Emsisoft Scanner Tests

B

Bear Bottoms

Should have a URL pointing to Emsisoft for their their data, not a
graphic from their web site hosted on your web site which you probably
do not have permission to host or you could have modified. Possibly
both.

Sorry to dissappoint you. The way I came about that image was I noticed
Emsisoft had updated their scanner to Emsisoft Emergency Kit...a portable
offering. After downloading and executing the program, that image popped up
I suppose as a one time ad, and I took a screenshot of it.

I didn't have the URL for the image and I didn't look for it, as I had the
image already to share.
 
S

Shadow

http://bearware.info/screenshots/Img000.png

The latest tests done by Emsisoft themselves.

I could send you an image of me looking like Conan, the
barbarian, but wtf, you would probably guess it was a photoshop.

I have been using Emsisoft Emergency Kit, with PUP detection
turned off. It still flags around 80% false positives. Including a lot
of Nir programs, Cain, and other utilities.

Be very careful on what you delete.
[]'s

PS Where can I submit false positives to Emsisoft ? Will they
honor them ?
 
D

Dustin

StevieO said:
Your torrent downloading is different?

This should go without saying, but a torrent file contains meta data only.
Many freeware/opensource projects are released via torrent. WoW and other
online games use torrent protocol to provide game updates.

Thanks!
 
S

Shadow

From: "Shadow said:
http://bearware.info/screenshots/Img000.png

The latest tests done by Emsisoft themselves.

I could send you an image of me looking like Conan, the
barbarian, but wtf, you would probably guess it was a photoshop.

I have been using Emsisoft Emergency Kit, with PUP detection
turned off. It still flags around 80% false positives. Including a lot
of Nir programs, Cain, and other utilities.

Be very careful on what you delete.
[]'s

PS Where can I submit false positives to Emsisoft ? Will they
honor them ?

http://support.emsisoft.com/forum/58-false-positives/

Thanks for the link.
I went there, almost signed up, then read the policy and the
way they treated the members.
Cain is NOT malicious. At most it is a PUP, as are most of the
Nirsoft utilities. Someone reported it as a false positive, and got
shut up by a moderator.
I mean, WhyTF is a "hacktool" considered malware, if it can't
be remotely controlled ? If it does no harm at all to your PC ?
Not my kind of scene at all.
IMHO
[]'s
 
J

James E. Morrow

Just when I thought your testing methodology had issues, You'll even use
media puff pieces as official results.. Tell me something Bear, are you
"testing" by scanning a folder full of files you don't know for sure are
infact, malware? LOLz!

Bear appears to be conducting blind testing of malware. Now we can see
just how blind it really is. '=)
 
S

Shadow

Bear appears to be conducting blind testing of malware. Now we can see
just how blind it really is. '=)
Hey Bear
My last scan with Emsisoft: :

Files: 472268
Traces: 405133
Cookies: 0
Processes: 30

Found

Files: 49
Traces: 12
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 29/02/2012 21:07:26
Scan time: 7:23:58

Of which ONE was a REAL malware. The others were false
positives. False positives are a PITA.
[]'s
 
B

Bear

Of which ONE was a REAL malware. The others were false
positives. False positives are a PITA.

The are not false positives. The software properties are those of malware.
You can easily submit the files to various services if you can't determine
which are false positives or not.

I would much prefer a few false positives over missed malware and one thing
you can be certain about, Emsisoft will catch more of those than any other.

To help ya:
Upload Malware
Anubis
Comodo Instant Malware Analysis
Comodo Valkyrie
GFI Sandbox
GFI Threat Track
EUREKA Malware Analysis Internet Service
Joebox
Norman SandBox
ThreatExpert
ViCheck
F-Secure Online Analysis
Avira Online Analysis
Malwr Analysis
Microsoft Analysis Services
Ether
NSI Sandbox
Online Malware Files Scan

VirusTotal
Jotti's malware scan
Virscan
Metascan-online
Dr Web Online Scan
 
F

FromTheRafters

Bear said:
The are not false positives. The software properties are those of malware.

What do you mean by "The software properties are those of malware."?
 
B

Bear

What do you mean by "The software properties are those of malware."?

Just that. A lot of software, especially security tools use code that
hackers also use or so similar they would be amiss in not alerting you
about the possibility. Of course, Emsisoft should have a better system to
'white list' many well known tools it alerts on, but I would rather an
alert and let me determine if it is good or not than miss something that is
malware. Besides, that very code /could/ be used within that program to
help enact and hide their injection code. What you think is a false
positive may not really be and is worth a second look.

Emsisoft will catch what other miss more often and more thoroughly and I
can put up with a few false positives as a trade off. Much better than not
good enough.

http://www.sans.org/security-resources/idfaq/false_alarms.php
 
B

Bear

Emsisoft will catch what other miss more often and more thoroughly and
I can put up with a few false positives as a trade off. Much better
than not good enough.

I'll add that Emsisoft's detection rate is the best in the business and
regardless of the fact it has more false positives, best in the business
means it detects more actual malware than the others. Good enough for me.

That also means it's competitors miss more malware than Emsisoft does...by
a good margin...if that wasn't clear.
 
F

FromTheRafters

Bear said:
Just that. A lot of software, especially security tools use code that
hackers also use or so similar they would be amiss in not alerting you
about the possibility.

I suspected that was what you meant, and sometimes the only difference
between an administrative tool and malware is in its usage. Shadow
didn't give enough information for any conclusion on your part about
whether or not they were false positives in *this* case.
Of course, Emsisoft should have a better system to
'white list' many well known tools it alerts on, but I would rather an
alert and let me determine if it is good or not than miss something that is
malware. Besides, that very code /could/ be used within that program to
help enact and hide their injection code. What you think is a false
positive may not really be and is worth a second look.

I also like the better safe than sorry aspect of FP detections. They can
be a pain, and finding one is certainly no reason to re-image a system.
Emsisoft will catch what other miss more often and more thoroughly and I
can put up with a few false positives as a trade off. Much better than not
good enough.

Everyone has their own comfort level as regards FPs.

[...]
 
F

FromTheRafters

Bear said:
I'll add that Emsisoft's detection rate is the best in the business and
regardless of the fact it has more false positives, best in the business
means it detects more actual malware than the others. Good enough for me.

That also means it's competitors miss more malware than Emsisoft does...by
a good margin...if that wasn't clear.
What's not clear here is how you equate a detection rate without regard
for the FPs. Detection rates (and tests generally) always diminish a
rating when FPs are encountered.

http://vx.netlux.org/lib/static/vdat/epperfct.htm
 
B

Bear

What's not clear here is how you equate a detection rate without regard
for the FPs. Detection rates (and tests generally) always diminish a
rating when FPs are encountered.

Not in my opinion. I would rather the best overall detection even if it
included more false positives, as I can figure out those and if a user
can't, there are tools available to help him figure out if it is a false
positive.

I would certainly not prefer a tool that picks up less malware but does a
great job not producing false positives...to me that is a duh.

Emsisoft picks up more malware than all it's competitors. That may change
in the future, as Comodo's tools are really great also and getting
better...I use both regularly at the moment.

Comodo's killswitch has replaced my task manager tool. It runs whenever I
do something that may be worthy of it's capabilities. Excellent tool.
 
B

Bear

Everyone has their own comfort level as regards FPs.

I agree...I just offer my opinions. They obviously get along fine with
their comfort levels...so likely their opinion is just as good as mine.

Obviously I think my opinion offers better protection given the facts of
the issue. I will however, change my opinion when I am proven wrong by
someone or something or some technology comes along that is better.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top