Emsisoft Scanner Tests

Discussion in 'Anti-Virus' started by Bear, Feb 29, 2012.

  1. Bear

    Bear Guest

    Bear, Feb 29, 2012
    #1
    1. Advertisements

  2. Bear

    G. Morgan Guest

    G. Morgan, Feb 29, 2012
    #2
    1. Advertisements

  3. Bear

    Bear Bottoms Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
    news::

    > From: "Bear" <>
    >
    >
    >>
    >> The latest tests done by Emsisoft themselves.
    >>

    >
    > Should have a URL pointing to Emsisoft for their their data, not a
    > graphic from their web site hosted on your web site which you probably
    > do not have permission to host or you could have modified. Possibly
    > both.
    >
    >


    Sorry to dissappoint you. The way I came about that image was I noticed
    Emsisoft had updated their scanner to Emsisoft Emergency Kit...a portable
    offering. After downloading and executing the program, that image popped up
    I suppose as a one time ad, and I took a screenshot of it.

    I didn't have the URL for the image and I didn't look for it, as I had the
    image already to share.

    --
    Bear
    http://bearware.info
    The real Bear's header path is:
    news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail
     
    Bear Bottoms, Feb 29, 2012
    #3
  4. Bear

    StevieO Guest

    Your torrent downloading is different?


    "G. Morgan" <> wrote in message
    news:...
    Bear wrote:

    >http://bearware.info/screenshots/Img000.png
    >
    >The latest tests done by Emsisoft themselves.


    DMCA and Spam complaints sent to Cox.net , Emsisoft, and sunsite.dk.
     
    StevieO, Feb 29, 2012
    #4
  5. Bear

    Shadow Guest

    On Tue, 28 Feb 2012 19:02:15 -0600, Bear <>
    wrote:

    >http://bearware.info/screenshots/Img000.png
    >
    >The latest tests done by Emsisoft themselves.


    I could send you an image of me looking like Conan, the
    barbarian, but wtf, you would probably guess it was a photoshop.

    I have been using Emsisoft Emergency Kit, with PUP detection
    turned off. It still flags around 80% false positives. Including a lot
    of Nir programs, Cain, and other utilities.

    Be very careful on what you delete.
    []'s

    PS Where can I submit false positives to Emsisoft ? Will they
    honor them ?
    --
    Don't be evil - Google 2004
    We have a new policy - Google 2012
     
    Shadow, Feb 29, 2012
    #5
  6. Bear

    Dustin Guest

    Bear <> wrote in news:4f4d7919$0$292$14726298
    @news.sunsite.dk:

    > http://bearware.info/screenshots/Img000.png
    >
    > The latest tests done by Emsisoft themselves.
    >


    Just when I thought your testing methodology had issues, You'll even use
    media puff pieces as official results.. Tell me something Bear, are you
    "testing" by scanning a folder full of files you don't know for sure are
    infact, malware? LOLz!


    --
    Character is doing the right thing when nobody's looking. There are too
    many people who think that the only thing that's right is to get by, and
    the only thing that's wrong is to get caught. - J.C. Watts
     
    Dustin, Feb 29, 2012
    #6
  7. Bear

    Dustin Guest

    "StevieO" <> wrote in news:jil3qq$fmm$:

    > Your torrent downloading is different?


    This should go without saying, but a torrent file contains meta data only.
    Many freeware/opensource projects are released via torrent. WoW and other
    online games use torrent protocol to provide game updates.

    Thanks!


    --
    Character is doing the right thing when nobody's looking. There are too
    many people who think that the only thing that's right is to get by, and
    the only thing that's wrong is to get caught. - J.C. Watts
     
    Dustin, Feb 29, 2012
    #7
  8. David H. Lipman wrote:
    > From: "Dustin" <>
    >
    >> Bear <> wrote in news:4f4d7919$0$292$14726298
    >> @news.sunsite.dk:
    >>
    >>>
    >>> The latest tests done by Emsisoft themselves.
    >>>

    >> Just when I thought your testing methodology had issues, You'll even
    >> use media puff pieces as official results.. Tell me something Bear,
    >> are you "testing" by scanning a folder full of files you don't know
    >> for sure are infact, malware? LOLz!
    >>

    >
    > BB doesn't have samples. Nothing but bluster.
    >

    :blush:)
     
    FromTheRafters, Feb 29, 2012
    #8
  9. Bear

    Shadow Guest

    On Wed, 29 Feb 2012 10:22:19 -0500, "David H. Lipman"
    <DLipman~nospam~@Verizon.Net> wrote:

    >From: "Shadow" <>
    >
    >> On Tue, 28 Feb 2012 19:02:15 -0600, Bear <>
    >> wrote:
    >>
    >>> http://bearware.info/screenshots/Img000.png
    >>>
    >>> The latest tests done by Emsisoft themselves.

    >>
    >> I could send you an image of me looking like Conan, the
    >> barbarian, but wtf, you would probably guess it was a photoshop.
    >>
    >> I have been using Emsisoft Emergency Kit, with PUP detection
    >> turned off. It still flags around 80% false positives. Including a lot
    >> of Nir programs, Cain, and other utilities.
    >>
    >> Be very careful on what you delete.
    >> []'s
    >>
    >> PS Where can I submit false positives to Emsisoft ? Will they
    >> honor them ?

    >
    >http://support.emsisoft.com/forum/58-false-positives/


    Thanks for the link.
    I went there, almost signed up, then read the policy and the
    way they treated the members.
    Cain is NOT malicious. At most it is a PUP, as are most of the
    Nirsoft utilities. Someone reported it as a false positive, and got
    shut up by a moderator.
    I mean, WhyTF is a "hacktool" considered malware, if it can't
    be remotely controlled ? If it does no harm at all to your PC ?
    Not my kind of scene at all.
    IMHO
    []'s

    --
    Don't be evil - Google 2004
    We have a new policy - Google 2012
     
    Shadow, Feb 29, 2012
    #9
  10. In article <XnsA0089C2EEF733HHI2948AJD832@no>,
    says...
    > Bear <> wrote in news:4f4d7919$0$292$14726298
    > @news.sunsite.dk:
    >
    > > http://bearware.info/screenshots/Img000.png
    > >
    > > The latest tests done by Emsisoft themselves.
    > >

    >
    > Just when I thought your testing methodology had issues, You'll even use
    > media puff pieces as official results.. Tell me something Bear, are you
    > "testing" by scanning a folder full of files you don't know for sure are
    > infact, malware? LOLz!
    >


    Bear appears to be conducting blind testing of malware. Now we can see
    just how blind it really is. '=)

    --
    James E. Morrow
    Email to:
     
    James E. Morrow, Mar 2, 2012
    #10
  11. Bear

    Shadow Guest

    On Fri, 2 Mar 2012 11:13:41 -0600, James E. Morrow
    <> wrote:

    >In article <XnsA0089C2EEF733HHI2948AJD832@no>,
    > says...
    >> Bear <> wrote in news:4f4d7919$0$292$14726298
    >> @news.sunsite.dk:
    >>
    >> > http://bearware.info/screenshots/Img000.png
    >> >
    >> > The latest tests done by Emsisoft themselves.
    >> >

    >>
    >> Just when I thought your testing methodology had issues, You'll even use
    >> media puff pieces as official results.. Tell me something Bear, are you
    >> "testing" by scanning a folder full of files you don't know for sure are
    >> infact, malware? LOLz!
    >>

    >
    >Bear appears to be conducting blind testing of malware. Now we can see
    >just how blind it really is. '=)

    Hey Bear
    My last scan with Emsisoft: :

    Files: 472268
    Traces: 405133
    Cookies: 0
    Processes: 30

    Found

    Files: 49
    Traces: 12
    Cookies: 0
    Processes: 0
    Registry keys: 0

    Scan end: 29/02/2012 21:07:26
    Scan time: 7:23:58

    Of which ONE was a REAL malware. The others were false
    positives. False positives are a PITA.
    []'s
    --
    Don't be evil - Google 2004
    We have a new policy - Google 2012
     
    Shadow, Mar 2, 2012
    #11
  12. Bear

    Bear Guest

    Shadow <> wrote in news:6s82l71vq90rpabo63uuaoaai5l5dklo43@
    4ax.com:

    > Of which ONE was a REAL malware. The others were false
    > positives. False positives are a PITA.


    The are not false positives. The software properties are those of malware.
    You can easily submit the files to various services if you can't determine
    which are false positives or not.

    I would much prefer a few false positives over missed malware and one thing
    you can be certain about, Emsisoft will catch more of those than any other.

    To help ya:
    Upload Malware
    Anubis
    Comodo Instant Malware Analysis
    Comodo Valkyrie
    GFI Sandbox
    GFI Threat Track
    EUREKA Malware Analysis Internet Service
    Joebox
    Norman SandBox
    ThreatExpert
    ViCheck
    F-Secure Online Analysis
    Avira Online Analysis
    Malwr Analysis
    Microsoft Analysis Services
    Ether
    NSI Sandbox
    Online Malware Files Scan

    VirusTotal
    Jotti's malware scan
    Virscan
    Metascan-online
    Dr Web Online Scan

    --
    Bear
    http://bearware.info
    The real Bear's header path is:
    news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail
     
    Bear, Mar 2, 2012
    #12
  13. Bear wrote:
    > Shadow<> wrote in news:6s82l71vq90rpabo63uuaoaai5l5dklo43@
    > 4ax.com:
    >
    >> Of which ONE was a REAL malware. The others were false
    >> positives. False positives are a PITA.

    >
    > The are not false positives. The software properties are those of malware.


    What do you mean by "The software properties are those of malware."?
     
    FromTheRafters, Mar 2, 2012
    #13
  14. Bear

    Bear Guest

    FromTheRafters <> wrote in
    news:jirl65$9fl$:

    > Bear wrote:
    >> Shadow<> wrote in news:6s82l71vq90rpabo63uuaoaai5l5dklo43@
    >> 4ax.com:
    >>
    >>> Of which ONE was a REAL malware. The others were false
    >>> positives. False positives are a PITA.

    >>
    >> The are not false positives. The software properties are those of
    >> malware.

    >
    > What do you mean by "The software properties are those of malware."?
    >
    >


    Just that. A lot of software, especially security tools use code that
    hackers also use or so similar they would be amiss in not alerting you
    about the possibility. Of course, Emsisoft should have a better system to
    'white list' many well known tools it alerts on, but I would rather an
    alert and let me determine if it is good or not than miss something that is
    malware. Besides, that very code /could/ be used within that program to
    help enact and hide their injection code. What you think is a false
    positive may not really be and is worth a second look.

    Emsisoft will catch what other miss more often and more thoroughly and I
    can put up with a few false positives as a trade off. Much better than not
    good enough.

    http://www.sans.org/security-resources/idfaq/false_alarms.php



    --
    Bear
    http://bearware.info
    The real Bear's header path is:
    news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail
     
    Bear, Mar 3, 2012
    #14
  15. Bear

    Bear Guest

    Bear <> wrote in
    news:XnsA00ABAFED32E0bearbottoms1gmail.AC@130.225.254.104:

    > Emsisoft will catch what other miss more often and more thoroughly and
    > I can put up with a few false positives as a trade off. Much better
    > than not good enough.


    I'll add that Emsisoft's detection rate is the best in the business and
    regardless of the fact it has more false positives, best in the business
    means it detects more actual malware than the others. Good enough for me.

    That also means it's competitors miss more malware than Emsisoft does...by
    a good margin...if that wasn't clear.

    --
    Bear
    http://bearware.info
    The real Bear's header path is:
    news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail
     
    Bear, Mar 3, 2012
    #15
  16. Bear wrote:
    > FromTheRafters<> wrote in
    > news:jirl65$9fl$:
    >
    >> Bear wrote:
    >>> Shadow<> wrote in news:6s82l71vq90rpabo63uuaoaai5l5dklo43@
    >>> 4ax.com:
    >>>
    >>>> Of which ONE was a REAL malware. The others were false
    >>>> positives. False positives are a PITA.
    >>>
    >>> The are not false positives. The software properties are those of
    >>> malware.

    >>
    >> What do you mean by "The software properties are those of malware."?
    >>
    >>

    >
    > Just that. A lot of software, especially security tools use code that
    > hackers also use or so similar they would be amiss in not alerting you
    > about the possibility.


    I suspected that was what you meant, and sometimes the only difference
    between an administrative tool and malware is in its usage. Shadow
    didn't give enough information for any conclusion on your part about
    whether or not they were false positives in *this* case.

    > Of course, Emsisoft should have a better system to
    > 'white list' many well known tools it alerts on, but I would rather an
    > alert and let me determine if it is good or not than miss something that is
    > malware. Besides, that very code /could/ be used within that program to
    > help enact and hide their injection code. What you think is a false
    > positive may not really be and is worth a second look.


    I also like the better safe than sorry aspect of FP detections. They can
    be a pain, and finding one is certainly no reason to re-image a system.

    > Emsisoft will catch what other miss more often and more thoroughly and I
    > can put up with a few false positives as a trade off. Much better than not
    > good enough.


    Everyone has their own comfort level as regards FPs.

    [...]
     
    FromTheRafters, Mar 3, 2012
    #16
  17. Bear wrote:
    > Bear<> wrote in
    > news:XnsA00ABAFED32E0bearbottoms1gmail.AC@130.225.254.104:
    >
    >> Emsisoft will catch what other miss more often and more thoroughly and
    >> I can put up with a few false positives as a trade off. Much better
    >> than not good enough.

    >
    > I'll add that Emsisoft's detection rate is the best in the business and
    > regardless of the fact it has more false positives, best in the business
    > means it detects more actual malware than the others. Good enough for me.
    >
    > That also means it's competitors miss more malware than Emsisoft does...by
    > a good margin...if that wasn't clear.
    >

    What's not clear here is how you equate a detection rate without regard
    for the FPs. Detection rates (and tests generally) always diminish a
    rating when FPs are encountered.

    http://vx.netlux.org/lib/static/vdat/epperfct.htm
     
    FromTheRafters, Mar 3, 2012
    #17
  18. Bear

    Bear Guest

    FromTheRafters <> wrote in news:jirpon$536$1@dont-
    email.me:

    > What's not clear here is how you equate a detection rate without regard
    > for the FPs. Detection rates (and tests generally) always diminish a
    > rating when FPs are encountered.
    >


    Not in my opinion. I would rather the best overall detection even if it
    included more false positives, as I can figure out those and if a user
    can't, there are tools available to help him figure out if it is a false
    positive.

    I would certainly not prefer a tool that picks up less malware but does a
    great job not producing false positives...to me that is a duh.

    Emsisoft picks up more malware than all it's competitors. That may change
    in the future, as Comodo's tools are really great also and getting
    better...I use both regularly at the moment.

    Comodo's killswitch has replaced my task manager tool. It runs whenever I
    do something that may be worthy of it's capabilities. Excellent tool.

    --
    Bear
    http://bearware.info
    The real Bear's header path is:
    news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail
     
    Bear, Mar 3, 2012
    #18
  19. Bear

    Bear Guest

    FromTheRafters <> wrote in news:jirp5j$2gq$1@dont-
    email.me:

    > Everyone has their own comfort level as regards FPs.


    I agree...I just offer my opinions. They obviously get along fine with
    their comfort levels...so likely their opinion is just as good as mine.

    Obviously I think my opinion offers better protection given the facts of
    the issue. I will however, change my opinion when I am proven wrong by
    someone or something or some technology comes along that is better.

    --
    Bear
    http://bearware.info
    The real Bear's header path is:
    news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail
     
    Bear, Mar 3, 2012
    #19
  20. Bear wrote:
    > FromTheRafters<> wrote in news:jirpon$536$1@dont-
    > email.me:
    >
    >> What's not clear here is how you equate a detection rate without regard
    >> for the FPs. Detection rates (and tests generally) always diminish a
    >> rating when FPs are encountered.
    >>

    >
    > Not in my opinion.


    http://www.av-comparatives.org/comparativesreviews/false-alarm-tests

    [...]
     
    FromTheRafters, Mar 3, 2012
    #20
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Muttley

    Command Line Virus Scanner

    Muttley, Jun 30, 2003, in forum: Anti-Virus
    Replies:
    0
    Views:
    492
    Muttley
    Jun 30, 2003
  2. Bart Bailey

    Re: Please help me to test my scanner!

    Bart Bailey, Jul 15, 2003, in forum: Anti-Virus
    Replies:
    0
    Views:
    473
    Bart Bailey
    Jul 15, 2003
  3. Blevins

    Re: Please help me to test my scanner!

    Blevins, Jul 15, 2003, in forum: Anti-Virus
    Replies:
    0
    Views:
    491
    Blevins
    Jul 15, 2003
  4. Garcia

    tests

    Garcia, May 1, 2005, in forum: Anti-Virus
    Replies:
    2
    Views:
    214
    Joe Canuck
    May 1, 2005
  5. Nomen Nescio

    AV-Comparatives tests - fact or fiction?

    Nomen Nescio, Jan 9, 2010, in forum: Anti-Virus
    Replies:
    34
    Views:
    860
    Dustin Cook
    Jan 16, 2010
Loading...

Share This Page