Does Emsisoft AntiMalware block the test phising page at amtso?

On #4 the phising page check, Emsisoft does not block it for me. IS it just me or does it not block it for others?

http://www.amtso.org/feature-settings-check.html

 

Emsisoft does not detect anything AMTSO related. For what it's worth, I wouldn't take that page seriously.

Your security software could detect nothing on that website for various reasons and you'd still be sufficiently protected.

 

WSA did not detect anything

 

Avast alerted at all 5 of them.

 

Just because blanks don't make dents in armor doesn't mean that there is no armor.

 

"If your vendor's name appears below, your Anti-Malware product is supports this Feature Settings Check page. If your system failed the test, click on the name of the vendor for instructions explaining how to enable the feature in your product. If your vendor does not have a dedicated page and no hyperlink is present, please contact the support department of your vendor."
it is not listed there, so it is not supporting the Feature Settings Check.

 

I always wonder why many people asks before reading

 

Yes, but some statements on that page are still blatantly wrong.

Let's say my vendor is listed on that page and I am still able to download something, because I have changed the settings from "hyperactively bells and whistles pseudo-secure" to "moderate", then my protection is not configured correctly or against industry best practice?

Because I am able to download a potentially unwanted application, my program is not configured correctly to detect them? It's against best practices to take care of a threat when it actually matters and to keep a low profile when it doesn't matter?

You could adjust the settings of your program so that you could download all AMTSO or EICAR files, and even actual malware for that matter, without any intervention whatsoever and your risk of getting infected would have increased by 0%. Best practices Misinformation and exaggerations. Yes, that sounds exactly like best practices of the AV industry to me.

 

ESET blocks all of them

 

So what?

 

1806 trick in action, IE11 also prevents download of executable (link)

 

It's just a test to see if a module in your security product is working. Just like eicar, I guess eicar is also stupid. I would use it instead of actually going to malicious website to check if my web filter is working correctly.

Your making a big deal out of this. Really.

That means features in ESET is working properly.

avast! also blocks all of it.

Here is an example on how to use the that page. https://www.wilderssecurity.com/showpost.php?p=2341156&postcount=431 this guy installed avast! and is failing the test, but other avast! users have passed all the test page.

 

Every time I read AMTSO or EICAR on a security forum, it's some guy who doesn't understand this test and thinks his product is not working properly because he can download the file. Of course it's a function test that only works if people are using a product which supports it and haven't tweaked the default settings.

It's sentences like "not configured correctly" or "not conform to industry best practice" I have a huge problem with. If I ever even considered using one of the products listed there, it would definitely be one I could fine-tune to fail every EICAR or AMTSO test method and my risk of getting infected would have raised by 0%.

I think the ability to check if your product is working properly is a great idea. But this is a useless test, serving only to check the unnecessary functions and default settings of the products listed there.

 

Sure, but only for those products that claim we use this as test and detect these harmless things just for testing purposes. Otherwise it's just confusing.

But the only industry shared standard for testfiles is eicar...

 

The purpose of the AMTSO features check page is to allow users to ensure that some very specific functions of their products are working properly. So you are absolutely right, these are function tests.

And, as you say, you can reconfigure your software to exclude pages and files from being detected. If you do that then no one is going to say that your software is running in a suboptimal way. It's your choice and doing this does not compromise your system's security.

By doing that, however, you make the test useless. So don't do that if you want to use the test! However, if you install Product X and, using default settings, don't see a detection or a block then you know something is wrong with your cloud lookups, with some phishing-based technology etc.

It's not a useless test for those who have a use for it. Testers find it useful to verify that things are working before they start throwing real threats at the targets. It would be pretty aggravating to discover that Product Y failed to protect the system in 80 per cent of cases simply because the tester's setup was blocking the cloud lookups. these lookups are, for many products, very important functions and are very much the opposite of useless.

A real example: I once read a review in a magazine in which the journalist installed a well-known anti-virus scanner (on Linux, as it happened) and was unable to generate a detection when scanning the EICAR file. He ignored that and continued to review the product ('s interface). To me, this suggests that the product is not installed properly.

I myself discovered that my anti-malware software was not optimal. When we were putting together these test pages I visited using a system running a very well-known product developed by a company that supports these tests. And my product failed to block the pages/files. The reason? I was running an old version that did not support the test. What the test did was alert me to the fact that there was a newer, more up to date version available and I upgraded as a direct result of using the test.

Regards,
Simon

 

Aside from the anti-phishing test, the other tests are only about downloading the files. Being able to download something does not equal the inability to detect something. Just because I can download the cloudcar file it does not mean my cloud lookup is not working.

If I had Kaspersky Anti-Virus 2013 installed, I would have disabled the web-anti-virus component and set the file-anti-virus to scan only programs before they are executed. In that case I would have been able to download the cloudcar file without intervention. If I had tried to execute it, the cloud lookup would have been initiated and it would have been detected and contained.

When people read this

they probably are going to think they would not have been protected at all, if it had been actual malware.

It is suggesting that either the protection is not working at all or seriously weakened, when all it does is checking if the web-anti-virus is scanning the datastream in realtime. People are not going to consider that the file-anti-virus or behavioral analysis components would have taken care of the threat regardless.