- Apr 25, 2013
- 5,355
Very Good Malware Blocking
Emsisoft also turned in a very good performance in my own hands-on malware blocking test. Unlike many of its peers, this product's on-access scanning doesn't trigger simply because Windows Explorer displayed information about the file. However, when I copied my malware collection to a new folder it quickly eliminated over 85 percent of those samples.
When I launched the surviving samples, a couple of them triggered behavior-based detection, meriting verification by the Emsisoft Anti-Malware Network. The network advised quarantining one but gave the other a clean bill of health.
Either on sight or at launch, Emsisoft detected 97 percent of my samples and scored 9.5 of 10 possible points. Few have done that well with my current sample set, though Webroot SecureAnywhere Antivirus managed a perfect 10 points.
My malicious URL blocking test starts with a feed of newly discovered malware-hosting URLs supplied by MRG-Effitas. I simply launch each URL and note whether the product forbids access to the URL altogether, wipes out the malicious payload, or sits idly by. Even these very new URLs are often dead by the time I try them, so I continue testing until I have 100 valid samples.
Emsisoft's Surf Protection kept the browser from connection to 55 percent of the sample URLs. Unlike many, it does not display a warning in the browser. Rather, it pops up a notification and leaves the browser to display an error message. That's not as pretty as what some competitors do, but it also doesn't require any kind of browser plug-in.
With another 15 percent blocked during the download, Emsisoft achieved a blocking rate of 70 percent. That's well above the current average of 40 percent. The top score in this particular test is currently held by McAfee AntiVirus Plus 2015, with a blocking rate of 85 percent.
When my hands-on results disagree with the data I get from the independent testing labs, I defer to the lab results. After all, they have dozens of researchers, and I have…just me. In this case, though, lab results and my results are both good.
Behavior-Blocking Tempered by Community
In the last month or so, I've run across a number of security products whose behavior-based detection systems did more harm than good. I apply a simple sanity-check to these systems by attempting to install 20 PCMag utilities that, in order to function, must hook fairly deeply into Windows. If a warning appears, I choose the default action, and then survey the damage.
With its behavior-based detection turned on, Comodo Antivirus 8 interfered with installation or function of quite a few valid programs. TrustPort Antivirus 2015 also caused problems, as did the Intrusion Guard feature of Norman Security Suite PRO 11 (not included in Norman's standalone antivirus).
Emsisoft does flag behaviors that are common to both malicious programs and valid ones, for example, modifying the autorun sequence so the program launches at startup. However, before taking rash action, Emsisoft checks its database to see how other users handled the particular program. If enough users (90 percent by default) took a specific action, it automatically applies that action.
In my own test, Emsisoft consulted the network for 5 of the 20 sample utilities. It came back with a clean bill of health for two of them, but recommended quarantining the installer of the other three. In all three cases, the utility itself ran just fine. I'd say this feature is working as designed.
A Good Protector
Emsisoft Anti-Malware 9.0 sticks to the business of malware protection, and does quite a good job. It scored well both my hands-on tests and in tests by the labs that include it. It does include a behavior-based detection system, but unlike some competitors it tempers that system's actions using common sense (culled from the actions of other Emsisoft users).
Full Article
