jpg


Very Good Malware Blocking
Unlike Emsisoft Emergency Kit, Emsisoft Anti-Malware includes a collection of real-time protection components. Certainly you'll agree, while removing a malware infestation is good, preventing it from ever happening is even better.

Real-time scanning activates any time a file is accessed, but different products define "access" differently. For most, the minuscule access that occurs when Windows Explorer displays the filename is enough to trigger a scan. At the other end of the spectrum, GridinSoft Trojan Killer, Ashampoo Anti-Virus 2015, and a few others don't scan until just before the file executes.

I thought at first that Emsisoft fell into the latter category, which is a pain to test. Then I found that the act of moving a file to a new location was sufficient to trigger a scan. You can also tweak the File Guard settings in either direction, setting it to scan on any access for thoroughness, or to only scan on execution, for speed.

Emsisoft detected and eliminated 79 percent of the samples in my malware collection when I copied them to a new folder. It got most of the rest when I tried to launch them. In a couple of cases, it popped up an alert recommending that I quarantine a file based on its behavior; I complied.

One way or another, Emsisoft detected 93 percent of my samples and scored 9.0 of 10 possible points, the best score of any product tested with this same sample collection. Tested with my previous collection, F-Secure Anti-Virus 2015 at F-Secure and G Data Antivirus 2015 managed 9.3 points, while Webroot SecureAnywhere Antivirus (2015) took a perfect 10.

The samples for my malware blocking test are by no means new, but for my malicious URL blocking test I use URLs discovered by MRG-Effitas no more than a few hours before. Emsisoft's Surf Protection blocked some of these. Many similar products replace the blocked site with a notification message in the browser. Emsisoft simply pops up a notification, leaving the browser to display an error message.

Even though they're very new, many of the URLs in the malware feed are already defunct by the time I test them. I continue testing, noting whether the product blocked access to the URL, wiped out the malware download, or did nothing, until I've got 100 date points.

In a test earlier this year, Emsisoft's previous edition did quite well, with 70 percent protection. I'm not sure what happened in this re-test, but this time it only managed 33 percent, a bit below the current average of 38 percent. McAfee AntiVirus Plus 2015 remains the record-holder, with 85 percent protection.

Behavior-Based Blocking
Whenever I see a product use behavior-based detection on malware, I run a sanity check to make sure it's not going overboard. Specifically, I try to install about 20 PCMag utilities that must hook deeply into Windows to perform their function.


470066-emsisoft-anti-malware-10-0-red-alert-740.jpg

Just as I feared, Emsisoft's behavior-based detection kicked in when it shouldn't have. It warned about modification of autorun entries during three program installations. When I chose Block Once, the programs still ran OK. That same warning kicked in for two installed programs. Of course they didn't run when I clicked Block Once.

All of those warnings were tinted amber. I didn't realize they came in different colors until I encountered a red-bordered one warning that one utility was "attempting to manipulate other processes." What's an average user to make of that?

I'm not a fan of behavioral detection systems that flag every little action. This offloads the task of deciding what's good and what's not onto the user, who probably isn't qualified to make that decision. Webroot relies strongly on behavior analysis, but it looks at the aggregate of a program's activities and makes its own decisions. The SONAR component in Norton likewise watches program behavior and makes its own decisions.

A Good Choice
I'm impressed with Emsisoft's consumer focus, evidenced in the shrinking renewal price policy and the promise to do whatever is necessary to eliminate malware. It scored very well in our hands-on malware removal test and in tests by the independent labs that include it. When challenged to detect and block malware-hosting URLs and phishing URLs, though, it didn't do quite as well.

Emsisoft Anti-Malware 10.0 can be a good choice for those who feel they may need some extra hand-holding as far as security goes. Even so, our Editors' Choice honor in the commercial antivirus area remains unchanged, shared by Bitdefender Antivirus Plus 2015, Kaspersky Anti-Virus (2015), and Webroot SecureAnywhere Antivirus (2015).

Full Article
 

omidomi

Level 71
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
View attachment 63201

Very Good Malware Blocking
Unlike Emsisoft Emergency Kit, Emsisoft Anti-Malware includes a collection of real-time protection components. Certainly you'll agree, while removing a malware infestation is good, preventing it from ever happening is even better.

Real-time scanning activates any time a file is accessed, but different products define "access" differently. For most, the minuscule access that occurs when Windows Explorer displays the filename is enough to trigger a scan. At the other end of the spectrum, GridinSoft Trojan Killer, Ashampoo Anti-Virus 2015, and a few others don't scan until just before the file executes.

I thought at first that Emsisoft fell into the latter category, which is a pain to test. Then I found that the act of moving a file to a new location was sufficient to trigger a scan. You can also tweak the File Guard settings in either direction, setting it to scan on any access for thoroughness, or to only scan on execution, for speed.

Emsisoft detected and eliminated 79 percent of the samples in my malware collection when I copied them to a new folder. It got most of the rest when I tried to launch them. In a couple of cases, it popped up an alert recommending that I quarantine a file based on its behavior; I complied.

One way or another, Emsisoft detected 93 percent of my samples and scored 9.0 of 10 possible points, the best score of any product tested with this same sample collection. Tested with my previous collection, F-Secure Anti-Virus 2015 at F-Secure and G Data Antivirus 2015 managed 9.3 points, while Webroot SecureAnywhere Antivirus (2015) took a perfect 10.

The samples for my malware blocking test are by no means new, but for my malicious URL blocking test I use URLs discovered by MRG-Effitas no more than a few hours before. Emsisoft's Surf Protection blocked some of these. Many similar products replace the blocked site with a notification message in the browser. Emsisoft simply pops up a notification, leaving the browser to display an error message.

Even though they're very new, many of the URLs in the malware feed are already defunct by the time I test them. I continue testing, noting whether the product blocked access to the URL, wiped out the malware download, or did nothing, until I've got 100 date points.

In a test earlier this year, Emsisoft's previous edition did quite well, with 70 percent protection. I'm not sure what happened in this re-test, but this time it only managed 33 percent, a bit below the current average of 38 percent. McAfee AntiVirus Plus 2015 remains the record-holder, with 85 percent protection.

Behavior-Based Blocking
Whenever I see a product use behavior-based detection on malware, I run a sanity check to make sure it's not going overboard. Specifically, I try to install about 20 PCMag utilities that must hook deeply into Windows to perform their function.


470066-emsisoft-anti-malware-10-0-red-alert-740.jpg

Just as I feared, Emsisoft's behavior-based detection kicked in when it shouldn't have. It warned about modification of autorun entries during three program installations. When I chose Block Once, the programs still ran OK. That same warning kicked in for two installed programs. Of course they didn't run when I clicked Block Once.

All of those warnings were tinted amber. I didn't realize they came in different colors until I encountered a red-bordered one warning that one utility was "attempting to manipulate other processes." What's an average user to make of that?

I'm not a fan of behavioral detection systems that flag every little action. This offloads the task of deciding what's good and what's not onto the user, who probably isn't qualified to make that decision. Webroot relies strongly on behavior analysis, but it looks at the aggregate of a program's activities and makes its own decisions. The SONAR component in Norton likewise watches program behavior and makes its own decisions.

A Good Choice
I'm impressed with Emsisoft's consumer focus, evidenced in the shrinking renewal price policy and the promise to do whatever is necessary to eliminate malware. It scored very well in our hands-on malware removal test and in tests by the independent labs that include it. When challenged to detect and block malware-hosting URLs and phishing URLs, though, it didn't do quite as well.

Emsisoft Anti-Malware 10.0 can be a good choice for those who feel they may need some extra hand-holding as far as security goes. Even so, our Editors' Choice honor in the commercial antivirus area remains unchanged, shared by Bitdefender Antivirus Plus 2015, Kaspersky Anti-Virus (2015), and Webroot SecureAnywhere Antivirus (2015).

Full Article
This is why i use Emsisoft :D
 
D

Deleted member 21043

Just as I feared, Emsisoft's behavior-based detection kicked in when it shouldn't have. It warned about modification of autorun entries during three program installations. When I chose Block Once, the programs still ran OK. That same warning kicked in for two installed programs. Of course they didn't run when I clicked Block Once.
If PCMag are going to test products with a Behaviour Blocker (like Emsisofts'), they should at least learn how to use one...

Emsisoft behaviour blocker is working as it should. If the option is enabled and an autorun entry is going to be created, it alerts. It doesn't matter if it's a utility by them...
 

Oxygen

Level 44
Verified
Feb 23, 2014
3,316
If PCMag are going to test products with a Behaviour Blocker (like Emsisofts'), they should at least learn how to use one...

Just remember that PCMag was the one who labeled a Malwarebytes product as a Antivirus. Could have simply been a mistake, but they haven''t seemed to change it at all : http://www.pcmag.com/article2/0,2817,2388652,00.asp)

They do have some good posts..... but don't expect it to be very reliable.
 
Last edited:

Martin_C

Level 1
Verified
Mar 10, 2015
36
If PCMag are going to test products with a Behaviour Blocker (like Emsisofts'), they should at least learn how to use one...

Emsisoft behaviour blocker is working as it should. If the option is enabled and an autorun entry is going to be created, it alerts. It doesn't matter if it's a utility by them...

Actually PCMag comment is spot on.
They DO understand how a behavior blocker works.

The problem they mention is, that a BB as well as a HIPS will offload the decision onto the end-user.

98% of end-users will have no clue what to answer and will block the legitimate actions and break parts of their installed programs or allow the malicious actions because they really want to read the mysterious mail they just received from "naughtygirl265".

It's the prompts that PCMag are calling a failure, which they rightfully are.

Any program that wants to involve the user instead of just dealing with the situation on its own, will eventually fail.

Just take a look at malware removal section here or anywhere else - if an end-user uses a security program that offloads decisions upon the user, then sooner or later they end up infected.
 

Martin_C

Level 1
Verified
Mar 10, 2015
36
It is not the program that fails. It is the user than who fail to make the right choice. The program does it right and warns the user about something is not right,its the user who click on allow without think about it.

No, it's the program that fails.

First of all, 9 out of 10 BB or HIPS prompts are false positives.

Throwing them at the end-user is bound to error at some stage.

Second, prompts does not equal security.
That is a common misconception.

A program saying "I don't know what to do ?" to a end-user - which is what a prompt really are - and a end-user that will almost always be thinking "I have no freakin clue what that prompt means", that will not ensure secure choices or stability in the OS.

That goes for any security program that handles things this way.
 
D

Deleted member 178

forget all of them , use Umbra Total Security !

UTS review :
opNjQyT.png


We can guarantee with 100% chances that Umbra Total Security is a legit software with advanced technologies never seen before; it was tested by dozen of security labs and thousands of hackers including Neo & Trinity"

quote from Neo: "wow, i can't see its source code, it is freaky awesome"

quote from Trinity: "Wow, it blocked my ncat command !!! damn it Umbra Corp."

quote from Morpheus: "Wow, i can't give my pills anymore !! "

quote from the Machine's core: "101110111001111110001111010101111 (Wow, i can go on sleep mode finally !!!)"

quote from Agent Smith: "Wow, i have to find a new job..."

quote from Tony Stark: "Wow, i have to use it on my Iron Man latest suit"

quote from Skynet: "111111010111000000111110000011111001001011 (Wow, they sandboxed me) "

quote from Ultron : Wow, im obsolete now.
 
Last edited by a moderator:

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,354
Neil J. Rubenking : "while Webroot SecureAnywhere Antivirus (2015) took a perfect 10" I'm just laughing my ass off :p
Sorry, but I can take these tests from PCMag not seriously.:)
Webroot - very good product;)

I'm just laughing my ass off
for example:
Target Kaspersky
Earlier this month, Kaspersky disclosed that it had been hacked last year by members of the infamous Stuxnet and Duqu gangs. The intruders remained entrenched in the security firm’s networks for months siphoning intelligence about nation-state attacks the company is investigating and studying how Kaspersky’s detection software works so they could devise ways to subvert it on customer machines. Kaspersky claims to have more than 400 million users worldwide.
http://www.wired.com/2015/06/us-british-spies-targeted-antivirus-companies/

No such information about Webroot? :D
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Most AV programs including Emsisoft based on PC Mag Test, are mentioned to be 'so-so' on AntiPhishing and URL and makes it very unusual when users review programs and differ the result.

BB and HIPS are primarily based on user inputs to confirm the action, because if its done automatically then may turn trouble to the system; but overall PC Mag made a good test but as always better understand that its already the trend concept of security industry.
 

Surtur

Level 5
Verified
Well-known
Dec 11, 2013
200
Webroot - very good product;)


for example:
Target Kaspersky
Earlier this month, Kaspersky disclosed that it had been hacked last year by members of the infamous Stuxnet and Duqu gangs. The intruders remained entrenched in the security firm’s networks for months siphoning intelligence about nation-state attacks the company is investigating and studying how Kaspersky’s detection software works so they could devise ways to subvert it on customer machines. Kaspersky claims to have more than 400 million users worldwide.
http://www.wired.com/2015/06/us-british-spies-targeted-antivirus-companies/

No such information about Webroot? :D
7rq2ia74.png

There is a reason why there is no information about Webroot. Well, the headquarters of Webroot is in the US and the US is part of the five eyes no-spy agreement. That is also the reason why you don't see UK or US companies on the list. :)
 
  • Like
Reactions: Antivirus Tester
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top