Q&A Emsisoft Surf Protection questions

bjm_

Level 3
Joined
May 17, 2015
Messages
128
OS
Windows 10
Antivirus
Microsoft
#1
Any discussions on MT regarding Emsisoft Surf Protection built-in Malware and Phishing hosts that works at the Windows system level without additional web browser extensions vs other security software web shields that work in the browser thru extensions.

Any Emsisoft Surf Protection comparisons to for example Heimdal Pro that scans all internet traffic HTTP, HTTPS, and DNS or to VPNs with DNS filtering or comparisons to DNS revolvers like Quad9.
Or, Emsisoft built-in Malware and Phishing hosts comparisons with hosts file added thru e.g., uBlockOrigin.

Does EAM really scan and filter all the internet traffic that goes on your computer like for example Heimdal Pro.

Does Emsisoft Surf Protection rely solely on a blacklist, with no real-time (heuristic) component as PCMag suggests.
One critical feature that powers Norton's phishing protection is a heuristic analysis component that analyzed pages in real time for signs of fraud. It appears that Emsisoft relies solely on a blacklist, with no real-time component, and the results show it. Emsisoft came in 32 percentage points behind Norton's detection rate. It also lagged behind the built-in protection in two of the three browsers. On the plus side, this is a significant improvement since the last time I ran this test. That time Emsisoft lagged 61 percentage points behind Norton's.
What do you think of Emsisoft Surf Protection vs other web shields.

Thanks
 
Last edited:

Lockdown

From AppGuard
Developer
Joined
Oct 24, 2016
Messages
3,007
#4
Any discussions on MT regarding Emsisoft Surf Protection built-in Malware and Phishing hosts that works at the Windows system level without additional web browser extensions vs other security software web shields that work in the browser thru extensions.

Any Emsisoft Surf Protection comparisons to for example Heimdal Pro that scans all internet traffic HTTP, HTTPS, and DNS or to VPNs with DNS filtering or comparisons to DNS revolvers like Quad9.
Or, Emsisoft built-in Malware and Phishing hosts comparisons with hosts file added thru e.g., uBlockOrigin.

Does EAM really scan and filter all the internet traffic that goes on your computer like for example Heimdal Pro.

Does Emsisoft Surf Protection rely solely on a blacklist, with no real-time (heuristic) component as PCMag suggests.

What do you think of Emsisoft Surf Protection vs other web shields.

Thanks
This has already been beat to death on the Emsisoft support forum.

EAM doesn't do any of the stuff you ask questions about, but it does

"rely solely on a blacklist, with no real-time (heuristic) component as PCMag suggests"

because Emsisoft doesn't break your browser's protections and invade your privacy like every

other antivirus vendor out there.

Add the default uBlock Origin to your browser as it is more than sufficient. There is no need to add DNS, DNS resolvers, import host lists, and all that other garbage that adds practically nothing to overall security except a false sense (of psychological) security, but needlessly adds complexity to your security configuration.

A high quality, reputable PAID VPN makes sense - not one that costs only .99 Euros per month (stop being cheap !!) - if you do online personal data\financial transactions with any regularity.
 
Last edited:

_CyberGhosT_

Level 52
Trusted
Joined
Aug 2, 2015
Messages
4,179
OS
Linux Mint
Antivirus
Default-Deny
#5
They use a list but i haven't bothered testing it against other adblockers and their lists because i would use both regardless of results. Load difference is 0 and i need my adblock anw.
Spot on ;)
Seeing AdGuard is a "system wide" protection software, it makes a great companion app for EmsiSoft and does
cover what EmsiSoft is not built for.
 

_CyberGhosT_

Level 52
Trusted
Joined
Aug 2, 2015
Messages
4,179
OS
Linux Mint
Antivirus
Default-Deny
#7
Exactly, my combo is AdGuard + Emsisoft and I really like it (simple yet powerful).
Very effective combo, I also add Netcraft so I can see, and make adjustments as needed seeing you can add sites manually to EmsiSoft:
NC_SS.png

PS: I would not recommend adding MT to the list of blocked sites :p
 

bjm_

Level 3
Joined
May 17, 2015
Messages
128
OS
Windows 10
Antivirus
Microsoft
#8
This has already been beat to death on the Emsisoft support forum.
EAM doesn't do any of the stuff you ask questions about, but it does
"rely solely on a blacklist, with no real-time (heuristic) component as PCMag suggests"
because Emsisoft doesn't break your browser's protections and invade your privacy like every
other antivirus vendor out there.
Add the default uBlock Origin to your browser as it is more than sufficient. There is no need to add DNS, DNS resolvers, import host lists, and all that other garbage that adds practically nothing to overall security except a false sense (of psychological) security, but needlessly adds complexity to your security configuration.
A high quality, reputable PAID VPN makes sense - not one that costs only .99 Euros per month (stop being cheap !!) - if you do online personal data\financial transactions with any regularity.
Well, it's apparent what you think of Emsisoft Surf Protection vs other web shields.
Well, truth be told I did not read every message on every page when I searched "Surf Protection" on the Emsisoft support forum. I'll try tweaking my search criteria.

Yes, perhaps Emsisoft employs built-in third party lists do to Emsisoft focus on Privacy and on No bloat.
Perhaps, Emsisoft assumes users will add other shields, e.g., AdGuard, anyway.

PCMag comment that Surf Protection lags behind the built-in protection in two of the three browsers. Surf Protection may lag behind Google Safe Browsing = head scratch for me. Just saying.
Emsisoft chose a different method to make sure you can’t access malicious and fraudulent websites. Instead of filtering on URL level (example:https://badsite.com/folder/malwarefile.exe), it blocks known bad hostnames (example: badsite.com) on DNS level. Host names are resolved to the servers’ IP addresses by the operating system. Emsisoft’s Surf Protection intercepts that process of address resolution independent of browser and traffic by returning an invalid IP address for hostnames that are on the blacklist.
That method may not be as precise as URL filtering, but it comes with two significant advantages:
  1. It doesn’t rely on spying on any encrypted traffic, so it doesn’t provide as much surface for attackers as other concepts.
  2. It doesn’t require huge cloud-based databases to verify good and bad website addresses, which means it’s less intrusive on your privacy by design, as all matching is done locally on your computer.
Regards w Respect
 
Last edited:

Umbra

Level 61
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,766
OS
Windows 10
Antivirus
Default-Deny
#9
@bjm_ answered you on Wilders.

EAM doesn't have an active web filter (thingy analyzing pages' codes, etc...), doesn't inject certificates in the browser, it just blacklist some sites/domains; which is enough for most people.

If you want tighter web protection, install extension like ublock + noscript or umatrix.

Personally i add MVPS list to EAM's Surf Protection backed up by Adguard For Windows.
 
Last edited:

Opcode

Level 28
Content Creator
Joined
Aug 17, 2017
Messages
1,733
#10
Emsisoft take one of the best approaches for privacy and stability. Other vendors may use custom certificates to intercept both HTTP and HTTPS traffic which could be abused for potential Man-In-The-Middle attacks, and if they injected into the browser and hooked networking routines to analyse page content (e.g. JavaScript) for loading web-pages, this could slow down the user's browsing a lot more than it currently does. The blacklist approach is generally going to be one of the most preferable due to the scan-time decrease compared to other vendors products (optimisation/efficiency) and will still do a good job, because they keep it maintained very nicely.

I'd suspect most people, even inexperienced Home users, are likely to be using a browser extension for ad-blocking (or ad-blocking software). Hopefully at-least... Extensions like uBlock or software like Adguard are great in combination with software like Emsisoft Anti-Malware or other security software solutions (although watch out with Adguard and potential compatibility problems because they use a networking device driver which I've seen interfere and lead to BSODs with some security software before).

I assume this is why vendors like Avast make use of an extension for browsers like Google Chrome, it allows them to use documented APIs (e.g. Chrome API) to intercept web requests before they've been completed for scanning the target domain name/s and possibly a more thorough scan for web-based heuristic identification without breaking the browser or causing other problems.

Whether Emsisoft does have web-heuristic analysis or not, I think it is good and don't see an issue with how they do things. Free, trustworthy extensions are available for the browser to make things better and more secure (e.g. advertisement blocking based on JavaScript code analysis and closing elements automatically - aside from advertisement blocking via blocking hosts). Their aim is bloat-free protection and they certainly hit the nail on that, so by doing less ethical things which can cause more problems than solve and keeping things more simple but still just as effective, they are doing a brilliant job IMO.
 

bjm_

Level 3
Joined
May 17, 2015
Messages
128
OS
Windows 10
Antivirus
Microsoft
#11
Staying with Surf Protection questions. How do I get Surf Protection to Block and notify at > Test Malware!. I get one block alert, one log event. Subsequent tests no block, no notify, no log event. Just Server not found.
wicar.png
1886.png
Edit: why do I get Block silently. Why does Block and notify change to Block silently.
1887.png

Edit: seems like Block and notify is one time?
seems like what ever Mode I choose it's one time. Then I have to Edit Rule.
Even Alert w Block Once is only one Alert dialog. Then Server not found.
Alert.png

 
Last edited:
Likes: Jack

bjm_

Level 3
Joined
May 17, 2015
Messages
128
OS
Windows 10
Antivirus
Microsoft
#12
1907.png
1908.png

Well, testing Surf Protection again. Block and notify works one time. Then changes to Block silently on next test. Why?
@Umbra
 

Opcode

Level 28
Content Creator
Joined
Aug 17, 2017
Messages
1,733
#13
Well, testing Surf Protection again. Block and notify works one time. Then changes to Block silently on next test. Why?
It is probably to prevent constant distracting alerts for an object which has already been alerted about but will be continued to be blocked. I am not sure if there's a way to change it since I don't currently use EAM but it makes sense IMO.
 

bjm_

Level 3
Joined
May 17, 2015
Messages
128
OS
Windows 10
Antivirus
Microsoft
#14
It is probably to prevent constant distracting alerts for an object which has already been alerted about but will be continued to be blocked. I am not sure if there's a way to change it since I don't currently use EAM but it makes sense IMO.
Sounds plausible. Not finding explanation with Help file. Just noticed rule I was working with earlier was gone. So, I created rule again and noticed that I can not see built-in list.
1912.png

Surf Protection has nuances that are over-my-pay-grade. Thanks
 

bjm_

Level 3
Joined
May 17, 2015
Messages
128
OS
Windows 10
Antivirus
Microsoft
#15
and after Core update. My own moves to built-in list.
1916.png

then Block and notify works one time
Always block this.png

then changes Block silently
1917.png

I'm sensing a pattern....albeit, bizarre.
 
Last edited:

CMLew

Level 23
Joined
Oct 30, 2015
Messages
1,210
OS
Windows 10
Antivirus
Default-Deny
#16
Sometime ago, Emsisoft has a good deal that each purchase are complimented with 1 year Adguard subscription (which I took the opportunity to renewed it to lifetime).
thinking aback, why would Emsisoft liaises with Adguard? ;)
 
Joined
Jul 1, 2017
Messages
593
OS
Windows 10
Antivirus
Emsisoft
#17
Visited some of the websites that are blocked by Surf Protection... I could wander right into them LOL... Does it even work?
 

Lockdown

From AppGuard
Developer
Joined
Oct 24, 2016
Messages
3,007
#19
He doesn't know the difference between a malicious, phishing and privacy block. So what he is seeing is unexpected behavior and thinking the protection isn't working, when in fact, it is working as intended. He doesn't understand that it doesn't always result in an entire webpage block; it depends upon when and how the connection is made. LOL.
 

Umbra

Level 61
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,766
OS
Windows 10
Antivirus
Default-Deny
#20
My log while opening 17 legit sites. Since they are legit, i could access them, however Surf Protection blocked some contents.

Untitled.jpg



Not saying that you can add you own list on top of the one provided by Emsisoft.
 
Last edited: