Christian Mairoll

Emsisoft Employee
  • Content count

    1785
  • Joined

  • Last visited

  • Days Won

    103

Christian Mairoll last won the day on September 21

Christian Mairoll had the most liked content!

Community Reputation

296 Excellent

6 Followers

About Christian Mairoll

  • Rank
    Emsi
  • Birthday 11/15/81

Contact Methods

  • Website URL
    http://www.emsisoft.com

Profile Information

  • Gender
    Male
  • Location
    New Zealand
  • Interests
    Anti-Malware Software
  1. From (very) humble beginnings in a Windows XP Service Pack update, the Windows Firewall has evolved into a capable security tool. Today, its performance is on par with – if not better than – any modern third-party desktop firewall on the market. In light of this, and after a lot of careful consideration, the Emsisoft team made a very conscious decision to rely on the Windows Firewall moving forward, which ultimately led to us merging Emsisoft Internet Security with Emsisoft Anti-Malware. This will allow us to concentrate our efforts on building a bulletproof product while using our Behavior Blocker technology to further strengthen the already rock-solid Windows Firewall. To put it simply, using Windows Firewall in conjunction with Emsisoft Anti-Malware will provide better protection for our users, and that is our number one objective above all else. Since our announcement of the Emsisoft Internet Security and Emsisoft Anti-Malware merger, we have received a lot of positive feedback. However, we also got a lot of questions. We want to take the time to answer the most frequently asked questions in a bit more detail: So are you going to remove the firewall completely? The answer to that question is not as simple as it may seem at first. Firewalls are usually divided into two parts: A so-called packet filter, which usually deals with incoming packets and is therefore often called an inbound firewall; and an application filter that deals with applications wanting to access the network or internet, which is why it is often also referred to as an outbound firewall. Emsisoft Anti-Malware has always had an application filter as part of its Behavior Blocker and that will continue to be true. The difference between the outbound firewall in Emsisoft Anti-Malware and Emsisoft Internet Security is that the former makes decisions autonomously, while the later, at least in theory, allowed you to also use your manual rules. In practice, the default for Emsisoft Internet Security was to automatically allow all outbound connections and the majority of all our users never changed it. Why did you make the change? Was Emsisoft Internet Security less secure than the Windows Firewall? No. All firewalls on modern versions of Windows are based on the same technologies provided by Microsoft. In addition, inbound firewalls in particular are incredibly straightforward to implement, as they only block or allow access based on simple rules. That is why there is absolutely no difference in protection provided between any of the inbound firewalls on the market, including the Windows Firewall. However, the Windows Firewall does have some benefits: Support for Windows Networking like Home Groups is a lot better in the Windows Firewall out of the box. There is no need to tweak any rules manually as was often the case for Emsisoft Internet Security. It is easier to use. This is mostly because third-party applications will take care of creating all necessary firewall rules for you. That is not an option that Emsisoft Internet Security could provide, as most software vendors don’t care about third-party firewalls. The Windows Firewall also provides much better compatibility. Third-party software vendors usually test their products with the Windows Firewall as it is part of Windows, but almost never test their product’s compatibility with aftermarket firewall products. Last but not least, the Windows Firewall also provides a lot more configuration possibilities to expert users and allows for much more complex rulesets than the inbound firewall offered as part of Emsisoft Internet Security. But there are also a couple of disadvantages, which is where Emsisoft Anti-Malware 2017.8 comes in: Intelligent outbound firewall: The outbound firewall part of the Windows Firewall will by default allow every application to connect. This behaviour is actually identical with Emsisoft Internet Security, which also allowed any application to connect to the network or the internet unhindered by default. While both products can be manually configured to block programs from accessing the internet, most users don’t want to deal with this responsibility. This is where the intelligent outbound firewall that is part of our Behavior Blocker comes in, which will prevent malicious applications from communicating with the internet automatically while not getting in the way of benign applications. Enhanced malware protection: The Windows Firewall on its own does not provide any protection against more sophisticated attempts to bypass its outbound firewall through advanced techniques like code injection. Code injection essentially allows malware to take over a trusted program in order for its internet communication to pass through the firewall unhindered. Again, the Behavior Blocker in Emsisoft Anti-Malware is incredibly good at detecting and preventing these kinds of attacks. Windows Firewall Fortification: The functions Windows Firewall provides to software vendors to automatically create rules for their applications in the Windows Firewall for ease of use are also pretty much unprotected. That means that malware can and does create rules for itself automatically. In version 2017.8, we extended our Behavior Blocker technology to protect the exposed Windows Firewall functions from malicious usage. This gives you control over which of your applications are allowed to create Windows Firewall rules for you and which aren’t. This is what we refer to as “Windows Firewall Fortification”. To sum things up, for inbound filtering, the Windows Firewall is just as solid a choice as any other firewall product on the market, including Emsisoft Internet Security. It provides better compatibility and is easier to use for the majority of users. Its drawbacks mostly revolve around its outbound filtering capabilities, which are perfectly complemented by the enhanced Behavior Blocker that is part of Emsisoft Anti-Malware 2017.8 and later. Where can I find the new Windows Firewall Fortification options? The new options are part of the Emsisoft Anti-Malware Behavior Blocker. As such, you can find them under Protection/Application Rules: In addition, whenever the Behavior Blocker sees any application it doesn’t know to be trustworthy attempting to create new firewall rules or change the firewall status, it will attempt to auto-resolve the situation by blocking the attempt: If you have auto-resolve disabled, it will simply ask. Where can I find the “advanced configuration possibilities” you talk about? My Windows Firewall only has a couple of options! The default dialog to configure the Windows Firewall can be incredibly deceptive at first. The advanced configuration dialog is stashed away behind an innocuous looking link in the normal Windows Firewall configuration dialog: Windows Firewall dialog with link to Advanced settings Clicking that link will expose the real configuration of the Windows Firewall where you have full access to all the rules it adheres by. That looks awfully complicated. Are there easier methods? There exist a slew of additional applications that sit on top of the Windows Firewall and attempt to enhance it by making rule creation and management easier. Some of the most popular are: TinyWall (Free) – http://tinywall.pados.hu/ Windows Firewall Control (Freemium) – https://www.binisoft.org/wfc.php Glasswire (Paid) – https://www.glasswire.com/ That being said, we think that the majority of users probably won’t find these tools to be necessary. That is also why we decided against creating our own Windows Firewall front-end and focus our development efforts on improving the complementary and enhanced technology in our Behavior Blocker instead. So what do you recommend I should do? We strongly believe that the combination of Emsisoft Anti-Malware and the Windows Firewall is the best option for almost every user. For the past 12 years while developing our product, we used this exact combination in all of our internal performance evaluations of our technology. Our malware research team works hard to make sure that even the most advanced threats are blocked immediately across all our products. So yes, Emsisoft Anti-Malware blocks the same malware that Emsisoft Internet Security blocks out of the box – no configuration, paying extra or jumping through hoops needed. If you do feel the need to make sure that certain legitimate applications can’t access the internet, the Windows Firewall does offer the ability to do so via its Advanced Settings. If you find that method to be too inconvenient, going with one of the many front-ends may be an option for you. We do know that a small minority of Emsisoft Internet Security users believe that the Windows Firewall must have backdoors implemented by Microsoft to allow them to spy on their users. In all our research, we haven’t found one and neither have hundreds of other security professionals that constantly review Windows for possible backdoors and vulnerabilities. We also think it is important to keep in mind that every single firewall product for Windows Vista and later uses the very same frameworks to implement packet and application filtering. There is no difference between the Windows Firewall, Emsisoft Internet Security and any other third party firewall from a technical point of view. If Microsoft were to backdoor their products to allow unhindered communication, this backdoor would probably be part of the Windows Filter Platform or the NDIS Lightweight Filter Framework, which are the underlying technologies all firewall products are built upon, and affect every firewall product equally. If you still prefer to use a firewall product other than the Windows Firewall, we recommend you contact the software company creating your new firewall product of choice beforehand to ask them whether they implement their own firewall or rely on the Windows Firewall as well. Most firewalls and internet security suites dropped their own implementation in favour of the Windows Firewall many years ago. So we suggest you ask them first to make sure you don’t end up with a Windows Firewall front-end instead. Do you have more questions? Post them in the comments and we’ll answer them. Have an excellent (malware-free) day! View the full article
  2. As announced earlier, we are changing our firewall strategy and will soon merge Emsisoft Internet Security with Emsisoft Anti-Malware, effective as of our next release in October. Instead of developing our own firewall module, we’re going to rely on the built-in Windows Firewall core that has proven to be powerful and reliable. Its only weak point is the fact that anyone can freely change the firewall configuration. In other words, if malware manages to run on the PC with sufficient administrator permissions, it’s able to allow itself to get through the firewall. To resolve this vulnerability, we’ve developed a new Firewall Fortification feature for Emsisoft Anti-Malware’s Behavior Blocker as part of our 2017.8 release. Firewall Fortification detects and intercepts malicious actions from non-trustworthy programs in real time before they can cause any damage. Behavior Blocker alert: Firewall manipulation All 2017.8 improvements in a nutshell Emsisoft Anti-Malware New: Firewall Fortification feature that blocks illegitimate manipulations of Windows Firewall rules. Improved: Forensics logging. Fixed: Rare program freezes on opening the forensics log, confirming of surf protection notifications and during malware detection. Fixed: Computer restart instead of computer shutdown executed, when set for a silent scan. Several minor tweaks and fixes. Emsisoft Enterprise Console Improved certificate handling to avoid connectivity issues. Several minor user interface improvements. Several minor tweaks and fixes. How to obtain the new version As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users please download the full installer from our product pages. Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically. Have a great, well-protected day! View the full article
  3. EAM oder EIS - was ist sinnvoller für mich?

    Das gleiche wie in den letzten 14 Jahren: Effektiver Schutz vor jeglicher Malware. Man könnte genausogut fragen: "Macht es überhaupt noch Sinn sich für Ferrari zu entscheiden?". Deren Autos fahren ja nur und es fehlen immer mehr Funktionen, die jeder billige Family-Van drin hat. Nicht mal einen dritten Sitz hat das Ding... Spaß bei Seite. Wer lieber eine Lösung mit hunderten Funktionen haben will, wird bei Kaspersky und Co sehr gut bedient. Aber bitte dann nicht beschweren, dass der PC so langsam läuft, weil 350 Dinge geladen werden, die man ohnehin nie verwendet. Für jene, die vor allem besten Schutz ohne viel Schnickschnack benötigen, sind wir da.
  4. CLOSED Build 7904

    I'd guess that the number of page faults gets smaller when you disable the memory optimization feature (that effectively pushes the signatures and other stuff to the pagefile on the disk).
  5. With more than 2 billion devices estimated to be in use, Android has become the most popular operating system in the world. Unfortunately, this also means that it has never been more attractive for cyber criminals to develop malware in order to exploit unsuspecting users. Google continues to improve Android security measures, yet having a trustworthy protection solution installed is still essential to keep customers safe while browsing on their mobile device. Emsisoft Mobile Security has already proven to be a comprehensive solution to protect Android users from all kinds of malicious attacks. In a recent independent test, AV-Comparatives pitched more than 100 Android antivirus apps against 1000 of the most common malware samples out there. Emsisoft scored a 100% detection rate and placed it firmly at the top level of security apps. What’s new in Emsisoft Mobile Security 3.0.4 Not known for being complacent, Emsisoft’s team is bringing a host of new features to customers of Emsisoft Mobile Security with this latest update, making your Android device safer and more convenient to use. Needless to say that you can continue to expect minimal impact on device performance and battery life while we keep you safe. New: Account Privacy If you ever wondered whether your email account has been breached, then this is the feature for you. Simply inform your email address and the app will check if your data privacy has been compromised. New Feature: Account Privacy New: Android Wear Support Never worry about the whereabouts of your phone again: simply ping it right from your Android watch to make it ring even if set to silent, and receive alerts on your watch if your phone is out of range. New: Fingerprint Support Rather than typing in a PIN every time you unlock a secured app, simply tap your finger on the fingerprint sensor on supported devices and you’re good to go. Emsisoft Mobile Security: ultimate Android protection you can trust When it comes to protecting your digital life, mobile phones are at the center of most of our lives, containing precious photos, contacts and location information. Don’t skimp on protection; choose a mobile antivirus product from a vendor you can trust. Emsisoft prides itself on keeping users safe without impacting the performance of their devices. Find out more by visiting our Emsisoft Mobile Security page. Download now for a FREE, 30-day trial: Purchase the full version for world-class protection: Buy here Have a nice (malware-free) day! View the full article
  6. License management Error

    Lizenzen, die innerhalb der Umstellungszeit auslaufen, können weiterhin über den "Verlängerung Kaufen" Button in der Software verlängert werden, damit keine Unterbrechnung des Schutzes ist.
  7. EAM oder EIS - was ist sinnvoller für mich?

    Keine Sorge. Nichts davon steht derzeit auf unserer Todo-Liste.
  8. I get where you're coming from, but unfortunately, it's not that easy. Software today isn't like a house that you build once and then don't need to touch for ages to keep it functioning. Creating software is an ongoing process. Especially security software and firewalling requires continuous effort to be put into it. Without it, the next Windows update could crash it and we would be the ones to blame again. We prefer to spend our precious development time on things that have a bright future, and not waste it on artificially holding onto things that are doomed on the long run anyway. That's why we made the rather hard decision to merge our two leading products within a short time. The 50% license period extension is the best we can do, sorry. Alternatively you can always ask for a refund of your paid money for the remaining period and go with a product from a different vendor.
  9. Starting 1 October 2017, Emsisoft Internet Security will be merged with Emsisoft Anti-Malware. While this may come as a bit of a surprise, there are many factors that have prompted this decision, and I would like to use this as an opportunity to share our reasoning: A common base Technically, both products have shared the same code base and even the same file feeds for online updates for the last couple of years. From a branding perspective, Emsisoft Internet Security has kind of been framed as an extended feature set edition of Emsisoft Anti-Malware. The only difference between the two products is Emsisoft Internet Security’s built-in firewall component, which is responsible for its slightly higher price tag. While Emsisoft Internet Security was definitely a valuable product in years gone by, we believe that whatever protective advantages desktop firewalls once had over Windows Firewall are now minimal, if not negligible. The job of firewalls The main purpose of a desktop firewall is to shield your computer from attacks from the Internet. It does so by interrupting network communications initiated by foreign computers when they attempt to connect to a program that listens for input on your computer. However, there are two things to consider here: Most attack attempts from the outside are made impossible by the use of NAT routers (which includes just about every modern DSL modem), as they separate your inside network (LAN) from the Internet. The built-in Firewall in Windows 7, 8 and 10 already does a pretty good job of blocking connection attempts from potentially dangerous computers that reside in the same network (e.g. in public WiFi) or on the Internet. Malware and firewalls We see our main job as protecting your computer from malware – and today’s malware is generally quite unimpressed by firewalls. Connection attempts from the outside in are blocked by the Windows Firewall by default, and connections from the inside out are prevented by Emsisoft’s multi-layer real time protection, and the Behavior Blocker in particular. Emsisoft Firewall vs Windows Firewall When Microsoft introduced the Windows Firewall in a late Windows XP Service Pack update, it was a bit of an embarrassing performance and the software could not be taken too seriously, which led us to build a stronger alternative. But with the release of Windows 7, the Windows Firewall started to do its job much more effectively, and the latest Windows 10 version pretty much does everything you could expect from a desktop firewall. Its only architectural flaw is that its settings (and firewall rules) can be freely edited by anyone or anything that attains the required permission level. In other words, if malware manages to run on the PC, it’s able to allow itself to get through the firewall. That was one of the main reasons for us to maintain our own firewall component. A better approach: Fortifying the Windows Firewall Emsisoft Internet Security has always been highly configurable. While some of our more technically minded users might have appreciated the freedom to tweak settings to their heart’s content, it has to be said the majority of our customers are (understandably!) not familiar with the technical intricacies of firewalls and were not always confident when using the software. This was problematic given the fact that a wrong configuration can potentially cause a lot of damage when it comes to malware protection. So, in the interests of protecting our customers, we thought it would be most beneficial if, moving forward, we simply rely on the Windows Firewall and use our software to cover its blind spot and ensure its settings can’t be manipulated by malware from the inside. How are we going to do that? Well, one of Emsisoft’s key strengths is creating Behavior Blocking technology that works. It allows us to detect and intercept malicious actions from active programs in real time before they can cause any damage. This technology now allows us to define behavior patterns that indicate illegitimate manipulations of Windows Firewall rules. We make sure Windows Firewall is as safe to use as our own firewall, so we can remove the redundancy of building and maintaining our own firewall code. Therefore, we decided to end the product life-cycle of Emsisoft Internet Security and merge it with Emsisoft Anti-Malware, which receives the Windows Firewall fortifying enhancements in the version 2017.8 release. Timeline September 1st, 2017: The new Windows Firewall Fortify feature will be part of the version 2017.8 release of Emsisoft Anti-Malware. October 1st, 2017: Existing Emsisoft Internet Security software will directly update to Emsisoft Anti-Malware version 2017.9 and the remaining license period will be extended as described below. No manual actions required. Advantages for Emsisoft Internet Security customers We appreciate that the decision and swift merging will come as a surprise to our loyal customers, so apart from the additional features already mentioned that ensure capable and secure firewall protection, we are sweetening the transition for existing Emsisoft Internet Security license holders: By switching to Emsisoft Anti-Malware, your annual software license fee gets about 20% cheaper. To compensate for the already paid higher product price, we will extend all active Emsisoft Internet Security license periods by 50%. E.g. if you have 1 year left on your license, it will change to 1.5 years for free. Malware protection capabilities of Emsisoft Anti-Malware will be improved due to less interference with firewall code. Your Emsisoft protection software will get lighter on the system and there will be fewer incompatibilities with other products. Less risk of misconfiguring the protection features. We hope you think this is a fair deal and will make the transition to our flagship product as smooth as possible. Should you still be unhappy with the upcoming changes, we’re happy to do partial refunds for your remaining license period. As the cybersecurity landscape continues to evolve, we are continuing our mission towards a safer digital world for everyone. Today we have taken an important step in this journey, and we are excited to continue to improve our protection services for our customers. Have a great, malware-free day! View the full article
  10. Emsisoft Small Business

    Are you referring to licensing/price bundles or technical things?
  11. Feature Request

    You can use Emsisoft Enterprise Console to remote manage your client computers, even if they are not in the same network. The Enterprise Console can be installed on a public server where all your clients connect to. The admin tool can still run on your own computer and connect to the Enterprise server. A completely web based cloud solution may come in the future.
  12. To see all those details you need to change the Behavior Blocker to "Alert" instead of "Auto resolve". The large alert windows have a Details tab that contains all meta data of the affected programs.
  13. New Forensic Log: A timeline to reproduce what happened Do you remember the details of every single interaction you had with your malware protection software? Of course not. Whether it’s the wording of a particular alert or notification, or trying to recall what exactly you clicked on, it’s almost impossible to mentally keep track of every single malware-related event and what actions you took in the heat of the moment. To address this problem, we’ve introduced a new feature that we call Forensic Log, a condensed timeline that shows all events and user actions of Emsisoft Anti-Malware and Emsisoft Internet Security in an easy to read form. The Forensic Log allows you to: Reproduce exactly what happened and when. It puts all events from all areas of the software in a chronological order. See all alerts of suspicious websites and programs and how they were dealt with, either by the user or by automatic actions. See when malware scans were started and finished, along with all infections that may have been found. See which settings have been changed and when. See when online updates and scheduled scans were triggered by the scheduler. Search the entire log flexibly for any keyword by using the live-search box. Submit an entire timeline to customer support to analyze any issues that you may have. New in Emsisoft protection 2017.7: Forensic log New Auto-resolve mode for Behavior Blocker alerts We get a lot of queries about whether it would be possible for our software to automatically deal with all Behavior Blocker alerts, as many users feel they’re not up to making the right decision on alert windows that look technically complex. We’ve listened to your feedback and decided to go one step further by not only providing a recommended action on those alerts (allow or quarantine an alerted program) but also offering a new Auto-resolve option for the Behavior Blocker that makes decisions all on its own. Do note that even with Auto-resolve enabled, you are still in full control! Behavior Blocker may occasionally block good programs if their behavior patterns look similar to those of malicious programs, so we implemented the Auto-resolve mode in a way that still allows you to jump in and decide differently if needed. New in Emsisoft protection 2017.7: Auto-resolve for Behavior Blocker alerts Please note that the new Auto-resolve mode is enabled by default. You can still switch back to large alert windows with more details in the “Protection” > “Behavior Blocker” panel. All 2017.7 improvements in a nutshell Emsisoft Anti-Malware & Emsisoft Internet Security New Forensic Log to reproduce all actions that happened in the software. New Auto-resolve mode for Behavior Blocker alerts. Fixed a bug that showed the scanner result window in scheduled scans even if silent mode was enabled. Several minor tweaks and fixes. Emsisoft Enterprise Console Improved: Deployment dialog now also shows IP addresses in Active Directory networks. Improved product stability and general fine tuning. Fixed: Certificate issues that led to connectivity errors. Several minor tweaks and fixes. How to obtain the new version As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users please download the full installer from our product pages. Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically. Have a great (malware-free) day! View the full article
  14. CONFIRMED Forensic logs 7797

    It's saved every 50ms, so you typically shouldn't lose any information in case of a machine crash.
  15. Behavior Blocker with Double Pulsar Mitigation More than six weeks have gone by since the global outbreak of the WannaCry ransomware and it’s safe to say we’re still feeling its effects. In fact, just days ago, news emerged that 55 traffic cameras in Victoria, Australia, had been infected by the malware. WannaCry uses Double Pulsar, an exploit tool supposedly developed by the NSA, to infect Windows computers that are not updated with the latest security patches. Our ransomware response team is continuously working to help victims around the world out of their misery, but one general problem for computer techs remains: When installing an operating system on a new computer, there’s a time gap of up to an hour between connecting it to the Internet and getting all updates installed. With countless botnets constantly scanning the entire Internet for unpatched computers, it usually only takes a couple of seconds for a machine to get infected during this exceptionally vulnerable window of time. To mitigate these attacks, our lab has improved our advanced behavior blocker module of Emsisoft Anti-Malware and Emsisoft Internet Security, which can now detect and block any attempts to use the leak that allows Double Pulsar to enter your computer. While you still have a responsibility to update the latest security patches, it does give you more time to complete the obligatory Windows Update procedure. The Emsisoft behavior blocker instantly shuts down any processes that try to use the exploit and shows you a notification box like this: Double Pulsar Mitigation by Emsisoft Anti-Malware Advanced Email Notifications A frequently requested feature, especially by network admins, was the ability to receive notification emails on various events of our protection software. For those who manage attended or unattended computers remotely, it’s critical to know immediately when certain events take place – say, the exact time malware was found or when reboots are required to complete an online update of the software’s core protection components. We listened to your feedback. The new email notifications feature can be found in the “Settings” – “Notifications” section of Emsisoft Anti-Malware and Emsisoft Internet Security. Granular settings allow you to choose which events you want to receive notifications for. New granular Email Notification settings All 2017.6 updates in a nutshell Emsisoft Anti-Malware & Emsisoft Internet Security New Double Pulsar exploit mitigation in behavior blocker. New advanced Email Notifications feature. Improved: Scheduled scans now also run when no user is logged on to the computer. Improved: Support for Windows Store (universal) apps. Several minor tweaks and fixes. Emsisoft Enterprise Console Improved product stability and general fine tuning. Improved Update Proxy, relocated cache folder to ProgramData. Fixed client connectivity issues. Fixed reporting issues. Several minor tweaks and fixes. Emsisoft Emergency Kit New feature for easy switching to Emsisoft Anti-Malware. How to obtain the new version As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users please download the full installer from our product pages. Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically. Have a great (ransomware-free) day! View the full article