Emsisoft Anti-Malware 5 Review
Published on July 6th, 2010 by admin. Filed under AntiSpyware, Antivirus, Antivirus and filtering, antivirus | No CommentsThere is no need to further stress the importance of having an antivirus product installed on your computer. Current trends in developing antivirus products and the new types of protection are proof not only of technological progress but also of more elaborated malware code being spread over the Internet. Cloud-based protection, behavioral detection and heuristics, all have earned their chops as standard protection layers in some products, while others are pondering their introduction or turnaround in order to reduce stress on system resources and diminish scan times. Emsisoft Anti-Malware is not a strong name on the antivirus market, but it cannot go unnoticed either. It is among the few AV applications backed up by two scan engines (Emsisoft’s very own and Ikarus) in order to increase malware detection. The cost of the product is $40 but the developer offers it with a special 50% discount for Romania-based users. The try-before-you-buy policy applies in the case of Emsisoft Anti-Malware too, and you have three days to test the program unhindered. If you need about a month to evaluate it, you have to register with a valid email and you’ll extend the trial period to 30 days. Getting Emsisoft Anti-Malware to run on your system is not as quick a procedure as in the case of other antivirus products on the market, like Immunet Protect or Panda Cloud Antivirus. Also, Emsisoft follows the traditional installation pattern of a security suite, presenting the user with a configuration wizard at the end of the installation process and before the application can be used. You’ll have to go through several configuration steps before you can start to use the program at its full capacity: set up the updater, running a computer scan and customizing real-time protection options. All this should not take long and the settings can be changed whenever you need it. There are no bells and whistles attached to the interface and everything looks pretty rigid, but this does not affect ease of use one bit. All the menus of the software roll down in the left hand side of the application window allowing comfortable navigation. The status of the three layers of protection available (File Guard, Behavior Blocker and Surf protection) is displayed under the Security Status screen; here, you will also find information on the time passed since the last scan or the last update. Additionally, you get to see the current state of all protection modules included in the suite. Scanning options present in the program are no surprise and cover both fast and target-specific scans, as well as comprehensive checks. The engines can be directed towards the areas of the system preferred by malware or set to scan the entire machine. On demand, scanning is available straight from Windows Explorer context menu (only if you opted for this during program installation) and from this menu. Testing Emsisoft Anti-Malware’s abilities to detect and eliminate malware showed that the dual-engine protection sported by the program really pays off. The two scan engines managed to ravage our malware database and leave a very small number of samples. Out of the 16700 malicious items we put it up against, after an on-demand scan, only 1014 samples were left, everything else was quarantined. This translates into 94% efficiency. Although the numbers are encouraging, there are some concerns. Further testing revealed that there is a high probability for the app to pick up innocent items and mistake them for malware. It would detect their activity as being malicious, although they would do no harm. Among the false positives, Emsisoft Anti-Malware also counted TweetDeck application on account that its behavior is similar to that of spyware (LAN bypass backdoor). If you do not handle too many files that could be wrongfully taken for malicious items, Emsisoft proposes a very easy way to eliminate the issue by creating application rules. You simply add the desired application to the list and instruct the antivirus to always block or allow it, or monitor it for specific malware activities, which again can be blocked or allowed by the user. However, there is no easy way to detect the smarter keyloggers, such as kernel-based ones. During our tests, commercial keyloggers found no way around Emsisoft Anti-Malware, but our set of kernel-based logging malware slipped by with no problems. Enabling the three protection components the application relies on for increased protection of your system (File Guard, Behavior Blocker and Surf Protection) can be done from the “Guard” menu. This is also the place for creating application rules, customizing the amount of alerts received or defining host rules. Behavior Blocker lists a set of malicious activities out of which you have to pick the ones the application should monitor. The default configuration shows them all enabled, and I would not change it. In case of false positives, you can make a decision by yourself, or rely on Emsisoft’s community response. Creating rules for various types of alerts can help you greatly diminish the number of pop ups on the screen. The File Guard component allows you to choose the best suitable time for scanning data. The possibilities include on-access verification, upon creation or modification or when they are read (heuristics is included). Mind that this is a decision of best protection over performance. Alternatively, as a compromise, Emsisoft Anti-Malware permits selecting the file formats you want to be scanned. Under the Surf Protection tab, it is only a matter of choosing the default actions for each of the types of threats listed: tracking cookies, ad/tracking hosts, malware hosts, exploiting hosts, fraudulent hosts, hijacking hosts, phishing hosts or warez hosts. For each of these, you can instruct the application to block and give you a notification, simply alert you, block silently (no pop up visible) or not to block it. The configuration panel of the application is no complicated deal, just a matter of ticking the right boxes. But this part of the software also holds the tab for scheduling scans, which is of huge help if you want to keep your PC clean automatically. More importantly, this area lets you set up the configuration access for non-administrative users. This means that you can impose limits to users that should not be allowed to tamper with the application’s functions. HijackFree, the bonus component in Emsisoft Anti-Malware, completes the program by enabling you to take a good look at the processes running free on your system. The level of detail is definitely intended for the power user in you. It shows all applications currently communicating outside your computer and the ports used in the process; moreover, you benefit from a list of all the startup items that can prevent the operating system from loading faster. In case you are unsure of the validity of an item, you can opt for an online analysis to show you which is good and which is bad. However, in plenty of cases, this showed well known processes (like Java updater jusched.exe) as unknown and being not yet checked. Emsisoft Anti-Malware showed a real talent at detecting malware with its two scan engines. It scored great and was not heavy on system resources (45%-50% CPU usage and an average of 90MB of RAM were used). However, during our tests, it failed to put a stop to the activity of kernel-based keyloggers and misinterpreted the actions of valid apps as malicious. Detection of false positives is among the chief inconveniences of the program and that is why it fits better with more experienced users. The Good The two scan engines it relies on (Emsisoft’s very own and Ikarus) do a great job at detecting malware. Protection layers include heuristics and behavioral engines. When creating rules for various applications, you can specify the type of activity it should be monitored for, as well as the behavior of the program when detecting such an activity. Emsisoft Anti-Malware can be configured to combine performance with protection by selecting the extensions you want the File Guard component to verify. The same flexibility is available when it comes to protecting the system against online threats. HijackFree is a great component that can lend a hand in discovering malicious items on your computer, as long as you know what you are doing. The Bad Kernel-based keyloggers and false positives are the main concerns in the program. Also, quarantining large numbers of malware at a time takes awfully long and the program may hang unresponsively (if you leave it alone, it will come to its senses). Starting an online analysis of the processes running on the system through HijackFree shows well reputed items as being not yet verified for validity, hence unknown. The Truth If you are an experienced user that cannot be easily deceived with false positives, Emsisoft Anti-Malware is a great detection tool. It runs pretty fast (went through 16,700 malware samples weighing about 3GB in 37’22’’) and it is thorough. HijackFree is a great tool for power users to track down illicit processes doing their bidding on the computer as it far more complete in terms of details offered than Task Manager. It rivals with freeware such as Process Explorer or Autoruns. There is still some fixing to be made in order to be accessible to less experienced users without the risk of misinterpreting valid programs’ actions but detection rate is definitely one of the best.
