Advice Request I am head of research at Emsisoft. Ask me anything! :)

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
714
I'd like to see Emsisoft scans, detections, reports.... render hash.
Last time I trialed EAM.....scans, reports, etc. felt lacking information.
Just me.
Thanks
 

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Hello Fabian,

Some questions from my side:
- why don't you automatically show the AMN findings for all files in the BB tab?

- if you check for a program property in BB it will check AMN...why doesn't it automatically block it as soon as it finds out the file is malicious through AMN?

- did you solve the detection issue with signed malware/ when will the update be available?

- imagine you have a young child that wants to follow your lead .....how would you train him/her, what would he/she start with...and then...then?

- powershell is not needed by many and can be uninstalled but this is still not enough as you stated in a previous answer.
What's the best way to protect from it/ from the script interpreter /command line parser, what else can a user do?

- what VM do you use to test malware and which one would you recommend here?
How do you "harden it" to reduce the chance the malware detects it?

- how you find out if a file is malicious? Do you run it and check what they do- in this case what programs do you use, how do you proceed- or do you immediately check their code?

Thank you
 
Last edited:

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
- why don't you automatically show the AMN findings for all files in the BB panel?
Privacy reasons. Not everyone is fine with us knowing all the programs they are running.

- if you check for a program property in BB it will check AMN...why doesn't it automatically block it as soon as it finds out the file is malicious through AMN?
The function isn't supposed to be used in that way and more for informational value. If we wanted to do something like that, we would outright check every starting application against the cloud, to begin with. Kind of like SmartScreen.

- did you solve the detection issue with signed malware/ when will the update be available?
There are multiple outstanding issues with signed malware. Which specific one are you talking about?

- imagine you have a young child that wants to follow your lead .....how would you train him/her, what would he/she start with...and then...then?
Same as for anyone else really. There are pretty amazing programming books for kids and especially recently there are a lot of high school competitions and CTFs going on. CyberFirst in the UK is a great example.

- powershell is not needed by many and can be uninstalled but this is still not enough as you stated in a previous answer.
What's the best way to protect from it/ from the script interpreter /command line parser, what else can a user do?
Uninstalling Powershell is the only thing a user can do really. Doing anything else will seriously mess up your Windows installation as so much depends on it. Luckily uninstalling Powershell will also break the majority of malware using it. It just won't stop a truly motivated attacker. But that's the case with everything.

- what VM do you use to test malware and which one would you recommend here?
How do you "harden it" to reduce the chance the malware detects it?
VMware. No special hardening. If malware is vm-aware, I just patch the checks out.

- how you find out if a file is malicious? Do you run it and check what they do- in this case what programs do you use, how do you proceed- or do you immediately check their code?
We do have a sandbox system to detonate malware files in for a quick first look (kind of like Hybrid Analysis). If that doesn't show anything in particular, I usually just jump straight to a debugger and disassembler to check out the code.
 
F

ForgottenSeer 72227

Thanks for the reply, looking forward to seeing what you come up with in regards to sandboxing EAM.(y)

Asides from the Emsisoft blog, do you have any other security blogs and or podcasts that you read/listen to?

What was your first ever video game (console or PC)? For me the earliest video game(s) that I can remember playing for the first time was back in the original Nintendo days. Duck hunter, blades of steel and the first 3 Mario games were my go to at the time. :)
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
Asides from the Emsisoft blog, do you have any other security blogs and or podcasts that you read/listen to?
Mostly Twitter and Reddit. I do have a list of curated subreddits:


What was your first ever video game (console or PC)? For me the earliest video game(s) that I can remember playing for the first time was back in the original Nintendo days. Duck hunter, blades of steel and the first 3 Mario games were my go to at the time. :)
Sokoban on a C64. Good old cassette drives. :love:
 

trandung

New Member
May 20, 2018
7
They require certain groundwork that isn't in yet, because it is specific to Windows 8/10 only and we still need to support Windows 7.
Thanks for your reply. So what do you think about providing a platform-specific installer (Windows 7 and Windows 8/10) or something similar? I like EAM and I think it's great if EAM fully supports Windows 10 security technologies like AMSI, ELAM, CFG ...
 
  • Like
Reactions: show-Zi

motox781

Level 10
Verified
Well-known
Apr 1, 2015
483
Do you see IOT malware being an issue in 2019 and beyond? Such as someone turning off my fridge or blowing up my toaster?

And that leads me to a different question too, do you see AV's moving from Windows/Mac to router based such as Gryphon to protect the entire home network?

@ForgottenSeer 58943 too
 
  • Like
Reactions: show-Zi

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
Do you see IOT malware being an issue in 2019 and beyond? Such as someone turning off my fridge or blowing up my toaster?
That has already been answered:

 

motox781

Level 10
Verified
Well-known
Apr 1, 2015
483
Thanks. I can only see it ending badly (eventually) considering many security patches will prob never happen.

How about AVs moving to router protection...1st layer of protection. It seems this is a rational move?
 
  • Like
Reactions: show-Zi

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
And that leads me to a different question too, do you see AV's moving from Windows/Mac to router based such as Gryphon to protect the entire home network?
I find the thought of trying to protect your IoT devices by just adding another IoT device in your network kind of ironic. ;)

In general, these boxes have two issues:
  1. In order to intercept downloads and web traffic, they have to MITM all your web traffic. That is something that many people tried to do and they repeatedly messed it up. I absolutely doubt they will be the ones that got it right this time. They too will not update OpenSSL in time one day and expose all their users to SSL/TLS vulnerabilities like Kaspersky and many others did before them. That is if they even get the certificate verification right, which they likely won't. Not to mention that it will outright break certain security features like certificate pinning for example.
  2. For proper protection, you really require behaviour data collected right on the endpoint. So if you have to install an AV on every Windows and Mac client anyway to have proper protection, why have a box that snoops around in all your traffic and may potentially send it god knows where?
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363

This is AV Lab commenting on the progressive privacy-oriented approach of Emsisoft and their relatively new browser extension.

The article credits Emsisoft for its consumer-oriented privacy approach, and pointedly notes that Avast actively violates your privacy and monetizes your data.

210321



So to this, I say Thank You to Emsisoft and Fabian........... and Cheers.

:emoji_beer::emoji_beer:
 

motox781

Level 10
Verified
Well-known
Apr 1, 2015
483
I find the thought of trying to protect your IoT devices by just adding another IoT device in your network kind of ironic. ;)

In general, these boxes have two issues:
  1. In order to intercept downloads and web traffic, they have to MITM all your web traffic. That is something that many people tried to do and they repeatedly messed it up. I absolutely doubt they will be the ones that got it right this time. They too will not update OpenSSL in time one day and expose all their users to SSL/TLS vulnerabilities like Kaspersky and many others did before them. That is if they even get the certificate verification right, which they likely won't. Not to mention that it will outright break certain security features like certificate pinning for example.
  2. For proper protection, you really require behaviour data collected right on the endpoint. So if you have to install an AV on every Windows and Mac client anyway to have proper protection, why have a box that snoops around in all your traffic and may potentially send it god knows where?

For answer 2, I am no expert such as yourself, but I have to wonder...if 2021 rolls around and the market increases ~10 fold with IOT devices (which it prob will) running outdated android or linux OS that are plagued with security holes, how else better to protect them then at the source (router)?

Sorry if technically that may or may not have made sense...I am not a CS major...but I am trying to understand how 4+ extra devices (fridge, toaster, microwave, A/C unit, bulb, etc) on a network without any protection installed locally on each unit can be protected?

So my question in general would be, you sold me for my protection on Windows machines (which I appreciate you doing this at MalwareTips). How can Emsisoft in the future protect my outdated IOT devices also? Wouldn't the home router make sense?

EDIT: I see your post about a router being a IOT device. I understand that, but wouldn't you consider a well oiled router being no different than a well oiled program? Answer 1 is something that I can't answer (over my head), maybe you can chime in more or @ForgottenSeer 58943 can as he seems to be well versed in this such field.
 
Last edited:

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
So my question in general would be, you sold me for my protection on Windows machines (which I appreciate you doing this at MalwareTips). How can Emsisoft in the future protect my outdated IOT devices also? Wouldn't the home router make sense?
Absolutely nothing can protect your outdated IoT device. The same way absolutely nothing is going to protect your Windows XP box. Throw it in the garbage.

That is why I said, that this is not a problem that technology can solve. We require intervention by lawmakers to ensure IoT devices can only be sold if proper patch cycles and security practices are in place long term.

At the moment you are "protected" by the fact, that the device is probably not accessible from the internet. Every plastic router you get from your ISP offers that protection. But that will change with IPv6 as NAT is no longer a thing there (it technically is still a thing, but is highly discouraged by the IETF). Not to mention that outdated IoT devices may try to access IPs or domains that no longer exist, that someone may grab, to download and execute code from.

In the end, even some box will not keep your outdated IoT toys safe. Unless that box is configured to make sure your IoT device can't access the internet.
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,714
What about a special deal or discount for us loyal malwaretips.com fellows? :cool::emoji_ok_hand:
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,250
My first PC was a 486 DX2 with 66 MHz, 8 MB of RAM, 400 MB of HDD and an SVGA graphics card. It was a beast at the time. ;)
I think mine ran off bigg floppies and often needed reloading of the OS. Came with W95 or earlier versions.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top