To Supplement EAM or Not?

Discussion in 'Emsisoft' started by SearchLight, Nov 26, 2017.

?

Would you use EAM to protect your PC by itself or supplement it?

Poll closed Dec 3, 2017.
  1. Yes, I would use EAM by itself to protect my PC.

    38.8%
  2. No, I would add another security program as a supplement.

    61.2%
  1. bribon77

    bribon77 Level 11

    Jul 6, 2017
    507
    3,464
    spain
    Windows 7
    Emsisoft
    Well this is out of the question sorry. But I can't resist the temptation to ask, @danb. For when VS in Spanis??
     
    simmerskool, Opcode and _CyberGhosT_ like this.
  2. Arequire

    Arequire Level 18

    Feb 10, 2017
    898
    2,803
    United Kingdom
    Windows 7
    Default-Deny
    #62 Arequire, Nov 27, 2017
    Last edited: Nov 27, 2017
    My solution to this - for the one PC that I share with another who isn't particularly security conscious - is to completely deny them the ability to allow anything that isn't already on the whitelist. Left clicking of prompts is disabled and to allow anything they'd have to re-enable left clicking which requires them to insert a password that only I know.
     
    Opcode and shmu26 like this.
  3. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,283
    13,637
    Utopia
    That's the way to do it. You locked down the system.
     
    Opcode and Arequire like this.
  4. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    892
    6,326
    Caille
    Windows 10
    #64 Opcode, Nov 27, 2017
    Last edited: Nov 27, 2017
    That is fair enough in my opinion; your computer therefore your rules. I don't have a problem with default-deny at all, I might not use it but that doesn't mean I'm not a fan of it... I certainly am a fan of it. What I was saying earlier wasn't me bashing default-deny, my point wasn't even about one being better than the other. :)

    If I had a system which was being shared then chances are I'd probably do the same as you. I am not sure, I wouldn't know until I am in the situation.
     
    simmerskool, harlan4096 and shmu26 like this.
  5. Arequire

    Arequire Level 18

    Feb 10, 2017
    898
    2,803
    United Kingdom
    Windows 7
    Default-Deny
    #65 Arequire, Nov 27, 2017
    Last edited: Nov 27, 2017
    Yeah, I agree with your point. If a user isn't knowledgeable about how something like VS works and they go ahead and click allow on all prompts that pop up then their system stands no chance. Sadly those are the people who probably need stuff like default-deny more than those of us who actually take a vested interest in our online security; they're more likely to run into malware thus more likely to benefit from having anything malicious blocked before it's allowed to execute.
     
    harlan4096, shmu26 and Opcode like this.
  6. SearchLight

    SearchLight Level 3

    Jul 3, 2017
    134
    221
    New Jersey
    Windows 10
    Malwarebytes
    #66 SearchLight, Nov 27, 2017
    Last edited: Nov 27, 2017
    Really an impressive and informative discussion amongst experts and newbies. I appreciate the debate, and guidance.

    Someone like myself, depends upon receiving accurate security information to make an informed, and the operative word is "informed" decision.

    Programs like VoodooShield Free, which I have tried, sometimes display info about programs that I have not heard about or am aware, and the only choice that I have is to Allow or Block. This opens up the potential for mistakes and malware penetration. As a result, not feeling reassured, I have had to uninstall it.

    Being that EAM has a great reputation and is capable of making an informed decision regarding whether a program is safe or otherwise, I find reassuring.

    That being said, if EAM were to be supplemented like some are recommending, what program would be a safe bet as far as guiding the user to making an informed decision? Specifically meaning like a recommendation, or an evaluation by the cloud for example?

    I have also seen some recommendations regarding using Sandboxie or ShadowDefender with EAM. Thoughts on these as alternates?

    Or bottom line, just use EAM and forget everything else?
     
    Nightwalker and Gandalf_The_Grey like this.
  7. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,697
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    #67 Umbra, Nov 27, 2017
    Last edited: Nov 28, 2017
    What i do with my friends using EAM is that i install the Virus Total Uploader application, so i teach them if they download something and EAM block it, and if they truly believes it is what they must need, i require them to use the uploader to check the file; if many vendors detect it as malicious, they shouldn't go further and then delete the file.

    EAM already uses its own cloud reputation system. so in that regard users are covered.

    Good complements, they do what EAM doesn't. I rather use those softs alongside EAM than any others.
    Sandboxie (by default) will isolate/block stuff coming from browsers and selected folders (download, etc...).
    Shadow Defender will virtualize the whole system (it doesn't focuses on malware, it just negate any changes happening in the system, legit or malicious),
    By default settings both are susceptible to keyloggers since they don't have active malware detection, it is where EAM is efficient.

    You can of course. Just maintain safe habits and common sense to minimize risks.
     
    simmerskool, Opcode, bribon77 and 2 others like this.
  8. HarborFront

    HarborFront Level 34
    Content Creator

    Oct 9, 2016
    2,305
    5,771
    Far East
    I'm using EAM with SD. So far so good

    :)
     
  9. SearchLight

    SearchLight Level 3

    Jul 3, 2017
    134
    221
    New Jersey
    Windows 10
    Malwarebytes
    [/QUOTE][/QUOTE]

    Thanks Umbra for the detailed and lengthy response.

    I trialed SD but my concern about making Windows Updates exclusions, and turning it on and off to update, made it convoluted for me, so I removed it.

    Regarding Sandboxie, I have a lifetime license but my problem is that I use an outside browser download manager, IDM, which no matter what I try, does not become isolated by Sandboxie, and hence the resulting downloaded file, makes SB a deal breaker for me so i removed that.

    Now I have just EAM, and a new Windows Firewall add-on Glasswire Pro to harden it a little further. This may be all that I need now. I also just installed the VTUploader like you suggested.
     
    Opcode, Umbra and Gandalf_The_Grey like this.
  10. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,283
    13,637
    Utopia
    If you want info to make an informed decision, Voodooshield is the best. It tells you right in the prompt (you need to enable prompts) what Virus Total thinks about the file, and it also tells you if the file has a valid digital signature, and what its risk rating is, as calculated by artificial intelligence.
    You can't get better than that.
    Some people install voodoo just for the info it gives, they don't even care about the protection, because they have other programs doing that.
     
    simmerskool likes this.
  11. SearchLight

    SearchLight Level 3

    Jul 3, 2017
    134
    221
    New Jersey
    Windows 10
    Malwarebytes
    Is this available in the Free or Paid version of VS?
     
    shmu26 likes this.
  12. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,283
    13,637
    Utopia
    Also in free version. When you install, it asks whether you want it automated, or you want to see prompts. I don't remember the exact wording.
    If you make the wrong choice, you can change it from settings, you untick "default/deny", if I remember right.
    In the language of VS, default/deny means you don't see a prompt, you just see a little toast notification that something was blocked.
    I trust that current VS users will correct any mistakes in this post, I am talking from memory.
     
    simmerskool likes this.
  13. SearchLight

    SearchLight Level 3

    Jul 3, 2017
    134
    221
    New Jersey
    Windows 10
    Malwarebytes
    Cannot untick "default/deny" in Free version to show prompts instead of balloon. Just installed and tried it.
     
    shmu26 likes this.
  14. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,283
    13,637
    Utopia
    So then you can choose it during installation. Do a full uninstall, you can save your rules if you wish, it is in the program data folder, just paste it back into place after reinstallation.
     
    SearchLight likes this.
  15. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,283
    13,637
    Utopia
    Better yet, ask on the voodooshield thread for exact instructions. I don't have it installed right now, and anyway, we are hijacking this thread.
     
  16. SearchLight

    SearchLight Level 3

    Jul 3, 2017
    134
    221
    New Jersey
    Windows 10
    Malwarebytes
    Agreed.

    However, after careful consideration, I have decided to use just EAM out of the box. By the time I get to configuring any of these supplemental programs just right, if I do it right, just opens the door to more potential vulnerabilities.

    For me, the lesson learned is to just install a good, renowned security program, and use common sense with my surfing, and downloading habits. No program will protect my PC 100% but at least, this one, can make a good deterrent.

    Thanks for your help and time.
     
    Opcode, bribon77 and Umbra like this.
  17. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,283
    13,637
    Utopia
    :)
    Best protection is good user habits.
     
    bribon77 likes this.
  18. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,283
    13,637
    Utopia
    BTW, @Umbra's suggestion to use Virus Total uploader in cases of doubt is a very good suggestion. Just keep in mind that brand-new files might not have been detected yet. And over the weekend, VT detection is slow and sluggish. But if you see on VT that the file is like 5-7 days old, you can assume that it's been checked out pretty well, unless you got it from a rare source.
     
    simmerskool, Opcode and Umbra like this.
  19. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,697
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    I used SD for years, the best way to use it is to NOT do any exceptions, you just defeat the whole purpose; when you have the cumulative Windows Updates, get out of shadow Mode, update, re-enable S.Mode after. It took you 30seconds and avoid troubles and hassles. i called that "maintenance". of Course, if you dislike doing it, it can be solved :p

    Yes IDM is a pain to isolate and sandboxie isn't helping on that. What i did when using both is to not isolate IDM itself, but put the destination folder (say "E:\my downloaded stuff") as "forced folder" so if i download a malware by accident, it got sandboxed in the folder if executed.

    simple and efficient, since you are in this forum and seems to listen carefully what people suggest, you know what are safe habits :)

    The best protection is to know how to avoid threats in the first place, not to react when they appears.
     
  20. SearchLight

    SearchLight Level 3

    Jul 3, 2017
    134
    221
    New Jersey
    Windows 10
    Malwarebytes
    Thanks Umbra for the suggestions.
     
    Umbra likes this.