App Review Emsisoft AntiMalware vs Worms

[cruelsister]

Season Finale

Notes:

1). Although I did not show this, the setting for the Anti-Malware Network was Enabled (this is the Default Setting). This really does not matter at all as I'm running the malware from the Desktop, and either EAM detects it or it does not.
2). Of the 13 malware used in this video, 7 (worms) are in the Wild samples in order to test the AV (dumb) detection. The 5 other worms were in the Wild samples that I re-coded to make them true zero-day. The 13th sample is an in the Wild RAT that I coded in a worm to make for network spread and persistence. These samples were included to test the Behavior Blocker (smart) detection.
I will leave it to you to distinguish bettwen the ollder samples and the true zero-day stuff.
3). For EAM and ZAM fans, before watching I suggest that you utilize your favorite euphoric, turn the lights down and just listen to the music...
3). Music: "Ballad of the Hip Death Goddess".

 

[Av Gurus]

Tnx for another great video (and song).
How about test with same malware samples vs Zemana Anti-Malware RT/Zemana AntiLogger?

 

[SumTingWong]

Can you test Bitdefender Free vs worms?

 

[Windows_Security]

Okay two thoughts spring to mind

First: Dear Cruels Sister, I don't need an AV to block Visual Basic scripts. What is the point of this test? Then wonder turns into horror as the Antivirus fails to block access to sensitive PC-parts from a script!

Second: Why does an Anti-Virus which claims to have a state of the art behavioral blocker / HIPS not simple block all scripts outside UAC protected folders. I now get the point Cruel Sister is asking attention for.

AV-companies please close the back door. We are not talking about advanced staged intrusions.but about VB-scripts which any script-kid can copy-paste and distribute in 'normal' office documents. So please EAM (but in general AV-companies) get your act together.

 

[Evjl's Rain]

I saw the malware which ZAM failed to remove was in "Users" folder => ZAM is known to ignore Users folder -> shame
In the hub, we usually how to perform an extra scan for Users or appdata folder
so ZAM may or may not detect it

 

[Deleted member 178]

BB set on "Auto-Resolve..." so definitely not maxxed, it will then depend on the cloud...
max settings is when BB is set to "Alert".

Also "Only scan files with specific extensions" should be unticked to scan all files.

AV-companies please close the back door. We are not talking about advanced staged intrusions.but about VB-scripts which any script-kid can copy-paste and distribute in 'normal' office documents. So please EAM (but in general AV-companies) get your act together.

because people will complains including companies' IT managers running all kind of scripts all the time...

 

[Andy Ful]

...
because people will complains including companies' IT managers running all kind of scripts all the time...

Maybe there should be an option for blocking script execution?

 

[Deleted member 178]

Maybe there should be an option for blocking script execution?

normally scripts are detected by the AV and BB, it will be useful if @cruelsister retest offscreen the missed worms while the BB is on "alert" and the option i mentioned above unticked.

 

[Windows_Security]

because people will complains including companies' IT managers running all kind of scripts all the time...

Yep, that makes sense, provide a consumer product with the loopholes of a corporate product without the central managed restrictions

 

[Andy Ful]

I wonder why there is no global safe script base for scripts used by hardware vendors (Intel, HP, etc.) and by some popular software. Then, the scripts could be blocked by default except those from the safe script base.

 

[Nightwalker]

I was expecting that the behavior blocker would show a better performance there, but it is what it is.
I hope that the new behavior blocker that Emsisoft will have this year do better in this kind of scenario.


Ps: I am totally in love with Cruel Comodo 10.

 

[Deleted member 178]

Yep, that makes sense, provide a consumer product with the loopholes of a corporate product without the central managed restrictions

I wonder why there is no global safe script base for scripts used by hardware vendors (Intel, HP, etc.) and by some popular software. Then, the scripts could be blocked by default except those from the safe script base.

That the whole problem of what to allow/disallow in which circumstances for what kind of users...products have default settings to avoid those "problems", it is to the user/admin to adapt the software to his environment. Some softs allows granular control, others don't.
In the case of Emsisoft, there is no difference between the home user and business version, just the licensing/pricing differs.

 

[Andy Ful]

That the whole problem of what to allow/disallow in which circumstances for what kind of users...products have default settings to avoid those "problems", it is to the user/admin to adapt the software to his environment. Some softs allows granular control, others don't.
In the case of Emsisoft, there is no difference between the home user and business version, just the licensing/pricing differs.

That is true. Still, the optional script blocking + initial learning, would be useful for everyone.

 

[cruelsister]

Dear Guys (and Umbra)- I have to share this comment by Emsisoft which was made on my Channel:

"it looks like you tested EAM exactly during a short period where we had a known bug with correctly blocking malware that uses script interpreters, which could be reason for those unfortunate results. The issue has been fixed."

Unfortunately I have no time to re-test as I'll be leaving for an extended Biz trip on the morrow, but I will take this comment as truth (EAM is actually a good product). Although the farthest East I will be going to is India, if something comes up Down Under I'll hop over to NZ (the most beautiful place in the Known Universe after Austria), introduce myself and Break some Hearts.

(ps to Emsisoft- if I am able to get to NZ, I'll post my arrival date on a ScreenSaver that will be on your Systems after I break into them. But please note I only travel in Limos, and I like them Clean and Well Stocked)

 

[Windows_Security]

Response of EAM makes sense: an advanced BB+HIPS should not allow scripts from user folder making changes to sensible PC (files/registry) parts. No matter whether it is a corporate or home user product.

Any IT-manager running hand-shake and update scripts from user folders should have his ass kicked IMO.


@cruelsister

Have to disagree with you in Austria you just get Austria.

In New Zealand southern Island you get Norway (fjords), Schotland (rough coasts), Austrian Alps, Swiss lakes and Nordsea like sea shores. In Nothern Island you get French-Bretagne like coast, Italian - Toscane countrysides and Spanish beaches.


You will change your mind of most beeuatiful place in the universe once you have visited India. Just make sure you see more than the golden triangle try to see some of old cities in Rasjasthan. Or better plan a few revisits to trail the Indian Himalaya's (Indian guy asking to an Austrian guy: you call that a mountain?) and rest on lazy shores of the south.

In India you can enjoy the best limo's in the world, just take a cab and make sure it is an ambassodor : Iconic Ambassador car to make a come back in India: Here’s all you need to know. I once hired an ambassador (cab with taxi driver) for three weeks to drive me through Radjastan. So when you have not planned it ahead, does not matter in India, everything goes when travelling on a shoestring.

 

[bribon77]

Thanks for the video .. interesting. And good music

 

[codswollip]

"it looks like you tested EAM exactly during a short period where we had a known bug with correctly blocking malware that uses script interpreters, which could be reason for those unfortunate results.

This will now become the boilerplate reply of all failing security apps.

Sure... all my releases contain "a known bug".

"The issue has been fixed."

Translation: The patch was released after this embarrassing find.

 

[cruelsister]

Windows_Security- I know and LOVE India!! I'll be hitting New Delhi again this time, and my mouth is already watering in anticipation. My Fav is Varq at the Taj. The Dilli-6 is not to be missed!

 

[CyberTech]

Interesting sis, great video! thanks for your time for that. could you test HitmanPro.Alert vs Worms? i know you wont but when you feel free so please do it!