Emsisoft Anti-Malware as an AV replacement

I am a very loyal ESET NOD32 Antivirus user for many years now. And I still love it for many reasons, but I have to agree on the fact that ESET seems to be falling a bit behind its competitors, while it has always been of the top competitors.
And ofcourse ESET does use good technologies. But others are moving quicker: starting to heavily use behavior-based, reputation-based and/or sandbox-based technologies. I already asked in the Future Changes to EAV thread what kind of new things to expect in version 5, but the only thing given was a boring interview with abstract ideas, which you can't disagree with (i.e. we are always focusing on improving etc. etc.), and the fact that parental control (something a lot of ESET's users absolutely won't care about) is coming, and that you guys are focusing on more platforms.
We are just getting a little worried, this is the first time after a lot of years I am not totally sure yet about renewing my license.

But we are actually going a little oftopic.

 

Go to the Eset forum and talk about Eset . As for Emsisoft ....the people claiming false positives are high have serious issues with their machines . Am I saying they are wrong ? Yep . There are certainly some , as with any AV . However , the # of these is on par with anything else . It was bad a few years back with false positives . Today , if it is detecting most everything on your machine , either clean it up or throw out the machine . Sounds like people talking about experiences from years past . Not now . Emsisoft is very good at detecting and average on false positives . You guys crack me up .

 

Seems both Ikarus and Emsi have an issue with false positives and when you combine the two you have an unusually large amount of FPs, even in v5.

As far as the ESET Mod sticking up for his product, can you really blame him?
First it's 'ESET didn't detect this rogue!' (like your next AV is going to..) and then it's "is also a fact that other AVs do detect more than your NOD32" (like he were Ross Perot holding up some pie charts).

 

maybe, but EMSIsoft only detects trace files and such, ikarus is the main detection engine since all detections that EMSIsoft used to have before they included were consolidated with the ikarus database, hence why A2 part of it only detects traces now. so its not really EMSIsoft with high fp's and more so the ikarus engine

 

firzen771,

Emsisoft still writes signatures for trojans, spyware and worms.
See updatelog.

Once in a while the double signatures (detections by Emsisoft and Ikarus for the same malware) are removed from the Emsisoft signatures.

About false positives in traces, it's all described here.

 

well all that log is showing is a signature update, nothing about the source of the signatures so i dont get what ur trying to say since Ikarus's signatures are part of the regular signature updates, as i said, signatures are consolidated and A2 focuses on trace detection, putting the rest of the detections mainly with Ikarus.

 

firzen771,

The "Additional signatures" in the updatelog are Ikarus signatures.
The others like; "3358 Signatures: 3148 Trojans, 124 Spywares, 86 Worms" are Emsisoft signatures.

 

where does it distinguish that?

 

I can confirm that.

We don't get detail information on malware categories and number of added signatures from Ikarus, so we're calling them simply "Additional signatures". All Emsisoft signatures can be described more in detail.

 

Marcos: thanks for chiming in.

It's almost like NOD32 does a really really really good job against certain threats to the exclusion of all else. And instead of ESET saying "now what can we do to address *these* types of threats?" they instead seem to say "what can we do to better address the types of threats we already handle?"

Forgive my naivety in how AV/AM software actually works. As a "user" (not a security guru, I realize now my username is likely misleading) I don't and shouldn't have to care how it works. I just want protection against threats. Period. I don't care what they're called and why this product is better than that against certain things.

What really gets me is with all of NOD32's "advanced" techniques, a little *free* application called MBAM was able to remove a threat like "AntiVirus 2010", while the *paid* NOD32 didn't even detect the possibility of it.

It's a perception thing: I'm a user, not an AV/AM developer. I don't want to and shouldn't have to understand what makes "AntiVirus 2010" different from some typical virus. All I see is this product can handle it but that product can't, so I wonder "why?".

Okay, now we get into the "multi-layer approach" argument where each product focuses on somethings it's really good at. There's certainly validity in that argument, of which I've always believed in and why I shun security suites as "does everything but nothing really well".

So if NOD32 can't protect against certain threats then I do need another layer. But I did try getting NOD32 and MBAM to work alongside each other, without success (I've taken that up in other threads). And I'm getting tired of playing "this product doesn't work with that one" so that's why something like Emsisoft's AM is appealing. If it can do the job that NOD32 can't/won't on its own because NOD32 isn't "designed" for certain threats, then isn't it a better choice?

[And this is where to avoid the wrath of the "off topic" mods, I tie it all into the original topic of the thread in a brilliant flash of insight -- or not]

I think security companies fail when they try to do something they have no history in (ie. someone who's long been good at AV protection getting into firewalls): they end up with only a half-decent product.

I don't see EAM as a suite -- it's a combination of two products, each respected for what it does: A2 does its part well, Ikarus does its part well. And if they work together, I'm covered by threats labeled "Virus" and those labeled "Malware" without worrying about getting two products to live with each other (like an AV with MBAM).

I wonder if ESET should look into such a partnership as opposed to trying to address AM from within NOD32, and instead of pointing out that "not all AVs catch everything".

 

I was really happy wen i read abt the new version 5 but wen i used it i uninstalled it at the very moment..

The realtime screwed my startup time...

I used Avira and Emsisoft AntiMalware in combo....

Moreover the the response time of my apps got screwed too...

I don't have that much patience so i dropped it...

Hope they work on it a bit more so that app response time improves.... boot up i can wait...

 

Sorry to hear that man
Maybe it has a conflict with Avira?

 

@Noob: Did you uninstall MD because of conflicts with Emsisoft Anti-Malware 5.0?

 

Reading back I realize I may have sounded a little harsh on ESET, but I was just laying out my thoughts without ill intent (though it might've sounded bitter); for that, I apologize. ESET has always been doing a lot of work to beef up their security software, and though I may not agree with many of the decision they've made over the last few years, it's not a poor product by any means. I've been using NOD32 on 4 systems for years now and only had one "failure".

I just have the feeling it's time for me to reanalyze my security setup and see if another product (or combo of products) offers a better choice. I in no way meant to slam ESET or NOD32 and just wanted to clear that up. Marcos does a great job on the forum here and I think he gets a little unfairly beat up by unhappy users (which every product has) and I shudder to think I may have one of them.