Advice Request I am head of research at Emsisoft. Ask me anything! :)

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
Thank you very much.
The name is still posted on the Japanese agency site (the download button is redirected to another site to download EEK).
211520


It is an unrelated topic, but goods like “Fabian Doll” are circulating in Japan. I look forward to future developments.
41TFbQvvPaL.jpg
 

xman68

New Member
Nov 25, 2018
2
Hello Fabian,
Thanks for this topic.
I also have some questions from you, and if you answer, I would be grateful to you.

1- Can you explain about your all skills and knowledge (your resume)? I want to know what are the most necessary skills for a malware specialist.
2- In your opinion, Will Emsisoft join the elders of the AV industry? Like Kaspersky, Symantec, McAfee, and others.
3-Is it possible to provide financial information about Emsisoft in 2018? Such as revenue, net income.
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
1- Can you explain about your all skills and knowledge (your resume)? I want to know what are the most necessary skills for a malware specialist.



2- In your opinion, Will Emsisoft join the elders of the AV industry? Like Kaspersky, Symantec, McAfee, and others.
Define elders. Unless any of those companies go belly up, they will always be the same amount of years older than us. Given that Emsisoft has been around for over 15 years already, I would argue we are already one of the older ones around.

3-Is it possible to provide financial information about Emsisoft in 2018? Such as revenue, net income.
We don't make any of that public, sorry.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Hello Fabian,
I want to ask something about the AVLab test for Online Banking.
I was really impressed how well Emsisoft did in the test. While most of the AV's required to have a separate banking protection, Emsisoft does everything with the default settings even AVLab said some nice things about the product.
The two tests that it failed, is it possible to protect users from that two particular issues in the future with default settings? Have you already done that after seeing the results or maybe you guys are working on that or something?

Full Report: https://avlab.pl/PDF_avlab/AVLab-Test-of-software-for-online-banking-protection.pdf
 
Last edited:

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
They didn't reveal exactly how they went about doing the MITM. In general, verifying SSL certificates is more of a browser thing. It may be something we could add to the Emsisoft Browser Security addon in the future. But there are no imminent plans to do it.

The biggest issue is, that a lot of enterprises in particular (and also some home users) want to MITM their SSL connections, so they can see what is in there. So even if we did decide to implement something like this, it would probably not be on by default.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
They didn't reveal exactly how they went about doing the MITM. In general, verifying SSL certificates is more of a browser thing. It may be something we could add to the Emsisoft Browser Security addon in the future. But there are no imminent plans to do it.

The biggest issue is, that a lot of enterprises in particular (and also some home users) want to MITM their SSL connections, so they can see what is in there. So even if we did decide to implement something like this, it would probably not be on by default.
I see. I'm not a fan of Anti-viruses MITMing browsers SSL connection either. That goes against the purpose of SSL. I have always kept it turned off in products like Kaspersky, Eset and Bitdefender.
Ok, thanks for explaining :giggle:
 

xman68

New Member
Nov 25, 2018
2
Define elders. Unless any of those companies go belly up, they will always be the same amount of years older than us. Given that Emsisoft has been around for over 15 years already, I would argue we are already one of the older ones around.

My purpose was not about age, but also in the market share, multiplicity of products, high revenue, and a leading brand.
Now, by new meaning, will Emsisoft be an outstanding player in the industry?
211570


Many thanks for your answers.
 

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
My purpose was not about age, but also in the market share, multiplicity of products, high revenue, and a leading brand.
Now, by new meaning, will Emsisoft be an outstanding player in the industry?
View attachment 211570

Many thanks for your answers.

(1) Every Anti-virus there uses their own engine.= Emsisoft is in house and Bitdefender.
(2) Each Anti-virus there discovered malware,exploits,rats.rootkits and ransomware, in what or which news have you either read or was it posted that Emsisoft did any of the above?
Remember i ended with a question mark.
(3) I think the question should be when will Emsisoft bring something to that market.
(4) If my memory serves me right the only thing they make is ransomware decoders or something to that effect.

will Emsisoft be an outstanding player in the industry?

I think they now have work to do to get there, so do like me & hope and pray for the best.
 
Last edited:
  • Like
Reactions: show-Zi

Buns

New Member
Feb 16, 2018
2
@Fabian Wosar I am learning so much from you. A completely different question! What is the purpose in using a VPN when the traffic that leaves the VPN server is not encrypted? I understand that if do use one, traffic is encrypted from the computer to the VPN server (though it can be traced back to us through correlation techniques). But , if traffic from VPN server to somewhere else cannot be tracked, then why use one? How can we be completely private online or maintain a decent amount of privacy? Any thoughts? thank you.
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
Now, by new meaning, will Emsisoft be an outstanding player in the industry?
I think that depends solely on the point of view. It would be possible for us to just accept one of the numbers of venture capital offers we got over the years, Then pump literally millions into sales staff and aggressive marketing, expand rapidly and then eventually end up being acquired or so big, that you start buying up other companies to further grow your user base, as price of acquisition of new users is getting too high. That's not really how our CEO (and the whole company really) ticks though. We are quite concerned about longevity and are in it for the long haul.
Do I believe we will be as big as Kaspersky one day with literally thousands of employees? No. But that's not necessary to create quality software.

(1) Every Anti-virus there uses their own engine.= Emsisoft is in house and Bitdefender.
There are a couple of products in there doing the same thing we do. Namely F-Secure and SentinelOne.

(2) Each Anti-virus there discovered malware,exploits,rats.rootkits and ransomware, in what or which news have you either read or was it posted that Emsisoft did any of the above?
There have been a couple of cases. For example, we reported and analysed CryptoLocker over two weeks before anyone else did. People didn't even have it on their radar. There are numerous cases like that. The problem is when a press outlet can quote a household name or a small company in New Zealand they will quote the household name. It's a bit unfair, but especially recently it is starting to shift a little and we get recognised for the work we do a lot more often by the press.
We also don't publish any information if said information can hurt users, unlike some other companies. One popular example is this one:

CryptoDefense: The story of insecure ransomware keys and self-serving bloggers

(4) If my memory serves me right the only thing they make is ransomware decoders or something to that effect.
We do a lot more than that.;) But yeah, we are probably best known as being "the ransomware people". Which is fine. :)

What is the purpose in using a VPN when the traffic that leaves the VPN server is not encrypted? I understand that if do use one, traffic is encrypted from the computer to the VPN server (though it can be traced back to us through correlation techniques). But , if traffic from VPN server to somewhere else cannot be tracked, then why use one? How can we be completely private online or maintain a decent amount of privacy? Any thoughts? thank you.
VPNs are useful if the network you are currently in can't be trusted (public wifi, living in a country with oppressive internet surveillance). However, if you connect to a VPN that is also inside an untrusted network, you obviously don't gain anything. For me, it's mostly a tool to get around Geo IP blocks really. If you want anonymity, you will have to use something like Tor that specifically avoids a lot of the pitfalls of normal VPNs (like making sure incoming and outgoing data can't be correlated and everything goes through dozens of networks that you would all have to monitor at the same time to keep track of packets etc.).
 
Last edited:

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
@Fabian Wosar Another question. I have a ransomware(.pumas extension) decrypter that was being detected as malware by Bitdefender hence by Emsisoft too. I submitted it to your submit email as False Positive and Malware Analyst, Elise van Dorp replied that she will forward the mail to Bitdefender. I sent that email less than 12 yours ago and today I checked again and Bitdefender is not detecting the decrypter as malware anymore. I don't know how fast they updated but it happened pretty fast I guess.
My question is, Did Emsisoft directly forwarding the mail to Bitdefender made the process faster rather than a random guy submitting via their website?
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
My question is, Did Emsisoft directly forwarding the mail to Bitdefender made the process faster rather than a random guy submitting via their website?
Correct. Public submission channels are usually subject to insane amounts of just random crap people submit. Everyone has their own definition of what they do or don't consider malicious. Then you have all the tinfoil hat people, who just submit every single file they get or find somehow "just to be sure". Public submissions are pretty much a complete and utter shitshow. I can't even count the number of times people find a "virus collection" of ancient DOS viruses, where half the samples are false positives, to begin with, that never even worked even during DOS days, and then clog up the submissions by submitting a thousand single COM files.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Correct. Public submission channels are usually subject to insane amounts of just random crap people submit. Everyone has their own definition of what they do or don't consider malicious. Then you have all the tinfoil hat people, who just submit every single file they get or find somehow "just to be sure". Public submissions are pretty much a complete and utter shitshow. I can't even count the number of times people find a "virus collection" of ancient DOS viruses, where half the samples are false positives, to begin with, that never even worked even during DOS days, and then clog up the submissions by submitting a thousand single COM files.
I can understand how annoying that can be. Ok, good to know that submitting directly to Emsisoft makes the process faster.
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
I mean, if you can pick between a company that allows you to help ransomware victims and create decrypters for them in your free time and a company that doesn't, which one would you choose?

This doesn't necessarily mean they don't have the right to do so and I can understand why they don't allow it (see the whole ComboFix spreading virus debacle a few years ago, with ComboFix being a project of one of the Malwarebytes employees as a prime example), but if I have the choice, I would pick the company that gives me more personal liberty and freedom over a company that is so concerned about their image and public perception and as a consequence refuses to help victims of ransomware even though they could very well help them.

They aren't the only ones either. A lot of AV companies have policies like that. So it's not a shot at GData specifically. Again, I understand why any company would have such policies. I just don't think it is right. So if I have a choice, I wouldn't pick them.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top