Christian Mairoll

Closing the entry door for RDP based attacks (ransomware), introducing a new notifications sidebar and adding new fully customizable workspaces and devices lists. The post New in 2020.7: New RDP attack alerts & new notifications system appeared first on Emsisoft | Security Blog. View the full article

Emsisoft Anti-Malware has been awarded VB100 certification in the June 2020 tests by Virus Bulletin. The post Emsisoft awarded VB100 in June 2020 tests appeared first on Emsisoft | Security Blog. View the full article

Emsisoft Business Security and Emsisoft Anti-Malware were awarded the Best+++ badge in the March-April 2020 “Three Security Test” by AVLab. The post Emsisoft awarded Best+++ badge in March-April 2020 tests by AVLab appeared first on Emsisoft | Security Blog. View the full article

This month, our development teams put their focus on fine-tuning the many new major additions of the past few months, such as the remote-only security management mode. The post New in 2020.6: Remote-only mode improvements & new Edge Chromium extension appeared first on Emsisoft | Security Blog. View the full article

The statement on MalwareTips couldn't be further away from the facts. Our update system was actually one of the first in our industry which implemented advanced manipulation protection, 13-14 years ago, long before SSL became common and at a time when most AVs just had a plain and easy to manipulate file listings to get their updates. This is how we protect the update trust chain: 1. Update files are encrypted when published, but that's mainly to protect our intellectual property, not to defend hackers. 2. All files are hashed and named by their checksum on our servers. 3. Updates are generally delivered as differential/fragment files that only match with non-manipulated older file versions already on your computer. 4. The update API on our servers provide a list of hashes of all files of the product. The API output is digitally signed, so if it was manipulated, the software would stop the update right away. 5. The software downloads all files that have different hashes than the locally existing files. At that point, any locally made manipulations would be overwritten. 6. Downloads are through HTTPS, e.g. (https://dl.emsisoft.com/updates/CCB6E1DBF0D8220FEF38A77189CC7BB1.dat) 7. After downloading, the software verifies if the hash in the earlier provided download listing matches the actual hash of the files. If there were any manipulations in the download process, e.g. through SSL interception, the files would be rejected at that point. 8. Binary files are also digitally signed, which means if anything gets manipulated on client side, the software won't run anymore and Windows would immediately alert that it's down. Only if a file can be guaranteed to be and original from Emsisoft, is is being installed. Note that the described security model doesn't even need SSL to be bullet-proof. We just added SSL because it's freely available with our hosting provider. Btw. the download protocol can be viewed with tools like FiddlerTool (JSON/RAW view), so you can easily verify the above information by yourself. We do, however have a Bug Bounty program. If anyone can get me a working proof that they were able to manipulate our updates, a big cash reward is waiting for them!

We're working on getting our name on that vendor listing page again (we've been there for Windows 7, but the requirements have changed significantly since). Unfortunately there are lots of political hurdles to pass, but we're confident that we will be there again, sooner or later. Being on that list has no advantage for our users though, it's a simple marketing opportunity that MS offers to selected vendors. To avoid bias and preference the list re-sorts randomly with each page refresh. To answer your question on WSC APIs: Yes, MS is aware of all AVs and they strictly limit access to those APIs to vendors that meet their (rather arbitrary and quite expensive) requirements. The chain of trust goes very deep into the Windows core though, so it can't be easily misused by fake AVs.

Introducing three new security management modes. Local-only for cloud-less protection, local and remote for maximum efficiency and convenience, and remote only for enterprises who require a trimmed down endpoint protection agent. The post New in 2020.5: ‘Local only’, ‘local + remote’ or ‘remote only’ security management appeared first on Emsisoft | Security Blog. View the full article

Emsisoft Anti-Malware earns VB100 certification in April 2020 tests by independent security experts Virus Bulletin. The post Emsisoft earns VB100 in April 2020 tests appeared first on Emsisoft | Security Blog. View the full article

Emsisoft Enterprise Security adds Active Directory integration, unlimited policies, unlimited admins/managers and priority customer support. The post New in 2020.4: Redefined Emsisoft Business Security and Emsisoft Enterprise Security plans appeared first on Emsisoft | Security Blog. View the full article

We are offering free ransomware help for healthcare organizations during the Coronavirus outbreak. The post Free ransomware help for healthcare providers during the Coronavirus outbreak appeared first on Emsisoft | Security Blog. View the full article

Just a quick update on that problem. I reached out to the Mozilla support about the misleading wording of that warning message and they replied: https://discourse.mozilla.org/t/after-a-year-and-10k-happy-users-addon-page-says-this-is-not-a-recommended-extension/55121/6

Here is more on how the selection process works: https://support.mozilla.org/en-US/kb/recommended-extensions-program At the moment, there seem to be only 99 (!) extensions in their 'recommended' list. Which sounds to me like a huge monopoly game to push a few big players and keep doors closed for smaller vendors. They are currently actively discrediting thousands of harmless extensions. I wouldn't expect that the Emsisoft Browser Security extension will suddenly end up in their recommended list any time soon, sorry. Use Chrome...

Turns out the addon store now tags all extensions that way, unless they are manually verified (which can neither be requested nor sped up, not even with money). The wording is strongly misleading. It basically only says that the extension is not in the group of their 'Recommended Extensions', it does NOT say that the extension 'isn't recommended to use'. Whoever invented that label at Mozilla deserves an award for broken UX design...

Jesper, could you please point me to the place of such a warning message? I couldn't find anything on the addon page or the addon admin panel.

Emsisoft Emergency Kit is one of very few truly portable apps that come with a fully-featured dual-engine scanner and comprehensive cleaning abilities. The post New in 2020.3: Redesigned Emsisoft Emergency Kit appeared first on Emsisoft | Security Blog. View the full article