Does Emsisoft AntiMalware block the test phising page at amtso?

Discussion in 'other anti-virus software' started by nine9s, Feb 16, 2014.

Thread Status:
Not open for further replies.
  1. nine9s

    nine9s Registered Member

    Joined:
    Feb 8, 2013
    Posts:
    265
    Location:
    USA
  2. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    Emsisoft does not detect anything AMTSO related. For what it's worth, I wouldn't take that page seriously.

    Your security software could detect nothing on that website for various reasons and you'd still be sufficiently protected.
     
  3. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    1,785
    WSA did not detect anything
     
  4. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,572
    Location:
    Romania
    Avast alerted at all 5 of them.
     
  5. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    Just because blanks don't make dents in armor doesn't mean that there is no armor.
     
  6. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    "If your vendor's name appears below, your Anti-Malware product is supports this Feature Settings Check page. If your system failed the test, click on the name of the vendor for instructions explaining how to enable the feature in your product. If your vendor does not have a dedicated page and no hyperlink is present, please contact the support department of your vendor."
    it is not listed there, so it is not supporting the Feature Settings Check.
     
  7. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    I always wonder why many people asks before reading :D
     
  8. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    Yes, but some statements on that page are still blatantly wrong.

    Let's say my vendor is listed on that page and I am still able to download something, because I have changed the settings from "hyperactively bells and whistles pseudo-secure" to "moderate", then my protection is not configured correctly or against industry best practice?

    Because I am able to download a potentially unwanted application, my program is not configured correctly to detect them? It's against best practices to take care of a threat when it actually matters and to keep a low profile when it doesn't matter?

    You could adjust the settings of your program so that you could download all AMTSO or EICAR files, and even actual malware for that matter, without any intervention whatsoever and your risk of getting infected would have increased by 0%. Best practices o_O Misinformation and exaggerations. Yes, that sounds exactly like best practices of the AV industry to me.
     
    Last edited: Feb 17, 2014
  9. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,134
    Location:
    USA
    ESET blocks all of them
     
  10. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    So what?
     
  11. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    1806 trick in action, IE11 also prevents download of executable :D (link)
     

    Attached Files:

    Last edited: Feb 17, 2014
  12. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    It's just a test to see if a module in your security product is working. Just like eicar, I guess eicar is also stupid. I would use it instead of actually going to malicious website to check if my web filter is working correctly.

    Your making a big deal out of this. Really.

    That means features in ESET is working properly. :p

    avast! also blocks all of it.

    Here is an example on how to use the that page. https://www.wilderssecurity.com/showpost.php?p=2341156&postcount=431 this guy installed avast! and is failing the test, but other avast! users have passed all the test page.
     
    Last edited: Feb 17, 2014
  13. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    Every time I read AMTSO or EICAR on a security forum, it's some guy who doesn't understand this test and thinks his product is not working properly because he can download the file. Of course it's a function test that only works if people are using a product which supports it and haven't tweaked the default settings.

    It's sentences like "not configured correctly" or "not conform to industry best practice" I have a huge problem with. If I ever even considered using one of the products listed there, it would definitely be one I could fine-tune to fail every EICAR or AMTSO test method and my risk of getting infected would have raised by 0%.

    I think the ability to check if your product is working properly is a great idea. But this is a useless test, serving only to check the unnecessary functions and default settings of the products listed there.
     
  14. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    Sure, but only for those products that claim we use this as test and detect these harmless things just for testing purposes. Otherwise it's just confusing.

    But the only industry shared standard for testfiles is eicar...
     
  15. si_ed

    si_ed Registered Member

    Joined:
    Aug 14, 2007
    Posts:
    54
    The purpose of the AMTSO features check page is to allow users to ensure that some very specific functions of their products are working properly. So you are absolutely right, these are function tests.

    And, as you say, you can reconfigure your software to exclude pages and files from being detected. If you do that then no one is going to say that your software is running in a suboptimal way. It's your choice and doing this does not compromise your system's security.

    By doing that, however, you make the test useless. So don't do that if you want to use the test! However, if you install Product X and, using default settings, don't see a detection or a block then you know something is wrong with your cloud lookups, with some phishing-based technology etc.

    It's not a useless test for those who have a use for it. Testers find it useful to verify that things are working before they start throwing real threats at the targets. It would be pretty aggravating to discover that Product Y failed to protect the system in 80 per cent of cases simply because the tester's setup was blocking the cloud lookups. these lookups are, for many products, very important functions and are very much the opposite of useless.

    A real example: I once read a review in a magazine in which the journalist installed a well-known anti-virus scanner (on Linux, as it happened) and was unable to generate a detection when scanning the EICAR file. He ignored that and continued to review the product ('s interface). To me, this suggests that the product is not installed properly.

    I myself discovered that my anti-malware software was not optimal. When we were putting together these test pages I visited using a system running a very well-known product developed by a company that supports these tests. And my product failed to block the pages/files. The reason? I was running an old version that did not support the test. What the test did was alert me to the fact that there was a newer, more up to date version available and I upgraded as a direct result of using the test.

    Regards,
    Simon
     
  16. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    Aside from the anti-phishing test, the other tests are only about downloading the files. Being able to download something does not equal the inability to detect something. Just because I can download the cloudcar file it does not mean my cloud lookup is not working.

    If I had Kaspersky Anti-Virus 2013 installed, I would have disabled the web-anti-virus component and set the file-anti-virus to scan only programs before they are executed. In that case I would have been able to download the cloudcar file without intervention. If I had tried to execute it, the cloud lookup would have been initiated and it would have been detected and contained.

    When people read this
    they probably are going to think they would not have been protected at all, if it had been actual malware.

    It is suggesting that either the protection is not working at all or seriously weakened, when all it does is checking if the web-anti-virus is scanning the datastream in realtime. People are not going to consider that the file-anti-virus or behavioral analysis components would have taken care of the threat regardless.
     
Loading...
Thread Status:
Not open for further replies.