Advice Request I am head of research at Emsisoft. Ask me anything! :)

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
If you are planning to add something like that to EAM, then I keep my fingers crossed and wish you success.:love:
It's at least something worth exploring. Whether it can be turned into a feature will become evident sooner or later.

Which coding language is the hardest? C, C++, Javascript, Python?
That's kind of a pointless question. Good and elegant code will make any language look easy the same way that horrid code makes a language confusing, unapproachable and downright ugly. In the end, it almost doesn't matter which language you pick. The only exception being special purpose languages. If you want to write a driver, you won't get around using C for example. That's just dictated by the platform.
 

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,782
It's at least something worth exploring. Whether it can be turned into a feature will become evident sooner or later.


That's kind of a pointless question. Good and elegant code will make any language look easy the same way that horrid code makes a language confusing, unapproachable and downright ugly. In the end, it almost doesn't matter which language you pick. The only exception being special purpose languages. If you want to write a driver, you won't get around using C for example. That's just dictated by the platform.

Do you know any free sources that teach coding and programming?
 
  • Like
Reactions: show-Zi

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260

goodjohnjr

Level 5
Verified
Jul 11, 2018
231
Some of them do pretty good work. But especially once they try to tell you, that all "legacy AVs" do are signatures, they are blatantly lieing to your face.


Thanks. :)


Well, we discontinued our firewall precisely because we don't see much benefit compared to the firewall in Windows 7 even. The biggest issue with the Windows firewall is tamper protection. Meaning: Everything running on your system can create rules and allow itself. EAM actually blocks that. So only applications you allow can interact with the Windows firewall.


It's funny because for 2019 we decided to drop out of AV Comparatives.


Their slogan used to be: "CVS done right." There is no way you can do CVS right, hence why it was doomed to failuget-gom the get go.


Thanks. :)


Honest question: Why did you stop? :)


I unfortunately no longer do. But my first stuff were small anti-virus tools that detected one specific virus and cleaned infected files. I then quickly moved to heuristic stuff, because I thought it was stupid to create new signatures and detections for every new virus. Back then there were literally only like a hundred or so of them in the first place though.


As I showed in the tool we use, we already do that. There is no way we can keep up with the number of samples we get otherwise. We obtain more than 450.000 new malicious files every single day. What I showed you there was pretty much the "manual" mode.


That's already the case for the behaviour blocker. If we see a malicious file on a single system and it is being picked up by the behaviour blocker there, automatic blocks are issued for all other users using EAM already.


Ah, sorry. They do use SSL. But they send the entire URL to their servers, while most browsers or our extension for example, only send hashes and non-specific information that can't be turned back into URLs.


Both are fine.


Windows doesn't get a list of all the websites you look at. Unlike Traffic Light:

View attachment 210195

Thank you for clarifying that Fabian Wosar and for answering my question.

-John Jr
 
F

ForgottenSeer 72227

We are also currently looking into adopting protected processes. On Windows 10 at least. They will become a requirement soonish.

Interesting!

Does this mean that Microsoft will be making this a requirement for Windows 10 for all security vendors? If so, does that mean that a future "feature" update will essentially force this (not that it's a bad thing, it really is a good idea) or else the program won't be allowed to run on Windows 10?
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
Does this mean that Microsoft will be making this a requirement for Windows 10 for all security vendors? If so, does that mean that a future "feature" update will essentially force this (not that it's a bad thing, it really is a good idea) or else the program won't be allowed to run on Windows 10?
In order to register as an anti-virus inside the Action Center, the process who does the registration needs to be a protected process. Since most anti-virus vendors want to show up there, they have to do it. The change was already in some of the Windows Insider Builds, but they constantly pull it again because of various reasons.
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
What is the most secure operating system you tested? Thank you very much. Regards.
I don't test operating systems. There are considerable improvements in each Windows version. So, telemetry concerns aside, if you are a Windows user, Windows 10 is by far the most secure choice you have.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,868
Hello Fabian,
I don't know if the thread is still active or if you still have the time to reply but I've a specific question.

Back in 2011, I was attacked by a malware(I knew it was a malware but still ran it out of curiosity) which disabled my antivirus which was Norton at the time. I was able to remove Norton from my system and after that submitted the file to Virustotal and no AV was detecting it. Then I submitted that malware to AVG, Avast, Avira, Bitdefender, Kaspersky and Symantec. Within few days everyone of them except Bitdefender and Kaspersky were detecting it.

I still have that sample zipped on my pc. So, 2 days ago after 8 years I re-scanned the file on Virustotal and saw Bitdefender & Kaspersky still don't detect it.
I'm running a trial version of Emsisoft at the moment. So, I submitted it to you guys via email on March 18. I scanned the file on March 19 and voila Emsisoft is detecting the file now as "Trojan.GenericKD.41124697 (B) ". This made me so happy of course. I rescanned the file on Virustotal again today and now some more AV's are detecting that malware and almost all of them uses Bitdefender's signature.

So, my question is. What actually happened? Did my rescan of the file on Virustotal on March 18 triggered something from Bitdefender or is it after I uploaded to you, you sent it to Bitdefender and they added it to their definition. Can you clarify?
Adding screenshot of March 18 & March 20.
210976
210978
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,868
Almost certainly the rescan triggered it.
Thanks for answering. Another question regarding Emsisoft. I've two old malware samples which are detected by Emsisoft as "Win32.Parite.B". AV's like AVG, Avira, Bitdefender, Kaspersky, Windows Defender and some other can repair this particular malware. The size of my two .exe samples are 35 and 24 mb respectively and after repairing the size is reduced by 1 mb and the files are usable again. But Emsisoft doesn't have any repairing/cleaning/disinfecting feature. It quarantines this two samples. Is it intentional or somehow a limitation of the removal process?
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
The problem with disinfecting virus infections is, that it isn't perfect. Some AVs will do it, but the resulting files are often broken. Even if the file may work, there are a whole bunch of subtle bugs and issues that can occur (broken digital signatures, differential updates breaking because the file isn't exactly as it should be, future false positives because the virus body was only partially removed, the list goes on and on). If there was a way to perfectly restore files, we would consider it. But most viruses will overwrite certain fields in the PE header or other areas without storing the original values. So we don't do it as a general rule. If you have an actual virus infection, replace the affected files with originals. That's the only perfect fix.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,868
The problem with disinfecting virus infections is, that it isn't perfect. Some AVs will do it, but the resulting files are often broken. Even if the file may work, there are a whole bunch of subtle bugs and issues that can occur (broken digital signatures, differential updates breaking because the file isn't exactly as it should be, future false positives because the virus body was only partially removed, the list goes on and on). If there was a way to perfectly restore files, we would consider it. But most viruses will overwrite certain fields in the PE header or other areas without storing the original values. So we don't do it as a general rule. If you have an actual virus infection, replace the affected files with originals. That's the only perfect fix.
So, surely removing instead of disinfecting seems like the wisest thing to do. Ok, no more questions from me. I just only wish after Emsisoft's deal runs out with Bitdefender, you switch to something like Avira maybe. We all know Avira's signatures are great and you also mentioned in a previous reply that ditching Bitdefender would reduce scanning time by a significant margin. Also, Bitdefender's signatues size is huge while Avira is much smaller so that would probably require less space on HDD as well as less data to download.
Thanks for your time :giggle:
 

klaba

New Member
Mar 24, 2019
1
Does Apple's MacOS need any extra Antimalware solution? Does Emsisoft have any plans on expanding their product line to MacOS?

What's your favorite OS and why?
 
  • Like
Reactions: oldschool

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top