- May 17, 2015
- 705
I am head of research at Emsisoft. Ask me anything! :)
- Thread starter Fabian Wosar
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Status
- Jun 29, 2014
- 260
Both of those are covered by the behaviour blocker already.
- May 17, 2015
- 705
I'd like to see Emsisoft scans, detections, reports.... render hash.
Last time I trialed EAM.....scans, reports, etc. felt lacking information.
Just me.
Thanks
Last time I trialed EAM.....scans, reports, etc. felt lacking information.
Just me.
Thanks
- Jun 29, 2014
- 260
We do log hashes for some cases, but not all of them and the Forensic Log and the scan reports aren't consistent. It's something that's on the list of stuff we would like to improve.
- Jul 22, 2014
- 2,525
Hello Fabian,
Some questions from my side:
- why don't you automatically show the AMN findings for all files in the BB tab?
- if you check for a program property in BB it will check AMN...why doesn't it automatically block it as soon as it finds out the file is malicious through AMN?
- did you solve the detection issue with signed malware/ when will the update be available?
- imagine you have a young child that wants to follow your lead .....how would you train him/her, what would he/she start with...and then...then?
- powershell is not needed by many and can be uninstalled but this is still not enough as you stated in a previous answer.
What's the best way to protect from it/ from the script interpreter /command line parser, what else can a user do?
- what VM do you use to test malware and which one would you recommend here?
How do you "harden it" to reduce the chance the malware detects it?
- how you find out if a file is malicious? Do you run it and check what they do- in this case what programs do you use, how do you proceed- or do you immediately check their code?
Thank you
Some questions from my side:
- why don't you automatically show the AMN findings for all files in the BB tab?
- if you check for a program property in BB it will check AMN...why doesn't it automatically block it as soon as it finds out the file is malicious through AMN?
- did you solve the detection issue with signed malware/ when will the update be available?
- imagine you have a young child that wants to follow your lead .....how would you train him/her, what would he/she start with...and then...then?
- powershell is not needed by many and can be uninstalled but this is still not enough as you stated in a previous answer.
What's the best way to protect from it/ from the script interpreter /command line parser, what else can a user do?
- what VM do you use to test malware and which one would you recommend here?
How do you "harden it" to reduce the chance the malware detects it?
- how you find out if a file is malicious? Do you run it and check what they do- in this case what programs do you use, how do you proceed- or do you immediately check their code?
Thank you
Last edited:
- Jun 29, 2014
- 260
Privacy reasons. Not everyone is fine with us knowing all the programs they are running.
The function isn't supposed to be used in that way and more for informational value. If we wanted to do something like that, we would outright check every starting application against the cloud, to begin with. Kind of like SmartScreen.
There are multiple outstanding issues with signed malware. Which specific one are you talking about?
Same as for anyone else really. There are pretty amazing programming books for kids and especially recently there are a lot of high school competitions and CTFs going on. CyberFirst in the UK is a great example.
Uninstalling Powershell is the only thing a user can do really. Doing anything else will seriously mess up your Windows installation as so much depends on it. Luckily uninstalling Powershell will also break the majority of malware using it. It just won't stop a truly motivated attacker. But that's the case with everything.
VMware. No special hardening. If malware is vm-aware, I just patch the checks out.
We do have a sandbox system to detonate malware files in for a quick first look (kind of like Hybrid Analysis). If that doesn't show anything in particular, I usually just jump straight to a debugger and disassembler to check out the code.
Thanks for the reply, looking forward to seeing what you come up with in regards to sandboxing EAM.
Asides from the Emsisoft blog, do you have any other security blogs and or podcasts that you read/listen to?
What was your first ever video game (console or PC)? For me the earliest video game(s) that I can remember playing for the first time was back in the original Nintendo days. Duck hunter, blades of steel and the first 3 Mario games were my go to at the time.
Asides from the Emsisoft blog, do you have any other security blogs and or podcasts that you read/listen to?
What was your first ever video game (console or PC)? For me the earliest video game(s) that I can remember playing for the first time was back in the original Nintendo days. Duck hunter, blades of steel and the first 3 Mario games were my go to at the time.
- Jun 29, 2014
- 260
Mostly Twitter and Reddit. I do have a list of curated subreddits:
security subreddits curated by u/fwosar
Create customizable feeds of Reddit content from multiple different communities and topics.
www.reddit.com
Sokoban on a C64. Good old cassette drives.What was your first ever video game (console or PC)? For me the earliest video game(s) that I can remember playing for the first time was back in the original Nintendo days. Duck hunter, blades of steel and the first 3 Mario games were my go to at the time.
Thanks for your reply. So what do you think about providing a platform-specific installer (Windows 7 and Windows 8/10) or something similar? I like EAM and I think it's great if EAM fully supports Windows 10 security technologies like AMSI, ELAM, CFG ...
- Apr 1, 2015
- 483
Do you see IOT malware being an issue in 2019 and beyond? Such as someone turning off my fridge or blowing up my toaster?
And that leads me to a different question too, do you see AV's moving from Windows/Mac to router based such as Gryphon to protect the entire home network?
@ForgottenSeer 58943 too
And that leads me to a different question too, do you see AV's moving from Windows/Mac to router based such as Gryphon to protect the entire home network?
@ForgottenSeer 58943 too
- Jun 29, 2014
- 260
That has already been answered:
Advice Request - I am head of research at Emsisoft. Ask me anything! :)
Hello everyone, As mentioned in the current EAM release thread, I talked to @Jack and he allowed me to create an AMA thread for you to ask whatever you want really. If you ever wanted to see some internal tools, had some questions about malware research or Emsisoft products like the upcoming...
malwaretips.com
- Jun 29, 2014
- 260
I find the thought of trying to protect your IoT devices by just adding another IoT device in your network kind of ironic.
In general, these boxes have two issues:
- In order to intercept downloads and web traffic, they have to MITM all your web traffic. That is something that many people tried to do and they repeatedly messed it up. I absolutely doubt they will be the ones that got it right this time. They too will not update OpenSSL in time one day and expose all their users to SSL/TLS vulnerabilities like Kaspersky and many others did before them. That is if they even get the certificate verification right, which they likely won't. Not to mention that it will outright break certain security features like certificate pinning for example.
- For proper protection, you really require behaviour data collected right on the endpoint. So if you have to install an AV on every Windows and Mac client anyway to have proper protection, why have a box that snoops around in all your traffic and may potentially send it god knows where?
- May 16, 2018
- 1,363
Ochrona dla popularnych przeglądarek licząca się z prywatnością użytkownika » AVLab.pl
Emsisoft to znana nam dobrze firma tworząca oprogramowanie do ochrony systemów Windows. Producenta cenimy za minimalizm, propagowanie prywatności oraz dobrą
avlab.pl
This is AV Lab commenting on the progressive privacy-oriented approach of Emsisoft and their relatively new browser extension.
The article credits Emsisoft for its consumer-oriented privacy approach, and pointedly notes that Avast actively violates your privacy and monetizes your data.
So to this, I say Thank You to Emsisoft and Fabian........... and Cheers.
- Apr 1, 2015
- 483
I find the thought of trying to protect your IoT devices by just adding another IoT device in your network kind of ironic.
In general, these boxes have two issues:
- In order to intercept downloads and web traffic, they have to MITM all your web traffic. That is something that many people tried to do and they repeatedly messed it up. I absolutely doubt they will be the ones that got it right this time. They too will not update OpenSSL in time one day and expose all their users to SSL/TLS vulnerabilities like Kaspersky and many others did before them. That is if they even get the certificate verification right, which they likely won't. Not to mention that it will outright break certain security features like certificate pinning for example.
- For proper protection, you really require behaviour data collected right on the endpoint. So if you have to install an AV on every Windows and Mac client anyway to have proper protection, why have a box that snoops around in all your traffic and may potentially send it god knows where?
For answer 2, I am no expert such as yourself, but I have to wonder...if 2021 rolls around and the market increases ~10 fold with IOT devices (which it prob will) running outdated android or linux OS that are plagued with security holes, how else better to protect them then at the source (router)?
Sorry if technically that may or may not have made sense...I am not a CS major...but I am trying to understand how 4+ extra devices (fridge, toaster, microwave, A/C unit, bulb, etc) on a network without any protection installed locally on each unit can be protected?
So my question in general would be, you sold me for my protection on Windows machines (which I appreciate you doing this at MalwareTips). How can Emsisoft in the future protect my outdated IOT devices also? Wouldn't the home router make sense?
EDIT: I see your post about a router being a IOT device. I understand that, but wouldn't you consider a well oiled router being no different than a well oiled program? Answer 1 is something that I can't answer (over my head), maybe you can chime in more or @ForgottenSeer 58943 can as he seems to be well versed in this such field.
Last edited:
- Jun 29, 2014
- 260
Absolutely nothing can protect your outdated IoT device. The same way absolutely nothing is going to protect your Windows XP box. Throw it in the garbage.
That is why I said, that this is not a problem that technology can solve. We require intervention by lawmakers to ensure IoT devices can only be sold if proper patch cycles and security practices are in place long term.
At the moment you are "protected" by the fact, that the device is probably not accessible from the internet. Every plastic router you get from your ISP offers that protection. But that will change with IPv6 as NAT is no longer a thing there (it technically is still a thing, but is highly discouraged by the IETF). Not to mention that outdated IoT devices may try to access IPs or domains that no longer exist, that someone may grab, to download and execute code from.
In the end, even some box will not keep your outdated IoT toys safe. Unless that box is configured to make sure your IoT device can't access the internet.
- Jan 29, 2015
- 96
What about a special deal or discount for us loyal malwaretips.com fellows?
Expired - Emsisoft Anti-Malware Giveaway
LIve! Ends On April 15,2019 Emsisoft Anti-Malware Giveaway We would like to thank Emsisoft for giving us the opportunity to give away these (32) Emsisoft Anti-Malware (1) Year / (1) PC licenses. *Licenses need to be used by 2019-06-07 13:59 UTC Emsisoft Anti-Malware Complete...
malwaretips.com
I think mine ran off bigg floppies and often needed reloading of the OS. Came with W95 or earlier versions.My first PC was a 486 DX2 with 66 MHz, 8 MB of RAM, 400 MB of HDD and an SVGA graphics card. It was a beast at the time.
- Nov 19, 2014
- 2,350
@Fabian Wosar So someone had the great idea to remove the loyalty scheme that you had for forever. Loyal users no longer interesting or global economic crisis has finally hit emsisoft?
- Status
Similar threads
