B
G
G. Morgan
Bear said:
DMCA and Spam complaints sent to Cox.net , Emsisoft, and sunsite.dk.
B
Bear Bottoms
Sorry to dissappoint you. The way I came about that image was I noticed
Emsisoft had updated their scanner to Emsisoft Emergency Kit...a portable
offering. After downloading and executing the program, that image popped up
I suppose as a one time ad, and I took a screenshot of it.
I didn't have the URL for the image and I didn't look for it, as I had the
image already to share.
S
StevieO
Your torrent downloading is different?
DMCA and Spam complaints sent to Cox.net , Emsisoft, and sunsite.dk.
Bear said:
DMCA and Spam complaints sent to Cox.net , Emsisoft, and sunsite.dk.
S
Shadow
I could send you an image of me looking like Conan, the
barbarian, but wtf, you would probably guess it was a photoshop.
I have been using Emsisoft Emergency Kit, with PUP detection
turned off. It still flags around 80% false positives. Including a lot
of Nir programs, Cain, and other utilities.
Be very careful on what you delete.
[]'s
PS Where can I submit false positives to Emsisoft ? Will they
honor them ?
D
Dustin
Just when I thought your testing methodology had issues, You'll even use
media puff pieces as official results.. Tell me something Bear, are you
"testing" by scanning a folder full of files you don't know for sure are
infact, malware? LOLz!
D
Dustin
StevieO said:
This should go without saying, but a torrent file contains meta data only.
Many freeware/opensource projects are released via torrent. WoW and other
online games use torrent protocol to provide game updates.
Thanks!
F
FromTheRafters
David said:
)
S
Shadow
Thanks for the link.
I went there, almost signed up, then read the policy and the
way they treated the members.
Cain is NOT malicious. At most it is a PUP, as are most of the
Nirsoft utilities. Someone reported it as a false positive, and got
shut up by a moderator.
I mean, WhyTF is a "hacktool" considered malware, if it can't
be remotely controlled ? If it does no harm at all to your PC ?
Not my kind of scene at all.
IMHO
[]'s
J
James E. Morrow
Bear appears to be conducting blind testing of malware. Now we can see
just how blind it really is. '=)
S
Shadow
Hey Bear
My last scan with Emsisoft: :
Files: 472268
Traces: 405133
Cookies: 0
Processes: 30
Found
Files: 49
Traces: 12
Cookies: 0
Processes: 0
Registry keys: 0
Scan end: 29/02/2012 21:07:26
Scan time: 7:23:58
Of which ONE was a REAL malware. The others were false
positives. False positives are a PITA.
[]'s
B
Bear
The are not false positives. The software properties are those of malware.
You can easily submit the files to various services if you can't determine
which are false positives or not.
I would much prefer a few false positives over missed malware and one thing
you can be certain about, Emsisoft will catch more of those than any other.
To help ya:
Upload Malware
Anubis
Comodo Instant Malware Analysis
Comodo Valkyrie
GFI Sandbox
GFI Threat Track
EUREKA Malware Analysis Internet Service
Joebox
Norman SandBox
ThreatExpert
ViCheck
F-Secure Online Analysis
Avira Online Analysis
Malwr Analysis
Microsoft Analysis Services
Ether
NSI Sandbox
Online Malware Files Scan
VirusTotal
Jotti's malware scan
Virscan
Metascan-online
Dr Web Online Scan
F
FromTheRafters
Bear said:
What do you mean by "The software properties are those of malware."?
B
Bear
Just that. A lot of software, especially security tools use code that
hackers also use or so similar they would be amiss in not alerting you
about the possibility. Of course, Emsisoft should have a better system to
'white list' many well known tools it alerts on, but I would rather an
alert and let me determine if it is good or not than miss something that is
malware. Besides, that very code /could/ be used within that program to
help enact and hide their injection code. What you think is a false
positive may not really be and is worth a second look.
Emsisoft will catch what other miss more often and more thoroughly and I
can put up with a few false positives as a trade off. Much better than not
good enough.
http://www.sans.org/security-resources/idfaq/false_alarms.php
B
Bear
I'll add that Emsisoft's detection rate is the best in the business and
regardless of the fact it has more false positives, best in the business
means it detects more actual malware than the others. Good enough for me.
That also means it's competitors miss more malware than Emsisoft does...by
a good margin...if that wasn't clear.
F
FromTheRafters
Bear said:
I suspected that was what you meant, and sometimes the only difference
between an administrative tool and malware is in its usage. Shadow
didn't give enough information for any conclusion on your part about
whether or not they were false positives in *this* case.
I also like the better safe than sorry aspect of FP detections. They can
be a pain, and finding one is certainly no reason to re-image a system.
Everyone has their own comfort level as regards FPs.
[...]
F
FromTheRafters
What's not clear here is how you equate a detection rate without regardBear said:
for the FPs. Detection rates (and tests generally) always diminish a
rating when FPs are encountered.
http://vx.netlux.org/lib/static/vdat/epperfct.htm
B
Bear
Not in my opinion. I would rather the best overall detection even if it
included more false positives, as I can figure out those and if a user
can't, there are tools available to help him figure out if it is a false
positive.
I would certainly not prefer a tool that picks up less malware but does a
great job not producing false positives...to me that is a duh.
Emsisoft picks up more malware than all it's competitors. That may change
in the future, as Comodo's tools are really great also and getting
better...I use both regularly at the moment.
Comodo's killswitch has replaced my task manager tool. It runs whenever I
do something that may be worthy of it's capabilities. Excellent tool.
B
Bear
I agree...I just offer my opinions. They obviously get along fine with
their comfort levels...so likely their opinion is just as good as mine.
Obviously I think my opinion offers better protection given the facts of
the issue. I will however, change my opinion when I am proven wrong by
someone or something or some technology comes along that is better.
F