Blackday trojan versus HIPS

I'm the former employer of this 'guy' and alex_s starts to disclose company internals and writes bad about my product because of a personal frustration about a lost job.

Which finally always ends in a dirt match that nobody can win or benefit from, in my opinion.

 

Thank you Christian. Now I feel better about the whole situation after reading your post. I hope alex_s does too.....

 

I know and I fully understand. But I said that before you told your story.

And now afterwards I don't really understand why alex_s is so angry unless that he is the "guy" who lost his job.

 

i think so...

 

This is very interesting story, but you have missed my main concern. My main concern is not about the guy, this is about OA. In this or other way OA was tested many times by the different people and companies and proved that its HIPS core is already pretty good. Can this be said about any other Emsisoft product?

My personal experience with mamutu and EAM is not very optimistic, without signature based detection they both go pretty naked. And to be fair, the main detection job is done by the third-party AV database (Ikarus).
This is why I'm very skeptical about "much more powerful realtime protection"

 

FYI. Emsisoft doesn't add Signatures for malware that's already detected by Ikarus.

 

What I mean is

dir *.vdb -> t3sigs.vdb - ~68Mb
dir *.sig -> ~24Mb

Which means that the main detection job is done by Ikarus - third-party AV database.

 

Dirt match only starts when somebody starts to lie. Did I?
As for the frustration, this is not about lost job, the job can be changed, this is about lost project the guy put a lot of his soul to. This hardly can be easily replaced.

 

I really hate when companies treats their employees like this... You know what if they dont appreciate the effort and soul that results in a product..they dont appreciate the product and the purpose it serves to regular people at all..
*** This is wilders security forum not any software companies forum.....everyone has the right to speak here..and through the posts it only reflects the devotion and love of the guy for OA.. emsisoft you have had had no right to come here in wilders and stop ppl from expressing...

 

In some countries and legal systems holding back vital information constitutes a lie.

Yeah, and because he cares so much about it he starts pissing all over it ...

Based on your logic a database of 2,000,000 SHA-256 hashes is better than one generic signature that would catch the 2 million malware files covered by the SHA-256 hashes and more simply because the resulting database would be bigger. IKARUS does the main job when it comes to actual malware files simply because of two facts:

1. We scan with IKARUS first. If IKARUS detects something we don't even scan it with A2.
2. We disable A2 signatures of malware once IKARUS added detection for it to conserve memory.

Malware doesn't only constitutes of files though. There are plenty of traces left behind in case of an infection (data files containing stolen information, changed registry values etc.). There A2 does the main job.

Except of course the "guy" signed a contract with a confidentiality clause ...

 

that was a good laugh... 'information covered by the agreement' only..... it depends on what kind of information is covered through & by the agreement.. the posts made by the guy does not cater information about your company it just clarifies the image of how the employees behind a really good product serving regular people is treated by the companies nowadays.. you have a great day emsisoft

 

Have a great day as well.

 

It may be, but is there any document that defines "vital information"? You know, the first question when you come to the interview is "where have you worked?", the second one is "why you have left?". And if you don't answer these questions you most likely fail interview.

In any case information about working or not working for the company cannot be confidential by definition.

 

I'm not going to relive history, because at the beginning the guy we're talking about was dedicated.

But the simple fact is - when you are an employer with an employee who changes, and refuses to perform his duties in a professional manner, or to work properly with the team, then they have to be fired. Even more so if you're a small business.

I feel sorry for the rest of the Emsi/OA team effectively told by this dick that they contribute nothing to OA, because without him it will die.


Mike

 

this just sounds like a smear campaign by a former/friend of former employee. people lose jobs, thats life, move on.

 

I open a "Blackday trojan versus HIPS" thread page and I read off-topic garbage. Really, this is the "Blackday trojan versus HIPS" thread.

aigle, could you test the Avast sandbox against this malware?

 

It will hardly die, it still has a good margin of safety. And new team will definitely contribute there, otherwise it will have nothing to be paid for.

The main question is the direction of this contribution.

 

There's no question - the direction will be chosen by the owner of the product, Emsisoft, in conjunction with his technical team, and designed to meet the demands of the customers - and that's the way it should be.

 

One needs crystal ball to know demands of the customers (they often don't know their demands themselves) and how to satisfy them. This is why I say this is the question

Generally, what you have said is a manifest, declaration of intent and I believe nobody will argue your statement. Unfortunately, declaration is not enough to reach the declared goal. I believe every owner of any product has this manifest in mind, but only few really reach declared goal. Do you see now what I did mean ?

 

Almost nobody.

I'm not wasting more time on you Alex.

 

Thanks, Mike. I think we went too much offtopic.

Do you think it would be a good idea to contribute to the thread by testing some products ? I have some feelings about some products that might be of interest to the security community

 

May you test ESET's HIPS with policy-based mode or interactive mode?

 

I agree, that's why I started reading this today.

But as a customer who paid for OA, and put many hours into beta testing of OA, I'd like to make this one post to say that Emsi has accomplished, with their refreshingly professional approach, what Mike would have liked to do but couldn't, due to the work ethic and disdain for customers publicly demonstrated by 'the guy'. I have full confidence in the Emsi team and in OA.

Now, back to the thread topic, please....

 

Aigle could you please test OSSS 1.5 against this trojan, your efforts are much appreciated.