Advice Request I am head of research at Emsisoft. Ask me anything! :)

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
Telemetry is important and useful, for any company. We started collecting telemetry as well (although nowhere near as some other companies do). Is it considered private information if there is a record which buttons were clicked how many times? I would argue not. So telemetry on its own isn't that particularly problematic. It becomes an issue once you have someone with a lot of data and they start combining the various separate datasets where you run into potential issues. If you have a record of those buttons were clicked, that telemetry was sent from this IP and that IP also did a license check during update and that license belongs to user RoboMan, then all these single pieces of information themselves aren't a threat to your privacy but combined they tell people with access a lot about you and your habits.

In some countries, there is a legislature against combining data sets like this. Germany is one of them. But depending on your own country, you may or may not be protected. Personally, I am not super paranoid about it. I reduce data collection if I can and opt out of stuff if possible. But I don't go to those extreme lengths as some other people do.
 

Threadripper

Level 9
Verified
Well-known
Feb 24, 2019
408
Just wanted to say I'm loving Emsisoft (and that sexy dark GUI mmm) as well as MyEmsisoft - it truly is enterprise grade and I guess I'll be purchasing it. Is there any way to add devices to a workspace if they already have Emsisoft installed? Couldn't find a way, sorry if it's obvious.
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
Pretty much all systems are based on human-assisted machine learning. Meaning: They are trained using data that was selected and prepared by humans. I doubt there has been a single AV in the past 15 years that hasn't used some form of machine learning or "AI" of some form either inside the software or their backend. So it's essentially just a bunch of marketing.
 

Gravity

New Member
Apr 11, 2019
2
Hi Fabian Wosar
I have your product on trial, and considering shifting from Avira to Emsisoft, due to many reasons, but mostly due to your commitment to help others and Emsisoft privacy policy. I can see that you have left Av-comparative. But how do you ensure that your product is better or equal to your competitors software ( quality check )? And as a potential customer how can I know what level of protection I will receive, buying your software .
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
We still participate in some tests, like VB100 as well as AvLab. Other than that, we don't require a third-party testing lab, testing with a handful (compared to what is out there every single day) of samples per month to know how good or bad we are compared to other companies. We literally perform thousands of small scale tests every single day to make sure we stay on top of things. We have feedback loops and metrics from customers to see if they get hit and with what as well. So participation in AV tests has never been about "quality checks" as it is completely unfit to replace QA in-house when it comes to ensuring protection quality, to begin with.

The truth is this: AV tests are marketing tools. Nothing else. Picking 100 samples per month out of a pool of tens of millions will tell you absolutely nothing about the effectiveness of an AV. Quite frankly: The malware hub here in this forum probably tests with more samples than AV-Test or AV-C do every month for their "real world protection" tests.

The other aspect is, that we never really fit into these tests, to begin with. For example, we constantly got penalized in the form of false positives due to how our surf protection works, as we don't want to compromise our user's privacy and security and therefore used DNS filtering instead of intercepting encrypted traffic. So if a domain was also hosting other stuff besides malware, that was counted as an FP for us as we didn't block only the malicious download but all downloads.

Of course, we could have just thrown our commitment to our users' privacy overboard and just do like everyone else does: Break open every single one of your connections, probably screwing up TLS in the process and then ultimately ending up leaving your system open to more severe threats than most malware pose.

So ultimately we had to ask ourselves: Do we want to build software that protects our user's from actual real-life threats or do we want to build a product that solely suites AV testers.

It's an open secret that most AV vendors who consistently do well in these tests have dedicated teams that try to optimise their product's specifically to get a great score. Whether that is trying to figure out the threat intel feeds that the testing companies use, to obtain access to them as well and therefore know the samples in advance, or more shady methods like outright adding mechanisms to their products that attempt to recognise when their product is being "tested" so they could then cheat (think "Dieselgate" but for AVs).

You may think, that great performance in these tests would automatically translate into great real-life performance, but that simply isn't true. Just visit any of the big tech support communities that provide help with malware infections and check out the products these users had installed when they got infected. You will quickly notice there, that a majority of those products that get a perfect score in tests on a regular basis, don't do that well in the real world.

We, therefore, decided to just stop participating in the big tests and stop playing these kinds of games. It's not like positive or negative results had any measurable impact on our revenue and sales anyway. We are better off putting that money into more developers (yes: plural) and focus on what we are arguably best at: Keeping our users safe.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
We still participate in some tests, like VB100 as well as AvLab. Other than that, we don't require a third-party testing lab, testing with a handful (compared to what is out there every single day) of samples per month to know how good or bad we are compared to other companies. We literally perform thousands of small scale tests every single day to make sure we stay on top of things. We have feedback loops and metrics from customers to see if they get hit and with what as well. So participation in AV tests has never been about "quality checks" as it is completely unfit to replace QA in-house when it comes to ensuring protection quality, to begin with.

The truth is this: AV tests are marketing tools. Nothing else. Picking 100 samples per month out of a pool of tens of millions will tell you absolutely nothing about the effectiveness of an AV. Quite frankly: The malware hub here in this forum probably tests with more samples than AV-Test or AV-C do every month for their "real world protection" tests.

The other aspect is, that we never really fit into these tests, to begin with. For example, we constantly got penalized in the form of false positives due to how our surf protection works, as we don't want to compromise our user's privacy and security and therefore used DNS filtering instead of intercepting encrypted traffic. So if a domain was also hosting other stuff besides malware, that was counted as an FP for us as we didn't block only the malicious download but all downloads.

Of course, we could have just thrown our commitment to our users' privacy overboard and just do like everyone else does: Break open every single one of your connections, probably screwing up TLS in the process and then ultimately ending up leaving your system open to more severe threats than most malware pose.

So ultimately we had to ask ourselves: Do we want to build software that protects our user's from actual real-life threats or do we want to build a product that solely suites AV testers.

It's an open secret that most AV vendors who consistently do well in these tests have dedicated teams that try to optimise their product's specifically to get a great score. Whether that is trying to figure out the threat intel feeds that the testing companies use, to obtain access to them as well and therefore know the samples in advance, or more shady methods like outright adding mechanisms to their products that attempt to recognise when their product is being "tested" so they could then cheat (think "Dieselgate" but for AVs).

You may think, that great performance in these tests would automatically translate into great real-life performance, but that simply isn't true. Just visit any of the big tech support communities that provide help with malware infections and check out the products these users had installed when they got infected. You will quickly notice there, that a majority of those products that get a perfect score in tests on a regular basis, don't do that well in the real world.

We, therefore, decided to just stop participating in the big tests and stop playing these kinds of games. It's not like positive or negative results had any measurable impact on our revenue and sales anyway. We are better off putting that money into more developers (yes: plural) and focus on what we are arguably best at: Keeping our users safe.

With this in mind how should an every day user decide what security product to use? Most don’t frequent malware and security forums on the internet, but it would be good for the industry and competition if people could make informed decisions. So they look at the lab scores and reviews on pc sites that hit the top list in google. There must be a better way to inform general users.
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
With this in mind how should an every day user decide what security product to use? Most don’t frequent malware and security forums on the internet, but it would be good for the industry and competition if people could make informed decisions. So they look at the lab scores and reviews on pc sites that hit the top list in google. There must be a better way to inform general users.
I already mentioned how you should pick your AV: Install it on your system. If you like it, it works well on your system and it doesn't annoy you constantly, so you feel compelled to turn it off every few minutes, then you found your product. Trying to find "the best" is a fruitless endeavour. You will have a hard time even defining what the best even is.

Different products have different advantages and disadvantages. One may do really well protecting from PUPs, another one is really good at detecting ransomware and the next one is like really good at stopping bots. None of the products is the best in all categories and depending on your own personal habits you may not care about certain categories of malware. If you are the type of person who likes testing freeware tools and installs and tries out new freeware all the time, PUP protection may be valued much higher by you than someone who doesn't. Unfortunately, tests don't give you insights into the exact compositions of their samples either in many cases. So they wouldn't help you anyway. That leaves you one thing: Just install it and try it out.

One last personal note: In my experience, there has been a big shift in the user mentality over recent years. When you look at surveys, you will see how protection has become less and less important to users over time and how different product aspects overtook it. Lack of false positives, performance, annoyance factor and privacy tend to value a lot more to users than they used to. The reason for that, in my opinion, is, that the protection level of pretty much all major products has kind of evened out over the years in regards to widespread malware with differences often being minuscule. So whether a given AV detects potentially 0.1% more malware than the other one in a given month, with the ranking changing from month to month, matters a lot less these days, so other aspects become a lot more important for users.
 

Cumbrian Moon

New Member
Apr 8, 2019
2
As I see it, privacy with AV vendors & others is becoming more of a consideration with users & Emsisoft is becoming more & more of an attractive AV solution as the months go by, which I suppose is why I will renew my subs & recommend it to those who ask. Thanks Fabian.
 

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
Most of Tor users usually connect to tor via their vpn ( you - vpn - tor - internet), even if this may not be a good idea in some cases.
What do you think of the reverse approach (you - tor - vpn - internet) from an anonymity standpoint? I know you will be surfing really slow and you cannot access the deep web, however I would like to know what do you think about it.
I have never used tor nor I intend to use it right now
 
Last edited:
  • Like
Reactions: brambedkar59

robin hood

Level 4
Verified
Dec 12, 2012
173
to expect in the next version link scanner and fw(bitdefebder traffic lite....)? A good combination at fw with emsi?(sorry for bad english)
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
Most of Tor users usually connect to tor via their vpn ( you - vpn - tor - internet), even if this may not be a good idea in some cases.
What do you think of the reverse approach (you - tor - vpn - internet) from an anonymity standpoint? I know you will be surfing really slow and you cannot access the deep web, however I would like to know what do you think about it.
I have never used tor nor I indend to use it right now
I am not even sure that will work. Usually VPNs will use UDP for performance reasons. Tor is essentially a SOCKS proxy. While SOCKS5 in theory supports UDP, in practice it is quite problematic and not a lot of server implementations support it. So you would have to use TCP for the VPN connection, which has a whole slew of different issues.

Given that you need to pay for the VPN, having your connections exit at the VPN, may expose you more than the other way around. It all depends on whether the VPN company logs or not.
 

Fabian Wosar

From Emsisoft
Thread author
Verified
Developer
Well-known
Jun 29, 2014
260
to expect in the next version link scanner and fw(bitdefebder traffic lite....)? A good combination at fw with emsi?(sorry for bad english)
I have no idea what you are asking. Maybe ask in your native language and someone else or Google can translate it?

Also as a personal note: While I greatly appreciate all the questions, I will ask to have this thread closed on Monday. That means you have around two more days to get your questions in.

This probably won't be the last AMA I will do. Since you guys enjoyed it quite a bit, we are thinking of doing an AMA on a semi-regular basis and open it up to more communities and social media. So if you missed this one, you will definitely get another chance in the future. :)
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Well, thank you for this thread, I gleaned a bit from it. It will be a tough act to follow and you'll likely repeat yourself in later ones but it's a great and informative way to keep Emsisoft in the public's eye. :emoji_ok_hand:

My question: if you felt burnt out and wanted to move on, what would you consider doing? Would you ever feel free from those who have declared vengeance against you?
 

robin hood

Level 4
Verified
Dec 12, 2012
173
I have no idea what you are asking. Maybe ask in your native language and someone else or Google can translate it?
Emsi no firewall, should I put and who?When i search for something on google,I do not see the links safe.(bitdefender trafficlight,web reputation)...sorry for bad english.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top