Do you like the direction Emsisoft is going?

Discussion in 'polls' started by Circuit, Aug 14, 2017.

?

Do you like the direction Emsisoft is going?

Poll closed Aug 18, 2017.
  1. Yes

    21 vote(s)
    47.7%
  2. No

    9 vote(s)
    20.5%
  3. Who the hell knows or cares?

    14 vote(s)
    31.8%
  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,211
    Location:
    DC Metro Area
    IMHO it's more an issue of convenience as opposed to effectiveness. Have to either use another two-way firewewall with a learning mode or manually configure Win FW by use of a Win FW skin or otherwise to block apps of your choice from communicating out. In otherwords = PITA.

    Also, Cuz most Msft apps are not digitally signed EMIS was a convenient way of blocking telemetry and other Mfst apps one does not use.
     
    Last edited: Aug 26, 2017
  2. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,054
    Location:
    Europe then Asia
    From what I know for the moment , EAM will prompt for unknown outbound connections via the BB, so it will change nothing for the average users. And I don't see any loss of protection in that regard.

    Personally I use WinFW since ages, I block all outgoing connections in all profiles and create rules on-the-fly when needed.

    By using next EAM, I can unblock outgoing connections and I won't need 3rd party extensions for WinFW.
     
  3. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,211
    Location:
    DC Metro Area
    Hopefully that is a correct statement, but not sure if BB will block only outbound connections by apps that behave like malware or if it will also block apps that are merely unsigned like Msft Photos, etc. What about signed apps. you believe have no legitimate purpose in making an outbound connection?
     
  4. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,713
    +1000
     
  5. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,713
    +1
     
  6. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,054
    Location:
    Europe then Asia
    That only the devs knows, logically they should consider those and allow us to create custom rules.
     
  7. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,982
    Sounds good. Thank you for the info.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,577
    Location:
    Slovenia
    Not AFAIK. It will only block modification of Windows firewall rules attempted by malware.
     
  9. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,054
    Location:
    Europe then Asia
    The quote from the devs about the feature:

     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,577
    Location:
    Slovenia
    Yes that's right. No monitoring of outbound connections (built-in FW is not present any more), only BB checking whats happening with Win FW rules (for example malware trying to modify rules, trying to open WinFW for inbound attempts and similar).

    EDIT: better example would probably be malware trying to disable Win FW.
     
    Last edited: Aug 26, 2017
  11. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,054
    Location:
    Europe then Asia
    We have to remember that EAM is about blocking malware not any processes like anti-exe does. so it would be logical that the BB block only malicious outbound attempts by default.
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,577
    Location:
    Slovenia
    Yes it would be logical if it had FW to control outbound attempts. Since it doesn't have one it doesn't monitor network connection attempts. At least I understand it that way.
     
    Last edited: Aug 26, 2017
  13. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    505
    https://www.wilderssecurity.com/thr...ernet-security-12.388577/page-18#post-2698348
    That has been the case since the very first version of EAM and doesn't change now either. EAM always has been blocking suspicious outgoing connections as well as attempts to open ports locally in a suspicious manner.
     
  14. plat1098

    plat1098 Registered Member

    Joined:
    Jan 18, 2016
    Posts:
    1,118
    Location:
    Da mean streets of Brooklyn
    OK, now I understand a little more where you've been coming from all along. Would be nice if there was a way to integrate all one's EIS rules directly into Windows Firewall's--guess that's not entirely possible, for obvious reasons :cautious: Sounds like a lot of work with all these third party combinations--remember: this too shall pass, hawki, lol.

    Also, YOU informed me that Emisoft Anti-Malware was the one tested in AV comparatives all along, not Emsi Internet Security
     
  15. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,054
    Location:
    Europe then Asia
    Indeed the FW doesn't really matter in term of security unless it posseses IDS/IPS features, if the FW (the module itself) of a suite is the only one detecting a threat, it means all other components failed.

    However, in some special case (like Eternal Blue exploit), the FW is the only one blocking the attack if properly configured.
     
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,577
    Location:
    Slovenia
    Thnx I missed that one. So some connections can be blocked by BB even without firewall. And new feature (controlling modifications to WinFW settings) is just another action controlled by BB.
     
    Last edited: Aug 27, 2017
  17. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,211
    Location:
    DC Metro Area
    @Minimalist :)

    Where are you getting this from ?
     
  18. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,577
    Location:
    Slovenia
    https://support.emsisoft.com/topic/...internet-security-with-emsisoft-anti-malware/

    and

    http://changeblog.emsisoft.com/2017/08/24/beta-updates-2017-08-24/
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,577
    Location:
    Slovenia
    Also:
    https://www.wilderssecurity.com/thr...ernet-security-12.388577/page-18#post-2698348
    and
    https://www.wilderssecurity.com/thr...ernet-security-12.388577/page-18#post-2698459
     
  20. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,577
    Location:
    Slovenia
    Sorry, bad wording from me. It should be "controlling modification to WinFW settings". Corrected in post, thnx.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,896
    Location:
    The Netherlands
    AFAIK, it will only alert about apps that try to connect out in a suspicious way. And I'm guessing they also look at other behaviors that were triggered. If you want to simply to block all connections, you can use Win Firewall.
     
  22. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    4,054
    Location:
    Europe then Asia
    Exact.
     
  23. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    524
    Location:
    Land o fruits and nuts
    So if I have a third party firewall such as ZAP, there will be no benefit correct?
    It's like they want you to use a crap firewall (MS). Almost begging.
     
  24. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,211
    Location:
    DC Metro Area
    Of course there is a benefit to using a third party firewall provided it has a learning mode. That firewall would alert you to ALL outbound connections and YOU, rather than a pre-configured set of behaviors, would decide whether or not to allow it. (A third party FW might have a white list of trusted apps to save you from undue pop-ups.)

    The new EAM obviously will not tell you about what it allows through -- only what it considers to be a connection attempt resulting from suspicious behavior. Furthermore, I am not aware that Emsisoft has said that the fact that an app is not signed alone would trigger a behaviorial alert in the enhanced EAM.

    Don't believe the hype. The new EAM plus WIN Firewall is NOT the equivalent of EMIS. There is still something missing that will have to be added by contorted configuring of WIN FW, using a WIN FW GUI skin, or using a third party FW. You can get to the same place but not as simply as one could with the sweet EMIS package. Talk about throwing out the baby with the bathwater.
     
    Last edited: Sep 5, 2017
  25. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    524
    Location:
    Land o fruits and nuts
    I agree.
    Do you remember Mike Nash, developer of OA.
    I said on the OA forum he was "sell out" sure he might have needed the money (probably gone now).
    He said emsisoft will make it better, blah,blah,blah. Never did believe him, and now I believe I was right, unfortunately.
    And emsisoft said it will be even better, what a load of crap. Took them about 5 years to destroy the firewall (OA) that was suppose to be the greatest thing ever.
    Karma will hit both of them.
     
    Last edited: Sep 6, 2017
Loading...