Cyber Defense Magazine

Cyber Defense Test Labs Review: Emsisoft Anti-Malware 7.0

Cyber Defense Test Labs Review: Emsisoft Anti-Malware 7.0

February 04
16:22 2013

cyber Def

 

Introduction

Cyber Defense Magazine (CDM) launched the Cyber Defense Test Labs (CDTL) to test and highlight some of the lesser known anti-virus players and next generation anti-malware solutions on the market. While some are much less significant in size, like Emsisoft, who prides themselves on being one of the leading ‘virtual’ companies in INFOSEC, with engineers spread throughout the globe, they remain lesser known brands like Symantec and McAfee, yet their products outperform and outshine these bigger brands. What we like most about Emsisoft is how easy the product installs, how quickly it runs and how little ‘footprint’ it takes during scanning and malware blocking operations. Please read on and learn more about Emsisoft in their award winning product review.

Company Snapshot

Emsisoft was founded in 2003 with lots of anti-trojan, anti-keylogger and firewalling experience including the acquisition of the Online Armor firewall. The company has been growing slowly and organically through revenues only, with no sources of outside funding. This is our Editor’s favorite model – sweat equity and gaining happy customers who then spread the news via word of mouth. Same model we are using to build Cyber Defense Magazine. This is only one of the many reasons this product suite has been selected as Editor’s Choice. The company is registered in Salzburg, Austria, however, leveraging the ‘virtual office’ model and telecommuting so popular in Europe, Emsisoft employees are spread around the world. With full-timers, freelancers, part-timers and contractors, Emsisoft has 22 team members. With slow and steady growth, Emsisoft has millions of downloads of their software in 2012. While they are still one of the smallest vendors and the underdog, they have done things that companies with thousands of employees in the INFOSEC space have been unable to accomplish.

Customer Service

They offer customer service in 11 different languages (English, German, Russian, Spanish, French, Italian, Portuguese, Greek, Dutch, Polish and Romanian) via email, but also via phone and remote connection on demand. They guarantee within 24 hours response time and their customer satisfaction level is very high. When it comes to “EMERGENCY” malware infection removal, they do a wonderful job – they passionately enjoy helping folks get rid of infections (and learning how to improve their product in the process), so Emsisoft also offers a free of charge service on our support forum to help getting rid of any infection. Emsisoft actually believes that it is wrong to charge people in such high stress level situations. If they are convinced by the capabilities of the support team and the malware removal products and services, Emsisoft believes good potential customers will purchase a license afterwards anyway – this is also another reason why they have made Editor’s Choice this year. What a wonderful philosophy they’ve put into action. Talk about a ‘positive’ charma approach to cleaning up malware. As a result, they have very passionate customer reviews and testimonials throughout the web. If you just search ‘Emsisoft positive reviews’ you’ll see many.

Customer References

While they won’t name any customers, they are mostly focused on the CONSUMER and are just now expanding into the small to medium size (SMB) market with the beta version of their centralized command center, called the Emsisoft Enterprise Console. Many of their consumers who have experienced an infection found that they did not have to wipe the hard-drive to remove the malware using Emsisoft and throughout the web you will find very positive reviews, comments and feedback.

Malware Database, Updates, Scanning and Blocking

Emsisoft Anti-Malware uses two scanner engines. One is licensed from Bitdefender and the other is now officially their own scanner engine that specializes in detecting the harder malware traces to find and remove while the Bitdefender engine does a great job finding and catching the more popular malware infections. On top of Bitdefender’s MD5 hashed malware signature database, Emsisoft has over 10 million additional unique malware patterns – this is one of the reasons they run so efficiently. They use patterns to detect malware so if you have one of the 100,000 possible derivatives of W32 for example, they only need a few pattern samples to detect all of these variants. On top of that, Emsisoft updates their database every hour, if there are any changes or improvements, you’ll have them very quickly.

Zero-day Malware Detection and Blocking – Strong Multi-scanner Protection

Emsisoft offers frequent, on-demand cloud-based updates, on an hourly schedule. They make claims that this solution can stop all malware including zero-day and it turns out that if you use their product as documented, they may actually be able to hold up to this claim. One of the challenges they face in their attempt to reach this goal is the ‘noisiness’ of their product in the sense that it can operate in a nearly-paranoid mode, warning you about all malicious behavior including that which we all find acceptable today – such as SKYPE opening ports and operating like covert-channel malware, which technically is mal-behavior. On the bright side, they blocked all the malware we threw at them including many nasty zero-day variants.

Dealing with False Positives – Might Keep You A Bit Busy

You really need to deal with what some might call ”paranoid” popups but by doing so, your system remains secure and if you are a geek who enjoys knowing exactly what is happening with your system, Emsisoft knows and tells you, every time. On the scanner and cleanup side you have to be careful quarantining or removing components of trusted applications that trigger alarms with Emsisoft, based on mal behavior. You may trust the program but it may hook the keyboard or install a wierd driver or like SKYPE, open ports without your permission. If a piece of the program ends up in the quarantine, it won’t work anymore. You can remove it from the quarantine and you can submit the file directly to Emsisoft so they will review it and decide if they feel that it is a false positive and in one of their frequent updates they will let you know that they agree with you and will offer to unquarantine the file or files. Because they have millions of users, this happens frequently so you’ll get some files optionally unquarantined even if you weren’t the one to submit them to Emsisoft for review.

Innovation, Uniqueness and Next Generation

We think Emsisoft has a cutting-edge anti-malware solution. Add the Emsisoft Online Armor firewall to the mix and you have a very “BlackICE” like HIPS engine. Now here’s where it can get noisy but it’s always to your benefit – it monitors all system areas that might be subject for attacks. If something is changed by unknown software, users will see an alert and can decide how to proceed and store a rule for that decision. However it must be clearly said that HIPS technology is ideal for advanced users by design. The best alert system doesn’t help if a novice user just clicks “allow” on each of those ‘nasty’ alert boxes. As a result, Emsisoft focused on development of a behavior blocking technology, very early in the game. Emsisoft was one of the first vendors that offered a ‘working’ behavior blocker in Emsisoft Anti-Malware back in 2005 and they also offer a pure behavior blocker product called “Mamutu Behavior Blocker” in parallel. The idea is simple: Each malware behaves in a malicious way, no matter how it does that in technical aspects. A Trojan always sends data, a keylogger always logs keyboard input, a backdoor always open a back door. Their software watches all running programs for such activities in realtime and alerts if something suspicious is done. However the biggest challenge was to reduce the number of wrong alerts caused by good programs that behave very similar to malware to an absolute minimum. After many years of fine tuning Emsisoft claims to have actually cracked the problem and today they have earned other lab test awards with their behavior blocker when classic signature based detection reaches its limit on zero-day malware attacks.

Free Trials, Platforms, Pricing and Availability

We love free tools, although the hyperlink is subject to change, here is where you will find Emsisoft’s trials and free tools:

http://www.emsisoft.com/en/software/download/

Their solutions run on most Windows-only platforms and their pricing is set at market rates.   What more could you ask for in malware cleanup for FREE – kudos to Emsisoft for putting together a powerful detection and cleanup suite so we can avoid the all too frequent disk wipe and re-image.

Summary

By living up to their promise of blocking all malware, both known and unknown, combining two best-of-breed multiple anti-malware scanner engines with the constantly updated Online Armor firewall, with a complex graphical user interface (GUI), exposing lots of features and functions, they receive our Editor’s Choice Anti-virus Solution Award for 2013.

(Sources:  CDM and Emsisoft)

Share

Related Articles