Emsisoft wins international awards for best detection rates..........

why should they respond? their product's rootkit-like methodology has been the subject of several of functional analyses and whitepapers published by security researchers and vendors in the past. this is nothing new. thread's not really about rollback rx anyway.

 

Are we not understanding something? He doesn't say RollbackRX is a threat, but that it uses Rootkit methods of operation (which we all know based on the product description), like many other programs. The fact is, Emsisoft is the only product I am aware of that detects RollbackRX as a threat, so this doesn't seem to be a problem with Rollback, rather a whitelisting issue with Emsisoft.

RollbackRX functions how it is designed to function, and is an amazing product. No sense getting all weird about it, and don't expect Horizons to respond, they have no reason to.

 

To clarify myself and avoid further Misunderstanding:
I Never Wrote that Horizon DataSys needs to DEFINITELY respond HERE (i.e. in the Respective Thread).
I wrote "IF"

Anyway, they responded to me as follows:

 

To me reading your post will be much easier without capitals, without bold characters and without underlining.

 

For me a good antivirus must have good heuristics. And the fact that it "sees" Rollback with the heuristics is good.

I like paranoid antiviruses. I just scanned with Emergency Kit and it gave 1 FP.

https://www.virustotal.com/file/39d...87cf6bbe3353bb3878da0a4f/analysis/1358265730/

PDF Image Extraction Wizard. Am i frustrated? No. I prefer an oversuspicious antivirus, than an antivirus that sits on its laurels and relies only on signatures.

 

Thanks Fuzzfas, I fixed the false positve and an update should be available in a few minutes.

 

Thank you! The Emergency Kit is very handy, i like it very much.

 

Agreed. Not sure why he is worried about a product with a long history, and millions of dollars in development (Rollback). Seems strange, I guess he was worried because someone labeled it a 'rootkit', and didn't understand that a lot of stuff are rootkits, the vast majority legit. Heck Boclean was a rootkit.

I DO NOT like paranoid AV's, and they aren't good to install on client machines as they can be dangerous, and cause confusion. As a result I tend to avoid products that are 'needy' or give off a lot of FPs.

 

It really wasn't.

 

i think it was more an attempt to be provocative than voicing actual distress or concern.

 

It was Required to avoid Further Misunderstanding...

Mission Accomplished...

 

Prevx/Webroot does too.

I think HMP did/does detect it. (Although solution to this appears to be to set HMP disk access to Compatible Disk Access instead of Direct Disk Access.)

Some dedicated rootkit scanners, such as GMER, do as well. As m0unds said, the topic of Rollback being detected as a rootkit has been discussed a few times in Wilders forums.

It would seem Emsisoft, and others, are doing the correct thing due to the very nature of Rollback's techniques.

 

Webroot doesn't. I have run Webroot virtually the entire time I have run RollbackRX and it isn't detected. HMP does simply because they use Emsisoft engine..

I have tested 20 or so AV's only Emsisoft detects it thus far.

 

Actually, that is not what happens here at all. The Emsisoft engine is only used "in the cloud". The detection is not triggered by some sort of signature. So we don't blacklist the Rollback RX boot loader for example. It is based on behavior observed by the scan engine on the live system. Since our engine never actually runs on your system, it can't trigger the alert. The detection works independent of our scan engine.

 

Hi Fabian.
Any chance we get an on-demand AV scanner for Linux in the future?

All the best!
François

 

Last time I checked the command line scanner worked fine using Wine. A dedicated Linux version will most likely never happen unless we decide to do some kind of gateway product.