Advice Request I am head of research at Emsisoft. Ask me anything! :)

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Hello Fabian, I was testing Emsisoft's behavior blocker against some popular ransomwares(These) and it was able to detect and quarantine all of them but still one of them(I forgot which one) did some damage because Emsisoft asked me to reboot my system but it failed to boot. I had to reinstall the OS. You are probably familiar with what I'm trying to say here. TBH, I was testing some other AV's too and some of their BB couldn't even detect anything.
My actual question is, if I face such issues and email it to the support email, will they forward that to your team so that you guys can have a look and maybe update something to prevent this from happening? Or maybe you recommend some other ways to reach you?
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
My actual question is, if I face such issues and email it to the support email, will they forward that to your team so that you guys can have a look and maybe update something to prevent this from happening? Or maybe you recommend some other ways to reach you?
You can send them to submit@emsisoft.com. Make sure to mention explicitly that it is a behaviour blocker bypass. They will make sure it ends up where it needs to be. :)
 

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Hello Fabian,
Few new questions from my side:
- how good is resetting a router in deleting a malware on the device? Do you know (many) malware that "survive" a reset?
- does Emsi in a VM, e.g virtualbox, provide the same protection& detection as on a normal partition (without VM)?
- Emsisoft normally trusts signed files, can a (paranoid) user disable this?
- what are Emsisoft's weaknesses and what can user do to mitigate these (what additional programs do you recommend using)?

Thank you!
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
- how good is resetting a router in deleting a malware on the device? Do you know (many) malware that "survive" a reset?
Define a reset. If you mean the reset button, then no. It's not enough. That just resets the settings. If by reset you mean you reflash the router. Then yes. That will get rid of it.

- does Emsi in a VM, e.g virtualbox, provide the same protection& detection as on a normal partition (without VM)?
Yes.

- Emsisoft normally trusts signed files, can a (paranoid) user disable this?
No.

- what are Emsisoft's weaknesses and what can user do to mitigate these (what additional programs do you recommend using)?
I am not a fan of stacking lots of applications on top of each other. That is usually only going to end in a major headache. I would recommend:
  • an anti-virus that works well on your system
  • Edge, Chrome, or a Chromium-based browser; Firefox will be my pick once they implement proper sandboxing
  • uBlock Origin (the only ad-blocker worth using; rest is either worse than uBlock or simply not trustworthy)
  • cloud-based backup (Carbonite is decent but they throttle; Backblaze is also decent but doesn't support proper zero-knowledge; SpiderOak is great if you can get over their horrible UI and don't mind paying a premium)
That's it for the most part. Feel free to uninstall Windows Scripting Host, Powershell and everything else you don't need them or restrict components via Group Policies. But personally, I don't even bother with that.
 

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
@Fabian Wosar ,

Thank you. (y)
With reflashing the router do you mean connecting a Ethernet cable and in the router menu replacing/updating the firmware with a clean copy of it or a special procedure?
Isn't it possible for a malware to avoid this and even fake the update/flashing of the firmware?
If possible, how many malware do you know that can do it?
 

Nevi

Level 11
Verified
Top Poster
Well-known
Apr 7, 2016
500
Hi Fabian
Do you have any custom rules,aka host names or IPs that could be implemented in surf protection?
I remember Mamuto, and I still think it would be a big hit if you made it available to the masses again. You dont have any plans about that I imagine? Right now there are a big hole as no one offer something like a BB as stand alone solution.It would be a HIT.:D
 
  • Like
Reactions: brambedkar59

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
With reflashing the router do you mean connecting a Ethernet cable and in the router menu replacing/updating the firmware with a clean copy of it or a special procedure?
No. Just reinstall the firmware. Often routers even have a recovery mode in case a firmware flash went wrong that sits on a separate non-writeable chip that can't be touched by malware. I know my ASUS router has at least.

Isn't it possible for a malware to avoid this and even fake the update/flashing of the firmware?
In theory, yes. I don't think anyone goes that far yet though. Plus there are also recovery flash modes as mentioned above. Most IOT malware doesn't even survive just rebooting the device.

If possible, how many malware do you know that can do it?
I am not an IOT malware expert. So if there is one, I don't know about it.

Do you have any custom rules,aka host names or IPs that could be implemented in surf protection?
If I had one, they would be inside the surf protection database already. ;)

I remember Mamuto, and I still think it would be a big hit if you made it available to the masses again. You dont have any plans about that I imagine? Right now there are a big hole as no one offer something like a BB as stand alone solution.It would be a HIT.:D
It wouldn't be. It would be a big hit here and maybe Wilders. People would wait for huge discounts or free offers or ask for it to be free to begin with and nobody would want to pay for it. When we cancelled Mamutu it has less than 100 paying customers. And yes, back then nobody else was offering BB as a standalone solution either. Literally, nothing has changed since then.
 

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
Is the professional figure of security manager required by a lot of companies, according to your opinion?
 
  • Like
Reactions: oldschool

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
You mean like a CSO?
I don’t think so. It’s a new figure, which is born together with the data protection officer. It basically is a figure which combines the technical aspect of cyber security with the managerial one
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Fabian,

You have made stated in some way (I don't remember exactly) that free AVs are never really free.

Free AVs serve as ad servers, they monetize your data in possibly multiple ways, they lack key components that AVs should have, they have no support...

With Avast and Kaspersky, I've heard rumors (from people in the industry) of worse with their free products.

Is everything stated above correct from your perspective?

Is there more..?


Thank you.

v/r Burrito
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
Is everything stated above correct from your perspective?
Yeah. Just keep in mind not all do this. I mean all try to upsell you in one way or another, but some are less bad than others.

What antivirus engine does Emsisoft use?
Bitdefender and our own engine.

Yeah, sorry for the misunderstanding. Do you believe right now and in the future it will be a really required position? Thanks in advance...
Once your company has a certain size, definitely.
 

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,706
1) Any new feature going to be add soon?

2) Do you visit the DeepWeb to track newest malware, attack, exploit, and other tactics hackers are planning?

3) Do you use VPN? If yes what is your favorite VPN?
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
What do you think about general online privacy? About moanings about Google monitoring, Microsoft, Facebook? Do you think all the telemetry is necessary for offering better services? Does it involve a risk to our security or privacy?
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top