AV-C On-Demand detection of Emsisoft Antimalware released

Discussion in 'other anti-virus software' started by gregd, Apr 18, 2011.

Thread Status:
Not open for further replies.
  1. gregd

    gregd Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    75
    Last edited by a moderator: Apr 18, 2011
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    127 FP's... nice!
     
  3. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,739
    Location:
    New York City
    The majority of FPs are coming from Ikarus (109).
     
  4. gregd

    gregd Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    75
    I'm trying to see what settings they've used for the test. I'm assuming that it's the default install settings. 127 FPs isn't very good IMHO.
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    That's a bit of an understatement. :D
     
  6. Matthijs5nl

    Matthijs5nl Guest

    Ikarus is also doing the majority of the detections.
    Emsisoft doesn't make signatures for malware already detected by Ikarus. So the be honest Ikarus virus.utilities combined with Mamutu is almost the same as Emsisoft Anti-Malware.
     
  7. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    the only good new is that they finally joined av-c test

    with this result published I hope next version will have a greater result :)
     
  8. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Is the engine being still being developed? Might sound as a weird question but if so, why on earth do not they finally do something about the ridiculous FP rate? :blink: o_O :doubt:
     
  9. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    No, they haven't joined AV-C on-going testing, this was just an singel product review test. :)

    If they would have "joined" they should be included in this list of vendors:http://www.av-comparatives.org/en/home

    And Yes, the FP rate was a bit too high!
     
    Last edited: Apr 18, 2011
  10. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    IMHO Ikarus are a bit too "aggressive" at adding samples.......:D
     
  11. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Kudos for Emsisoft for not withholding this report/poor FP score.
    +1 for transparancy.
     
  12. Malware fighter

    Malware fighter Registered Member

    Joined:
    Jan 31, 2011
    Posts:
    253
    well, sure thing - too much fps, but this also could be very good thing. Tell you why. I ran Emsisoft AM on my office pc and it flagged soft on my pc to record chats on yahoo etc. I removed it ;-) On the other hand I dont use chat soft on my pc ;-), but I feel better ;-)
     
  13. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    You could've removed it normally if you did a little search (no harder than running an AM). FPs are never a good thing.
     
  14. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,739
    Location:
    New York City
  15. Night_Raven

    Night_Raven Registered Member

    Joined:
    Apr 2, 2006
    Posts:
    388
    They are investigating the issue with the FPs? Really? They have had high FPs for as long as I can remember but they notice it just now? Or have they been investigating this whole time but just can't find the cause?
    I also like how they praise their high detection rate and only vaguely/briefly mention the FP thing, as if it's nothing. Great transparency right there.
     
  16. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    +1 on this; well said. :thumb:
     
  17. littlebits

    littlebits Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    262
    Sad to say that they still detect most of the false positives from 2005 that I have reported and submitted to them time after time. I'm talking about dead products like Morpheus, BearShare and Kazaa, which were never installed on my system. It also detects a lot of trusted products like BS Player, all of NirSoft Utilities, IrfanView Plugins, Weatherbug Gadget for sidebar, several good cookies and many files in my HP Recovery Console. For awhile it detected uTorrent as a Trojan, but it looks like they got that fixed finally.

    The malware detection is really good but they completely fail with the false positive issues. One reason that I can't depend on Emsisoft. Every time it detects something then I have to Google to find out if the files are safe and almost all of the time they are just false positives.

    Thanks.:D
     
  18. Night_Raven

    Night_Raven Registered Member

    Joined:
    Apr 2, 2006
    Posts:
    388
    Indeed. It kind of defeats the whole purpose of having an anti-malware scanner. The way some programs are pushing the limits of the number of false positves the following scenario isn't too far-fetched (if it hasn't happened already):
    - Attention, user dude! There is something wrong here! There is a process that keeps monitoring everything! Oh my god, it really scans the whole system! This can't be good at all! This has to be the mother of all malware right there!!! Oh, wait... No, sorry, that's just me. Phew, dodged a bullet there. See how I protect you and how you need me? Now go and renew your license.

    Sorry, couldn't resist. :p

    Anyway, I've had quite some interesting FPs with Emsisoft's products a while back. It's really sad to see that they don't care about this issue at all. It's either that or they can't fix it. I don't know which is worse for a well-known security software vendor. In either case however it's not a good sign.

    With such results I don't see them wanting to join AV-Comparatives' regular on-going tests. Although I could be wrong. I do believe however that if they do indeed join it would put some additional stress on their marketing department, trying to explain how the results are still very good and that somehow it's still on par with the rest of the programs that score a lot better. :)
     
  19. emsisoft

    emsisoft Security Expert

    Joined:
    Mar 12, 2004
    Posts:
    312
    Location:
    Nelson, New Zealand
    Most of the programs you mentioned are not false positives but intentionally detected as they are classified as adware.

    Please post a scan log of what's detected in wrong on your machine. I'm happy to discuss every single item.
     
  20. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Agreed. Many of the detections by EAM are for PUAs which explains the higher FP rate (which by definition isn't a FP). As I've tested EAM against aprox 55.000 samples only in April, I've also played around by executing the PUAs... and indeed they are dubious and many vendors might choose to exclude them for protection. Who are AV-C to judge what a PUA is? How do they make that judgement? They certainly don't explain it and that's one of the reasons I take their tests with a grain of salt (at least when it comes to false positives as a false positive might be malicious or an annoyance for the user if installed).

    Also, 127 FPs out of hundreds of thousands samples is NOT much.
     
  21. littlebits

    littlebits Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    262
    If that is true then why doesn't any other scanner detect them besides Emsisoft? That's Emsisoft's definition of adware, but nobody's else agrees.

    My system have been scanned with every possible scanner available and none have ever detected these files.

    But on the product most are not listed as adware but as Trojans, hacktools, riskware, etc. Now I can understand the riskware detection, but Emsisoft ignores most popular riskware and detects these files?

    I'm sure most users rather Emsisoft skip files like these.

    Might as well detect Ask Toolbar, Google Toolbar, etc. because they are really adware. NirSoft Utilities are all safe applications and should be detected at all. HP Recovery Console is not a Trojan and if any files are removed from it then it is destroyed.

    Like I said I have submitted these same files and others many times and got completely ignored because I'm not going through the scanning log thing again. I'm sure other users have did the same and got ignored as well.

    Thanks.:D
     
  22. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    NirSoft utilities are not adware (some of them might be PUAs, but definitely not adware and definitely you are very special to detect all of them instead of just the few that are for password recovery like others do). Neither is there anything wrong with IrfanView plugins.

    Really, start doing something about this instead of yet again claiming there is no problem. There is long-lasting problem with whacky Ikarus detections.


    Well, you know - have read the marketing blurb referred to in this thread. They love the high detection rate, no matter the price. Well, I can easily write a tool that will have 100% detection rate - just trigger on every file, done, here is your champion. Obviously, it will no be usable at all, but hey, you cannot beat the detection rate! :rolleyes:
     
  23. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    You're being ridiculous. :)
    Emsisoft's software remove PUAs which by AV-C is refered to as a false positive. I think AV-Cs test is at fault here, as they don't define what 'other malware' category consists of and hence we cannot know what false positives AV-C are talking about. To me, personally, I think PUAs are malware. Emsisoft does too, but ESET or AVG may not. This easily explains why Emsisoft (and other vendors) might have a high number of false positives (which is actually a low number considering the HUGE set of malware it is tested against).
     
  24. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    "Emsisoft's software remove PUAs which by AV-C is refered to as a false positive."

    not true.
     
  25. emsisoft

    emsisoft Security Expert

    Joined:
    Mar 12, 2004
    Posts:
    312
    Location:
    Nelson, New Zealand
    It's a lot of guesswork about the AV-C test because we didn't get any details about the false positives on this test.

    I'd never allege AV-C to include PUA in their tests, in my post I only referred to the adware stuff that littlebits mentioned. Most of them are intentionally detected for sure.

    It's easy to check if a detection was intentional or a false positive:

    If our scan result name states Adware.Win32.Kazaa on known Kazaa files, well then it's most likely an intentional detection. ;)

    But if you see some kind of unrelated or generic malware name, it's probably a false positive.

    One more thing to be said: We keep track of false positive submissions from our users and the trend goes significantly down during the last year. Critical false positives are avoided by several layers, Windows system files are double checked too. 99% of the FPs that we fix are some kind of very rarely used software. Of course that's no excuse, false positives should not appear at all and we're doing our best to improve the situation. The next major version of Emsisoft Anti-Malware will add another layer that avoids FPs in real world daily use very well.
     
Loading...
Thread Status:
Not open for further replies.