Advice Request Emsisoft Surf Protection questions

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
Any discussions on MT regarding Emsisoft Surf Protection built-in Malware and Phishing hosts that works at the Windows system level without additional web browser extensions vs other security software web shields that work in the browser thru extensions.

Any Emsisoft Surf Protection comparisons to for example Heimdal Pro that scans all internet traffic HTTP, HTTPS, and DNS or to VPNs with DNS filtering or comparisons to DNS revolvers like Quad9.
Or, Emsisoft built-in Malware and Phishing hosts comparisons with hosts file added thru e.g., uBlockOrigin.

Does EAM really scan and filter all the internet traffic that goes on your computer like for example Heimdal Pro.

Does Emsisoft Surf Protection rely solely on a blacklist, with no real-time (heuristic) component as PCMag suggests.
One critical feature that powers Norton's phishing protection is a heuristic analysis component that analyzed pages in real time for signs of fraud. It appears that Emsisoft relies solely on a blacklist, with no real-time component, and the results show it. Emsisoft came in 32 percentage points behind Norton's detection rate. It also lagged behind the built-in protection in two of the three browsers. On the plus side, this is a significant improvement since the last time I ran this test. That time Emsisoft lagged 61 percentage points behind Norton's.

What do you think of Emsisoft Surf Protection vs other web shields.

Thanks
 
Last edited:
  • Like
Reactions: Rengar and SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
They use a list but i haven't bothered testing it against other adblockers and their lists because i would use both regardless of results. Load difference is 0 and i need my adblock anw.
 
5

509322

Any discussions on MT regarding Emsisoft Surf Protection built-in Malware and Phishing hosts that works at the Windows system level without additional web browser extensions vs other security software web shields that work in the browser thru extensions.

Any Emsisoft Surf Protection comparisons to for example Heimdal Pro that scans all internet traffic HTTP, HTTPS, and DNS or to VPNs with DNS filtering or comparisons to DNS revolvers like Quad9.
Or, Emsisoft built-in Malware and Phishing hosts comparisons with hosts file added thru e.g., uBlockOrigin.

Does EAM really scan and filter all the internet traffic that goes on your computer like for example Heimdal Pro.

Does Emsisoft Surf Protection rely solely on a blacklist, with no real-time (heuristic) component as PCMag suggests.

What do you think of Emsisoft Surf Protection vs other web shields.

Thanks

This has already been beat to death on the Emsisoft support forum.

EAM doesn't do any of the stuff you ask questions about, but it does

"rely solely on a blacklist, with no real-time (heuristic) component as PCMag suggests"

because Emsisoft doesn't break your browser's protections and invade your privacy like every

other antivirus vendor out there.

Add the default uBlock Origin to your browser as it is more than sufficient. There is no need to add DNS, DNS resolvers, import host lists, and all that other garbage that adds practically nothing to overall security except a false sense (of psychological) security, but needlessly adds complexity to your security configuration.

A high quality, reputable PAID VPN makes sense - not one that costs only .99 Euros per month (stop being cheap !!) - if you do online personal data\financial transactions with any regularity.
 
Last edited by a moderator:

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
They use a list but i haven't bothered testing it against other adblockers and their lists because i would use both regardless of results. Load difference is 0 and i need my adblock anw.
Spot on ;)
Seeing AdGuard is a "system wide" protection software, it makes a great companion app for EmsiSoft and does
cover what EmsiSoft is not built for.
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Exactly, my combo is AdGuard + Emsisoft and I really like it (simple yet powerful).
Very effective combo, I also add Netcraft so I can see, and make adjustments as needed seeing you can add sites manually to EmsiSoft:
NC_SS.png

PS: I would not recommend adding MT to the list of blocked sites :p
 

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
This has already been beat to death on the Emsisoft support forum.
EAM doesn't do any of the stuff you ask questions about, but it does
"rely solely on a blacklist, with no real-time (heuristic) component as PCMag suggests"
because Emsisoft doesn't break your browser's protections and invade your privacy like every
other antivirus vendor out there.
Add the default uBlock Origin to your browser as it is more than sufficient. There is no need to add DNS, DNS resolvers, import host lists, and all that other garbage that adds practically nothing to overall security except a false sense (of psychological) security, but needlessly adds complexity to your security configuration.
A high quality, reputable PAID VPN makes sense - not one that costs only .99 Euros per month (stop being cheap !!) - if you do online personal data\financial transactions with any regularity.
Well, it's apparent what you think of Emsisoft Surf Protection vs other web shields.
Well, truth be told I did not read every message on every page when I searched "Surf Protection" on the Emsisoft support forum. I'll try tweaking my search criteria.

Yes, perhaps Emsisoft employs built-in third party lists do to Emsisoft focus on Privacy and on No bloat.
Perhaps, Emsisoft assumes users will add other shields, e.g., AdGuard, anyway.

PCMag comment that Surf Protection lags behind the built-in protection in two of the three browsers. Surf Protection may lag behind Google Safe Browsing = head scratch for me. Just saying.
Emsisoft chose a different method to make sure you can’t access malicious and fraudulent websites. Instead of filtering on URL level (example:https://badsite.com/folder/malwarefile.exe), it blocks known bad hostnames (example: badsite.com) on DNS level. Host names are resolved to the servers’ IP addresses by the operating system. Emsisoft’s Surf Protection intercepts that process of address resolution independent of browser and traffic by returning an invalid IP address for hostnames that are on the blacklist.
That method may not be as precise as URL filtering, but it comes with two significant advantages:
  1. It doesn’t rely on spying on any encrypted traffic, so it doesn’t provide as much surface for attackers as other concepts.
  2. It doesn’t require huge cloud-based databases to verify good and bad website addresses, which means it’s less intrusive on your privacy by design, as all matching is done locally on your computer.
Regards w Respect
 
Last edited:
D

Deleted member 178

@bjm_ answered you on Wilders.

EAM doesn't have an active web filter (thingy analyzing pages' codes, etc...), doesn't inject certificates in the browser, it just blacklist some sites/domains; which is enough for most people.

If you want tighter web protection, install extension like ublock + noscript or umatrix.

Personally i add MVPS list to EAM's Surf Protection backed up by Adguard For Windows.
 
Last edited by a moderator:
D

Deleted member 65228

Emsisoft take one of the best approaches for privacy and stability. Other vendors may use custom certificates to intercept both HTTP and HTTPS traffic which could be abused for potential Man-In-The-Middle attacks, and if they injected into the browser and hooked networking routines to analyse page content (e.g. JavaScript) for loading web-pages, this could slow down the user's browsing a lot more than it currently does. The blacklist approach is generally going to be one of the most preferable due to the scan-time decrease compared to other vendors products (optimisation/efficiency) and will still do a good job, because they keep it maintained very nicely.

I'd suspect most people, even inexperienced Home users, are likely to be using a browser extension for ad-blocking (or ad-blocking software). Hopefully at-least... Extensions like uBlock or software like Adguard are great in combination with software like Emsisoft Anti-Malware or other security software solutions (although watch out with Adguard and potential compatibility problems because they use a networking device driver which I've seen interfere and lead to BSODs with some security software before).

I assume this is why vendors like Avast make use of an extension for browsers like Google Chrome, it allows them to use documented APIs (e.g. Chrome API) to intercept web requests before they've been completed for scanning the target domain name/s and possibly a more thorough scan for web-based heuristic identification without breaking the browser or causing other problems.

Whether Emsisoft does have web-heuristic analysis or not, I think it is good and don't see an issue with how they do things. Free, trustworthy extensions are available for the browser to make things better and more secure (e.g. advertisement blocking based on JavaScript code analysis and closing elements automatically - aside from advertisement blocking via blocking hosts). Their aim is bloat-free protection and they certainly hit the nail on that, so by doing less ethical things which can cause more problems than solve and keeping things more simple but still just as effective, they are doing a brilliant job IMO.
 

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
Staying with Surf Protection questions. How do I get Surf Protection to Block and notify at > Test Malware!. I get one block alert, one log event. Subsequent tests no block, no notify, no log event. Just Server not found.
wicar.png
1886.png
Edit: why do I get Block silently. Why does Block and notify change to Block silently.
1887.png

Edit: seems like Block and notify is one time?
seems like what ever Mode I choose it's one time. Then I have to Edit Rule.
Even Alert w Block Once is only one Alert dialog. Then Server not found.
Alert.png

172785-3b1197426f7f47c0edf91a22c34bfad6.jpg
 
Last edited:
  • Like
Reactions: Jack

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
1907.png
1908.png

Well, testing Surf Protection again. Block and notify works one time. Then changes to Block silently on next test. Why?
@Umbra
 
D

Deleted member 65228

Well, testing Surf Protection again. Block and notify works one time. Then changes to Block silently on next test. Why?
It is probably to prevent constant distracting alerts for an object which has already been alerted about but will be continued to be blocked. I am not sure if there's a way to change it since I don't currently use EAM but it makes sense IMO.
 

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
It is probably to prevent constant distracting alerts for an object which has already been alerted about but will be continued to be blocked. I am not sure if there's a way to change it since I don't currently use EAM but it makes sense IMO.
Sounds plausible. Not finding explanation with Help file. Just noticed rule I was working with earlier was gone. So, I created rule again and noticed that I can not see built-in list.
1912.png

Surf Protection has nuances that are over-my-pay-grade. Thanks
 

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
and after Core update. My own moves to built-in list.
1916.png

then Block and notify works one time
Always block this.png

then changes Block silently
1917.png

I'm sensing a pattern....albeit, bizarre.
 
Last edited:

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Sometime ago, Emsisoft has a good deal that each purchase are complimented with 1 year Adguard subscription (which I took the opportunity to renewed it to lifetime).
thinking aback, why would Emsisoft liaises with Adguard? ;)
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Visited some of the websites that are blocked by Surf Protection... I could wander right into them LOL... Does it even work?
 
5

509322


He doesn't know the difference between a malicious, phishing and privacy block. So what he is seeing is unexpected behavior and thinking the protection isn't working, when in fact, it is working as intended. He doesn't understand that it doesn't always result in an entire webpage block; it depends upon when and how the connection is made. LOL.
 
D

Deleted member 178

My log while opening 17 legit sites. Since they are legit, i could access them, however Surf Protection blocked some contents.

Untitled.jpg



Not saying that you can add you own list on top of the one provided by Emsisoft.
 
Last edited by a moderator:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top