Emsisoft Scanner Tests - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Emsisoft Scanner Tests


Quoted text here. Click to load it

Just that. A lot of software, especially security tools use code that
hackers also use or so similar they would be amiss in not alerting you
about the possibility. Of course, Emsisoft should have a better system to
'white list' many well known tools it alerts on, but I would rather an
alert and let me determine if it is good or not than miss something that is
malware. Besides, that very code /could/ be used within that program to
help enact and hide their injection code. What you think is a false
positive may not really be and is worth a second look.

Emsisoft will catch what other miss more often and more thoroughly and I
can put up with a few false positives as a trade off. Much better than not
good enough.

http://www.sans.org/security-resources/idfaq/false_alarms.php



--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail

Re: Emsisoft Scanner Tests


Quoted text here. Click to load it

I'll add that Emsisoft's detection rate is the best in the business and
regardless of the fact it has more false positives, best in the business
means it detects more actual malware than the others. Good enough for me.

That also means it's competitors miss more malware than Emsisoft does...by
a good margin...if that wasn't clear.

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail

Re: Emsisoft Scanner Tests

Bear wrote:
Quoted text here. Click to load it
What's not clear here is how you equate a detection rate without regard
for the FPs. Detection rates (and tests generally) always diminish a
rating when FPs are encountered.

http://vx.netlux.org/lib/static/vdat/epperfct.htm



Re: Emsisoft Scanner Tests

email.me:

Quoted text here. Click to load it

Not in my opinion. I would rather the best overall detection even if it
included more false positives, as I can figure out those and if a user
can't, there are tools available to help him figure out if it is a false
positive.

I would certainly not prefer a tool that picks up less malware but does a
great job not producing false positives...to me that is a duh.

Emsisoft picks up more malware than all it's competitors. That may change
in the future, as Comodo's tools are really great also and getting
better...I use both regularly at the moment.

Comodo's killswitch has replaced my task manager tool. It runs whenever I
do something that may be worthy of it's capabilities. Excellent tool.

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail

Re: Emsisoft Scanner Tests

Bear wrote:
Quoted text here. Click to load it

http://www.av-comparatives.org/comparativesreviews/false-alarm-tests

[...]

Re: Emsisoft Scanner Tests


Quoted text here. Click to load it

Not the first time I disagree with av comparatives...many times actually.

So you are saying you agree that a program that has more false positives
but detects more malware is worse than a program with less false positives
but misses more malware?

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail

Re: Emsisoft Scanner Tests

Bear wrote:
Quoted text here. Click to load it
No, but the comparisons should be weighted by the ratio.

Re: Emsisoft Scanner Tests


Quoted text here. Click to load it

I disagree. I prefer the most malware to be detected over anything else.

You seem to be doing fine with your methods at any rate eh!

I've been using Emsisoft for quite a while and the false positives are a
mere nothing,

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail

Re: Emsisoft Scanner Tests

bearbottoms1@gmai.com says...
<snip>

Quoted text here. Click to load it
When a security program is prone to false positives the user is left in
doubt as to whether the results are reliable. Doubt hinders effective
attack of the virus or malware. It is better for a program to give me
results I can rely on.

I've used Emsisoft software in the past and thought it did a generally
good job. But I found scan times to be very slow. I don't doubt the
software is thorough. But FP is a pain in the ass.
--
James E. Morrow
 Email to: jamesemorrow@email.com

Re: Emsisoft Scanner Tests


Quoted text here. Click to load it

It would be swell if false positives were easy enough to eliminate
without eliminating it's ability to detect the most malware, but it
seems this just isn't possible as there are no other tools that detects
as many real positives as Emsisoft...which is the main attraction. I
don't want a trade off there.

It is always wise to use the scanners to detect (but not clean) and if
you are not capable of determining if the hits are false positives are
not, or determining if the others are malware, you should submit them to
one of the many good online services to verify - SOP,

At any rate, I recommend following the Malware Removal Guide for Windows
instructions for removal.
http://goo.gl/1xrWO +

Now if you are an expert, you should be able to manage the false
positives on your own easily and might not even need the removal guide

:)

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-
mail

Re: Emsisoft Scanner Tests

Bear wrote:
Quoted text here. Click to load it

I suspected that was what you meant, and sometimes the only difference
between an administrative tool and malware is in its usage. Shadow
didn't give enough information for any conclusion on your part about
whether or not they were false positives in *this* case.

Quoted text here. Click to load it

I also like the better safe than sorry aspect of FP detections. They can
be a pain, and finding one is certainly no reason to re-image a system.

Quoted text here. Click to load it

Everyone has their own comfort level as regards FPs.

[...]


Re: Emsisoft Scanner Tests

email.me:

Quoted text here. Click to load it

I agree...I just offer my opinions. They obviously get along fine with
their comfort levels...so likely their opinion is just as good as mine.

Obviously I think my opinion offers better protection given the facts of
the issue. I will however, change my opinion when I am proven wrong by
someone or something or some technology comes along that is better.

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail

Site Timeline