AV-C On-Demand detection of Emsisoft Antimalware released

Can be found here:

http://www.av-comparatives.org/en/comparativesreviews/single-product-reviews

Link to the pdf is here:

~Direct PDF link removed per AV-Comparatives request~

 

127 FP's... nice!

 

The majority of FPs are coming from Ikarus (109).

 

I'm trying to see what settings they've used for the test. I'm assuming that it's the default install settings. 127 FPs isn't very good IMHO.

 

That's a bit of an understatement.

 

Ikarus is also doing the majority of the detections.
Emsisoft doesn't make signatures for malware already detected by Ikarus. So the be honest Ikarus virus.utilities combined with Mamutu is almost the same as Emsisoft Anti-Malware.

 

the only good new is that they finally joined av-c test

with this result published I hope next version will have a greater result

 

Is the engine being still being developed? Might sound as a weird question but if so, why on earth do not they finally do something about the ridiculous FP rate?

 

No, they haven't joined AV-C on-going testing, this was just an singel product review test.

If they would have "joined" they should be included in this list of vendors:http://www.av-comparatives.org/en/home

And Yes, the FP rate was a bit too high!

 

IMHO Ikarus are a bit too "aggressive" at adding samples.......

 

Kudos for Emsisoft for not withholding this report/poor FP score.
+1 for transparancy.

 

well, sure thing - too much fps, but this also could be very good thing. Tell you why. I ran Emsisoft AM on my office pc and it flagged soft on my pc to record chats on yahoo etc. I removed it ;-) On the other hand I dont use chat soft on my pc ;-), but I feel better ;-)

 

You could've removed it normally if you did a little search (no harder than running an AM). FPs are never a good thing.

 

Post by Emsisoft:
http://www.anti-malware-reviews.com/2011/04/19/top-detection-score-on-av-comparatives-test/

 

They are investigating the issue with the FPs? Really? They have had high FPs for as long as I can remember but they notice it just now? Or have they been investigating this whole time but just can't find the cause?
I also like how they praise their high detection rate and only vaguely/briefly mention the FP thing, as if it's nothing. Great transparency right there.

 

+1 on this; well said.

 

Sad to say that they still detect most of the false positives from 2005 that I have reported and submitted to them time after time. I'm talking about dead products like Morpheus, BearShare and Kazaa, which were never installed on my system. It also detects a lot of trusted products like BS Player, all of NirSoft Utilities, IrfanView Plugins, Weatherbug Gadget for sidebar, several good cookies and many files in my HP Recovery Console. For awhile it detected uTorrent as a Trojan, but it looks like they got that fixed finally.

The malware detection is really good but they completely fail with the false positive issues. One reason that I can't depend on Emsisoft. Every time it detects something then I have to Google to find out if the files are safe and almost all of the time they are just false positives.

Thanks.

 

Indeed. It kind of defeats the whole purpose of having an anti-malware scanner. The way some programs are pushing the limits of the number of false positves the following scenario isn't too far-fetched (if it hasn't happened already):
- Attention, user dude! There is something wrong here! There is a process that keeps monitoring everything! Oh my god, it really scans the whole system! This can't be good at all! This has to be the mother of all malware right there!!! Oh, wait... No, sorry, that's just me. Phew, dodged a bullet there. See how I protect you and how you need me? Now go and renew your license.

Sorry, couldn't resist.

Anyway, I've had quite some interesting FPs with Emsisoft's products a while back. It's really sad to see that they don't care about this issue at all. It's either that or they can't fix it. I don't know which is worse for a well-known security software vendor. In either case however it's not a good sign.

With such results I don't see them wanting to join AV-Comparatives' regular on-going tests. Although I could be wrong. I do believe however that if they do indeed join it would put some additional stress on their marketing department, trying to explain how the results are still very good and that somehow it's still on par with the rest of the programs that score a lot better.

 

Most of the programs you mentioned are not false positives but intentionally detected as they are classified as adware.

Please post a scan log of what's detected in wrong on your machine. I'm happy to discuss every single item.

 

Agreed. Many of the detections by EAM are for PUAs which explains the higher FP rate (which by definition isn't a FP). As I've tested EAM against aprox 55.000 samples only in April, I've also played around by executing the PUAs... and indeed they are dubious and many vendors might choose to exclude them for protection. Who are AV-C to judge what a PUA is? How do they make that judgement? They certainly don't explain it and that's one of the reasons I take their tests with a grain of salt (at least when it comes to false positives as a false positive might be malicious or an annoyance for the user if installed).

Also, 127 FPs out of hundreds of thousands samples is NOT much.

 

If that is true then why doesn't any other scanner detect them besides Emsisoft? That's Emsisoft's definition of adware, but nobody's else agrees.

My system have been scanned with every possible scanner available and none have ever detected these files.

But on the product most are not listed as adware but as Trojans, hacktools, riskware, etc. Now I can understand the riskware detection, but Emsisoft ignores most popular riskware and detects these files?

I'm sure most users rather Emsisoft skip files like these.

Might as well detect Ask Toolbar, Google Toolbar, etc. because they are really adware. NirSoft Utilities are all safe applications and should be detected at all. HP Recovery Console is not a Trojan and if any files are removed from it then it is destroyed.

Like I said I have submitted these same files and others many times and got completely ignored because I'm not going through the scanning log thing again. I'm sure other users have did the same and got ignored as well.

Thanks.

 

NirSoft utilities are not adware (some of them might be PUAs, but definitely not adware and definitely you are very special to detect all of them instead of just the few that are for password recovery like others do). Neither is there anything wrong with IrfanView plugins.

Really, start doing something about this instead of yet again claiming there is no problem. There is long-lasting problem with whacky Ikarus detections.

Well, you know - have read the marketing blurb referred to in this thread. They love the high detection rate, no matter the price. Well, I can easily write a tool that will have 100% detection rate - just trigger on every file, done, here is your champion. Obviously, it will no be usable at all, but hey, you cannot beat the detection rate!

 

You're being ridiculous.
Emsisoft's software remove PUAs which by AV-C is refered to as a false positive. I think AV-Cs test is at fault here, as they don't define what 'other malware' category consists of and hence we cannot know what false positives AV-C are talking about. To me, personally, I think PUAs are malware. Emsisoft does too, but ESET or AVG may not. This easily explains why Emsisoft (and other vendors) might have a high number of false positives (which is actually a low number considering the HUGE set of malware it is tested against).

 

"Emsisoft's software remove PUAs which by AV-C is refered to as a false positive."

not true.

 

It's a lot of guesswork about the AV-C test because we didn't get any details about the false positives on this test.

I'd never allege AV-C to include PUA in their tests, in my post I only referred to the adware stuff that littlebits mentioned. Most of them are intentionally detected for sure.

It's easy to check if a detection was intentional or a false positive:

If our scan result name states Adware.Win32.Kazaa on known Kazaa files, well then it's most likely an intentional detection.

But if you see some kind of unrelated or generic malware name, it's probably a false positive.

One more thing to be said: We keep track of false positive submissions from our users and the trend goes significantly down during the last year. Critical false positives are avoided by several layers, Windows system files are double checked too. 99% of the FPs that we fix are some kind of very rarely used software. Of course that's no excuse, false positives should not appear at all and we're doing our best to improve the situation. The next major version of Emsisoft Anti-Malware will add another layer that avoids FPs in real world daily use very well.