Battle Emsisoft Anti-Malware or Norton Internet Security 2017

giants8058

Level 4
Verified
Jan 26, 2016
150
1a. Kaspersky (I know it wasn't listed but..) 1b. Emsisoft >> Norton
Detection rate: Emsisoft >> Norton (and I don't think it's close)
Real-time protection: Emsisoft >> Norton (this one is closer)
Privacy: Emsisoft >> Norton
Features: Norton has more adjustable settings where Emsisoft is more set and forget
Support: Can't comment on this one
 
Last edited:

Fritz

Level 11
Verified
Top Poster
Well-known
Sep 28, 2015
543
What personal info does Norton 'grab'?

  • Product and license information
  • Unique ID
  • Product usage statistics
  • OS version
  • Computer name
  • Information about 3rd party apps
  • Hardware information
  • Running processes
  • System event and error logs
  • Visited URLs (malicious and non-malicious)
  • Referer (previously visited web site)
  • Country / region setting
  • OS Language
  • Windows user name
  • File Hashes (malicious and non-malicious)
  • Name of detections
  • Name and paths of files
  • Suspicious executable files
  • Suspicious documents
  • Data collected by malware
  • Collected information stored in the U.S.A.
The bold ones do it for me. Thanks, but no, thanks.

Source: AV-Comparatives, Data transmission of Internet security products, 2014
 

Rolo

Level 18
Verified
Jun 14, 2015
857
  • Product and license information
  • Unique ID
  • Product usage statistics
  • OS version
  • Computer name
  • Information about 3rd party apps
  • Hardware information
  • Running processes
  • System event and error logs
  • Visited URLs (malicious and non-malicious)
  • Referer (previously visited web site)
  • Country / region setting
  • OS Language
  • Windows user name
  • File Hashes (malicious and non-malicious)
  • Name of detections
  • Name and paths of files
  • Suspicious executable files
  • Suspicious documents
  • Data collected by malware
  • Collected information stored in the U.S.A.
The bold ones do it for me. Thanks, but no, thanks.

Source: AV-Comparatives, Data transmission of Internet security products, 2014
I don't see anything personal in there.

How do you expect it to scan and test software without it gathering information about software (and suspicious data files)?

The rest of the stuff is just telemetry, not personal, any more than the year, make, model, and sensor data for your vehicle is.
 
  • Like
Reactions: Deleted member 2913

Fritz

Level 11
Verified
Top Poster
Well-known
Sep 28, 2015
543
I don't see anything personal in there.

So my clearly identified machine including every web site I ever visited is not personal?
Norton thinks my medical history or tax return is malicious and sends it off to foreign servers in the clear is not personal?

Then we have a differing point of view on what defines privacy — which is completely fine of course.
 

giants8058

Level 4
Verified
Jan 26, 2016
150
If I'm reading into the second to last one right:
  • Data collected by malware
So if spyware was able to get through and log your banking/commerce login data or other information, whatever it collected would then in turn be sent off to Norton so they now have a copy too. That's unacceptable if that's the case. So basically you get compromised twice.
 
Last edited by a moderator:

Fritz

Level 11
Verified
Top Poster
Well-known
Sep 28, 2015
543
So if spyware was able to get through and log your banking/commerce login data or other information, whatever it collected would then in turn be sent off to Norton so they now have a copy too. That's unacceptable if that's the case. So basically you get compromised twice.

Precisely, that's why I marked it bold as well.

This is why I prefer Emsisoft, they collect what is necessary to do their job and that's it.
 

Rolo

Level 18
Verified
Jun 14, 2015
857
If I'm reading into the second to last one right:
  • Data collected by malware
So if spyware was able to get through and log your banking/commerce login data or other information, whatever it collected would then in turn be sent off to Norton so they now have a copy too. That's unacceptable if that's the case. So basically you get compromised twice.

No; that's equivocation.

If you don't trust the company--Norton, for example--with access to your files, then don't install their software that has access to your files.
 

giants8058

Level 4
Verified
Jan 26, 2016
150
No; that's equivocation.

If you don't trust the company--Norton, for example--with access to your files, then don't install their software that has access to your files.
My problem isn't with them having access to files, my problem is with the personal data that malware might have logged, being sent off to them. Why would they need to have that potential sensitive information? It's bad enough that it would have been stolen already by the perpetrator. They are the only ones in the test that admit to doing it while 8 other companies won't even disclose if they do. The discussion wasn't if I would "install their software" myself (because I won't..I already have an AV), but instead our opinions as to why we would choose one over the other. And privacy is any important aspect to consider.

As per the test, it says the patch removes the user name. Is that the person's name for their Norton account, or the user name for the PC? So the data may or may not have an identity, but the contents are still there. Sorry many other things make sense as to why they require it, but this one is a head scratcher.

As per the test:
"If malware steals personal data, we do not feel there is justification for the AV program to send the same information to the manufacturer. Some products’ EULAs or privacy statements note that the product might transmit such data to the product vendor, though this is for legal reasons, in case the product inadvertently sends personal data along with legitimate information about the malware itself."

Edit

Here is another little interesting excerpt from the same review:

"The Chief Research Officer of a major antivirus vendor cancelled his scheduled participation in the 2014 RSA Security Conference, in protest at collaboration by security company RSA with the United States NSA in the form of weakening security in its encryption systems. He stated that “RSA is hardly the only vendor facing scrutiny. He said that the trustworthiness of U.S.-based security and technology companies is quickly eroding, pointing to a letter recently sent to 20 of the world's largest antivirus companies by Bits of Freedom, a Netherlands-based organization focused on digital rights. In that letter, the group asked whether the vendors had whitelisted government-authored malware. Most of those companies gave a prompt response in the negative, but U.S-based AV giants McAfee Inc. and Symantec Corp. never replied”.
 
Last edited:

Wingman

Level 4
Verified
Well-known
Feb 6, 2017
154
Precisely, that's why I marked it bold as well.

This is why I prefer Emsisoft, they collect what is necessary to do their job and that's it.

There are few things to consider (Just to make it clear I do not work or represent Symantec )

1) All that information is within the EULA that users accept before installing the software
2)According to the report (2014) Symantec would have released a patch to remove user sensitive information (windows names etc)
3) If the data is already out to the criminals in a potential data exfiltration or phishing scam then the last thing I would possibly have to worry about would be Symantec having my data (Criminals by that time would have sold that to the underground forums anyway)

At the end of the day it's a trade off. They provide you a service and some of the items you specified can be removed (aka not send them to Symantec) BUT you will have to disable insight and/or sonar, therefore not utilising the product as you should be :)
 

Rolo

Level 18
Verified
Jun 14, 2015
857
As per the test, it says the patch removes the user name. Is that the person's name for their Norton account, or the user name for the PC? So the data may or may not have an identity, but the contents are still there. Sorry many other things make sense as to why they require it, but this one is a head scratcher.

Because it's all part of the system's environment. This same "personal" information is included in a DXdiag, DOS environment variables, and the Farbar Recovery Scan Tool required by MalwareTips' Malware Removal Assistance.

It's, by definition, personal information but it is of no significance in this context.
 

Fritz

Level 11
Verified
Top Poster
Well-known
Sep 28, 2015
543
Because it's all part of the system's environment. This same "personal" information is included in a DXdiag, DOS environment variables, and the Farbar Recovery Scan Tool required by MalwareTips' Malware Removal Assistance.


No, it's purely included because they can. For whatever magic reason Ahnlab, Emsisoft et.al. seem to do just fine with the info handed to them.

It's, by definition, personal information but it is of no significance in this context.

When documents other than executables are transmitted in the clear by my AVs whims, which might be intimate pictures, tax forms, medical or other stuff, it's of so much significance I don't have words for it.
 
  • Like
Reactions: Wave and giants8058

Rolo

Level 18
Verified
Jun 14, 2015
857
When documents other than executables are transmitted in the clear by my AVs whims, which might be intimate pictures, tax forms, medical or other stuff, it's of so much significance I don't have words for it.
You quoted me out of context when you separated it from the prior sentence. I wasn't referring to personal documents; that was addressed by Norton giving you the option.
 

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,487
I love these kind of threads :D

To reinforce aforementioned statements, if Emsisoft is working along with you, there's no reason to change. Emsisoft's Behaviour Blocker is really accurate and efficient.
On the other hand, i've never ever seen any module beat Norton's SONAR. It's really complete and secure.
Both have pretty good detection ratios as well.

But at the end of the day, and i never get tired of saying this, we are protected by behaviour blockers and heuristics mainly. Antivirus detect kind of the same percentage of malware and most of them fail on zero day malware. Meaning this, choose the product that suites the best for your OS, the one that doesn't slow down your system and makes you feel protected. Combine, combine products. Create your own efficient combination (e.g i used to have CFW + Avast Free + VodooShield and it was really awsome).

Once again, just choose what suites the best for your system and forget about trouble. I'd say keep with the good Emsisoft. Still, if you want to give Norton a try, it is really worth. Stay safe.
 

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
I agree, all 3 provide great, in my opinion the best (as of now) protection.
KIS and Symantec need to be tuned-up to provide this great protection, Emsisoft is "ready to go"doesn't really.
If privacy is important to you, you are safer with Emsisoft.
How old/fast is your computer?
Kis and Symantec might be heavier on resources than Emsi when tuned up.
I would try Norton, than Kis....this way you'll know what you like most (and your computer).
Since detection/protection varies by time, this way you already know 3 of the best AV available.;)

Update: I almost forgot...as of NOW, in my opinion, Kis has a noticeable better static detection and a great behavioral detection, Emsi has a decent static and an excellent BB, Symantec is somehow in between of the 2 with good static and great BB.;)
 
Last edited:

giants8058

Level 4
Verified
Jan 26, 2016
150
I agree, all 3 provide great, in my opinion the best (as of now) protection.
KIS and Symantec need to be tuned-up to provide this great protection, Emsisoft is "ready to go"doesn't really.
If privacy is important to you, you are safer with Emsisoft.
How old/fast is your computer?
Kis and Symantec might be heavier on resources than Emsi when tuned up.
I would try Norton, than Kis....this way you'll know what you like most (and your computer).
Since detection/protection varies by time, this way you already know 3 of the best AV available.;)

Update: I almost forgot...as of NOW, in my opinion, Kis has a noticeable better static detection and a great behavioral detection, Emsi has a decent static and an excellent BB, Symantec is somehow in between of the 2 with good static and great BB.;)
I have noticed that as well in the Malware Hub in regards to Emsisoft, but with personal testing its static testing seems to perform slightly better than Kaspersky, and overall offers great protection. The BB seems to pick up anything the signatures miss. I've been using samples from Testmyav.com, virusshare.com, and malware infected url's, but in your opinion from your personal testing, do you think Emsisoft's static/dynamic detection really has fallen off somewhat lately or is it just normal variability?
 
Last edited:
  • Like
Reactions: Solarquest

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
In my opinion Bitdefender's signature are not" at their best" in the last month.
Other users in other forums saw the same.
Of course it can be discussed if the missed ones are rare ones or not and that they are nothing compared to the 300k new/day...but I still think static detection is not as good as before, at least for new malware.
BB compensate incredibly well most of the time so total protection is still at top level in my opinion.
I'll try the sources you mentioned above in the next time, that might also influence detection.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top