- Aug 2, 2015
- 4,286
Just one of those days, shows your human side brother,
don't worry we still love our MT house cat
Emsisoft Anti-Malware 12 Behavior Blocker Test (without cloud assistance)
- Thread starter RejZoR
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
don't worry we still love our MT house cat
- Mar 15, 2011
- 13,070
I've witnessed how Emsisoft BB performance came from passive to stronger one.
Actions speaks louder than words where BB does not rely itself on cloud capabilities but can distinguish the behavior analysis on its own accurately.
Unfortunately many testing organization ignored behavior suspicious alerts as part of percentage detection.
Actions speaks louder than words where BB does not rely itself on cloud capabilities but can distinguish the behavior analysis on its own accurately.
Unfortunately many testing organization ignored behavior suspicious alerts as part of percentage detection.
- Nov 26, 2016
- 699
They should count 50% of proactive detections as definite detection. Because I'm pretty confident at least half of users would just decide to rather delete the file than risk it after antivirus presents them the popup warning.
When it comes to programs that I know how they work and have popups that are informative enough to persuade user into clicking BLOCK rather than RUN ANYWAY, I always count "User action" as normal detection. I also do that for systems which default to "Ask user", but they are more than perfectly usable when you set it to "Block all detections". AVG's Software Analyzer (IDP) is one of those and so is Kaspersky's System Watcher and Bitdefender's ATC or in this case, Emisosoft's BB. Chances of them mistakenly flagging a clean program are super slim. Chances of them blocking a real malware on the other hand are super likely. This especially applies if you allow BB systems to communicate with the cloud and get file reputation informations, allowing it to ignore confirmed clean programs, making them spectacularly accurate while blocking very high amount of actual malware.
When it comes to programs that I know how they work and have popups that are informative enough to persuade user into clicking BLOCK rather than RUN ANYWAY, I always count "User action" as normal detection. I also do that for systems which default to "Ask user", but they are more than perfectly usable when you set it to "Block all detections". AVG's Software Analyzer (IDP) is one of those and so is Kaspersky's System Watcher and Bitdefender's ATC or in this case, Emisosoft's BB. Chances of them mistakenly flagging a clean program are super slim. Chances of them blocking a real malware on the other hand are super likely. This especially applies if you allow BB systems to communicate with the cloud and get file reputation informations, allowing it to ignore confirmed clean programs, making them spectacularly accurate while blocking very high amount of actual malware.
- May 26, 2014
- 1,339
Passive to stronger one? Would you care to explain?
Well that would be the logical thought but I'm afraid to say more common than not, the user will just allow... Because they think they know better, then they complain about getting infected.
In fact, sometimes the user becomes really social engineered and may even disable their AV... You know those downloads that tell them that since it's a "hack tool" the AV will detect and how it's an "FP", etc...
E.g. Bob wants to download a keygen but the AV blocks it since it's really a backdoor, so Bob allows it and runs it anyway -> infection.
What you said is what happens for people like us, obviously we won't just allow, but for inexperienced people who don't know what they are doing, they probably won't listen at all most of the time and will then just complain about how the product didn't protect them. This is probably why a lot of AV products auto-block these days by default instead of ask the user which action it should carry out.
- Sep 28, 2015
- 543
Which I really, really hate. I have spent countless hours on client's computers trying to find out why certain things and programs won't work because of some stupid patronizing security software.
Yes, warning people is enough. They may feel free to go ahead and risk infection.
Life is a constant source of dangers and we as humans have to come up with decisions accordingly. The alternative is living in a rubber room. Not an alternative I'm particularly fond of.
Yes, but the AV companies are there to protect peoples computers as best they can, therefore they don't want users making dumb decisions and getting infected, and it's with the interest of the user to auto-block. However, that being said, I do think they should all have an option in Settings to ask instead (since not all support this feature) so more advanced users like you can use it, but have it enabled for auto-block by default.
There is also a white-list which can be used.
- Sep 28, 2015
- 543
I understand where you're coming from @Wave. But making decisions comes as natural to life as the responsibilities that accompany them.
Yes, AV companies are there to protect peoples computers as best they can. Which ends where it collides with the customer's wishes. Advice is fine, coercion isn't.
There's just a fine line between protection and patronization.
We have traffic lights that advise to stop on red. Some people choose to ignore that. That's their choice and they will have to suffer possible consequences. And yet I'd hate if cars were turned off remotely by traffic lights because some people are dumb.
I don't want to live in a world, where I need a sign to know that hot coffee is hot, that I shouldn't put hamsters in microwaves and not stick a knife in my eye.
This isn't about computers or technology, this is about the concept of protecting humans from themselves, as if they'd forget to breathe if they weren't constantly reminded. A highly unnerving concept I might add. We were given brain.exe for a reason.
What's the next step? I can't deactivate Defender in order to install an alternative, because M$ wants to "help" me making "the right choice™"?
Yes, AV companies are there to protect peoples computers as best they can. Which ends where it collides with the customer's wishes. Advice is fine, coercion isn't.
There's just a fine line between protection and patronization.
We have traffic lights that advise to stop on red. Some people choose to ignore that. That's their choice and they will have to suffer possible consequences. And yet I'd hate if cars were turned off remotely by traffic lights because some people are dumb.
I don't want to live in a world, where I need a sign to know that hot coffee is hot, that I shouldn't put hamsters in microwaves and not stick a knife in my eye.
This isn't about computers or technology, this is about the concept of protecting humans from themselves, as if they'd forget to breathe if they weren't constantly reminded. A highly unnerving concept I might add. We were given brain.exe for a reason.
What's the next step? I can't deactivate Defender in order to install an alternative, because M$ wants to "help" me making "the right choice™"?
- May 14, 2016
- 1,597
RejZoR, nice video, thanks
About security (and not only) :
Average Human Decisions are for simplicity and are not specially intelligent decisions.
A small basic example :
"I want to use this "tool". Oh my AV is asking me if I am sure because it seems a dangerous tool... Yes I am sure, I want to play this game for FREE...." . After 3 h of gaming : "Oh my PC is infected : I don't understand how it happened... My AV didn't make its job ..."
About security (and not only) :
Average Human Decisions are for simplicity and are not specially intelligent decisions.
A small basic example :
"I want to use this "tool". Oh my AV is asking me if I am sure because it seems a dangerous tool... Yes I am sure, I want to play this game for FREE...." . After 3 h of gaming : "Oh my PC is infected : I don't understand how it happened... My AV didn't make its job ..."
Last edited:
- Dec 29, 2014
- 1,711
True and it's great that software companies like Emsisoft and some others are providing software that just simply protects.
I like Wave's thinking about options to choose in a way
, but I consider that users sometimes don't realize for example that an installer isn't signed or they don't know of the reputation specifically of a file, etc. Pop up makes recommendation->user says "that's not enough for my bull head to believe"->"Oh my PC is infected: I don't understand...". In the case of choices, I feel better pop ups would be required for some of the security programs I have installed and run. I admit I would like more info on pop ups and choices, and I do like to see them when there is an issue. They help me backtrack my decisions, so I can hopefully avoid the same mistake twice. It is also, however, nerve racking being on the edge of a crippling malicious event. Layering is my only way out.VoodooShield has good pop up information. So then VS placed as an add on to a set and forget program like Emsisoft is a good concept for users who require choices, is it not? Seriously, I can understand users wanting to learn from their choices with pop ups and so on. Wish I could use VS free (command line issues), but NVT ERP is a good substitute for me.
- Dec 24, 2011
- 480
My view is that Mamutu ad Threatfire came out to early in time, with today's threat landscape they would be extremely useful.
I would love to see both or alternative come alive again, just imagine these two with cloud assist.
As a user I could team them up with whatever Antivirus I liked to use.
I think today more then ever, would be a great move to have a cloud BB as a standalone product to pic up the pieces of failing antivirus apps.
Cmon Emsisoft, make me happy
/W
I would love to see both or alternative come alive again, just imagine these two with cloud assist.
As a user I could team them up with whatever Antivirus I liked to use.
I think today more then ever, would be a great move to have a cloud BB as a standalone product to pic up the pieces of failing antivirus apps.
Cmon Emsisoft, make me happy
/W
- Jun 29, 2014
- 260
If nobody bought it when no AV had it, how do you propose it will be a success now, where every single AV, free or paid, claim they already have behaviour blocking? Sorry, Mamutu would fare even worse now than it would have years ago. We had like 80 active users of Mamutu at the time we killed it off. 80. For the whole year. That's not even enough to pay for the server for a year, leave alone a developer for just a single month. We kept it alive way longer than it should have been, using it as a test platform for behaviour blocker changes we planned to integrate into EAM later, but even that was not worth it because the user base was too small for any meaningful testing.
- Dec 24, 2011
- 480
Well Fabian, I guess Mamutu of the old days would nor fare well today.
But whatever you call it now, it seems damn good to me by watching Rejzors video, even with the cloud disabled.
When Mamutu existed ransomware were hardly even known, if they even existed back then?
Emsisoft was hardly known outside geek territory, today it is with a very good renommé, meaning you would reach a bigger crowd with a "new" Mamutu.
Of course I can not know if it would be a success now, maybe a free "AntiRansom BB" to collect data?
Seems popular today.
But one can wish even if Christmas is over, right?
Happy New Year Fabian...
/W
But whatever you call it now, it seems damn good to me by watching Rejzors video, even with the cloud disabled.
When Mamutu existed ransomware were hardly even known, if they even existed back then?
Emsisoft was hardly known outside geek territory, today it is with a very good renommé, meaning you would reach a bigger crowd with a "new" Mamutu.
Of course I can not know if it would be a success now, maybe a free "AntiRansom BB" to collect data?
Seems popular today.
But one can wish even if Christmas is over, right?
Happy New Year Fabian...
/W
- Sep 28, 2015
- 543
I don't see anything wrong here. Victim is warned about infection, goes ahead and gets infected. Perfectly fine and well deserved.
It's the warning signs on anything and everything that make people careless in the first place. Great way to grow dumb folks.
- Nov 17, 2016
- 1,242
Do people even have empirical evidence when stating this?
Maybe marketing really is the problem here. I don't like when websites show no info on how the product works or is used but if it gets users then fine.
Last edited:
- Nov 26, 2016
- 699
I've said this many times, I'll do it again here. There is no problem creating heuristics that are so aggressive that they detect literally every single malware you throw at it. Problems begin when same heuristics also detect so many clean files you're at that point unable to differentiate malware from clean files. Such heuristics look amazing when testing just with malware, but in real world, it becomes next to useless because in the end you don't even know anymore if it's malware or not. Warnings should be an intimidating thing, not something you just click for it to stop annoying you.
Similar threads
