Christian Mairoll

Emsisoft Employee
 View Profile  See their activity

  • Content Count

    1237

  • Joined

  • Days Won

    115

Everything posted by Christian Mairoll

  1. Christian Mairoll
    Closing the entry door for RDP based attacks (ransomware), introducing a new notifications sidebar and adding new fully customizable workspaces and devices lists. The post New in 2020.7: New RDP attack alerts & new notifications system appeared first on Emsisoft | Security Blog. View the full article
  2. Christian Mairoll
    Emsisoft Anti-Malware has been awarded VB100 certification in the June 2020 tests by Virus Bulletin. The post Emsisoft awarded VB100 in June 2020 tests appeared first on Emsisoft | Security Blog. View the full article
  3. Christian Mairoll
    Emsisoft Business Security and Emsisoft Anti-Malware were awarded the Best+++ badge in the March-April 2020 “Three Security Test” by AVLab. The post Emsisoft awarded Best+++ badge in March-April 2020 tests by AVLab appeared first on Emsisoft | Security Blog. View the full article
  4. Christian Mairoll
    This month, our development teams put their focus on fine-tuning the many new major additions of the past few months, such as the remote-only security management mode. The post New in 2020.6: Remote-only mode improvements & new Edge Chromium extension appeared first on Emsisoft | Security Blog. View the full article
  5. Christian Mairoll
    The statement on MalwareTips couldn't be further away from the facts. Our update system was actually one of the first in our industry which implemented advanced manipulation protection, 13-14 years ago, long before SSL became common and at a time when most AVs just had a plain and easy to manipulate file listings to get their updates. This is how we protect the update trust chain: 1. Update files are encrypted when published, but that's mainly to protect our intellectual property, not to defend hackers. 2. All files are hashed and named by their checksum on our servers. 3. Updates are generally delivered as differential/fragment files that only match with non-manipulated older file versions already on your computer. 4. The update API on our servers provide a list of hashes of all files of the product. The API output is digitally signed, so if it was manipulated, the software would stop the update right away. 5. The software downloads all files that have different hashes than the locally existing files. At that point, any locally made manipulations would be overwritten. 6. Downloads are through HTTPS, e.g. (https://dl.emsisoft.com/updates/CCB6E1DBF0D8220FEF38A77189CC7BB1.dat) 7. After downloading, the software verifies if the hash in the earlier provided download listing matches the actual hash of the files. If there were any manipulations in the download process, e.g. through SSL interception, the files would be rejected at that point. 8. Binary files are also digitally signed, which means if anything gets manipulated on client side, the software won't run anymore and Windows would immediately alert that it's down. Only if a file can be guaranteed to be and original from Emsisoft, is is being installed. Note that the described security model doesn't even need SSL to be bullet-proof. We just added SSL because it's freely available with our hosting provider. Btw. the download protocol can be viewed with tools like FiddlerTool (JSON/RAW view), so you can easily verify the above information by yourself. We do, however have a Bug Bounty program. If anyone can get me a working proof that they were able to manipulate our updates, a big cash reward is waiting for them!
  6. Christian Mairoll
    We're working on getting our name on that vendor listing page again (we've been there for Windows 7, but the requirements have changed significantly since). Unfortunately there are lots of political hurdles to pass, but we're confident that we will be there again, sooner or later. Being on that list has no advantage for our users though, it's a simple marketing opportunity that MS offers to selected vendors. To avoid bias and preference the list re-sorts randomly with each page refresh. To answer your question on WSC APIs: Yes, MS is aware of all AVs and they strictly limit access to those APIs to vendors that meet their (rather arbitrary and quite expensive) requirements. The chain of trust goes very deep into the Windows core though, so it can't be easily misused by fake AVs.
  7. Christian Mairoll
    Introducing three new security management modes. Local-only for cloud-less protection, local and remote for maximum efficiency and convenience, and remote only for enterprises who require a trimmed down endpoint protection agent. The post New in 2020.5: ‘Local only’, ‘local + remote’ or ‘remote only’ security management appeared first on Emsisoft | Security Blog. View the full article
  8. Christian Mairoll
    Emsisoft Anti-Malware earns VB100 certification in April 2020 tests by independent security experts Virus Bulletin. The post Emsisoft earns VB100 in April 2020 tests appeared first on Emsisoft | Security Blog. View the full article
  9. Christian Mairoll
    Emsisoft Enterprise Security adds Active Directory integration, unlimited policies, unlimited admins/managers and priority customer support. The post New in 2020.4: Redefined Emsisoft Business Security and Emsisoft Enterprise Security plans appeared first on Emsisoft | Security Blog. View the full article
  10. Christian Mairoll
    We are offering free ransomware help for healthcare organizations during the Coronavirus outbreak. The post Free ransomware help for healthcare providers during the Coronavirus outbreak appeared first on Emsisoft | Security Blog. View the full article
  11. Christian Mairoll
    Just a quick update on that problem. I reached out to the Mozilla support about the misleading wording of that warning message and they replied: https://discourse.mozilla.org/t/after-a-year-and-10k-happy-users-addon-page-says-this-is-not-a-recommended-extension/55121/6
  12. Christian Mairoll
    Here is more on how the selection process works: https://support.mozilla.org/en-US/kb/recommended-extensions-program At the moment, there seem to be only 99 (!) extensions in their 'recommended' list. Which sounds to me like a huge monopoly game to push a few big players and keep doors closed for smaller vendors. They are currently actively discrediting thousands of harmless extensions. I wouldn't expect that the Emsisoft Browser Security extension will suddenly end up in their recommended list any time soon, sorry. Use Chrome...
  13. Christian Mairoll
    Turns out the addon store now tags all extensions that way, unless they are manually verified (which can neither be requested nor sped up, not even with money). The wording is strongly misleading. It basically only says that the extension is not in the group of their 'Recommended Extensions', it does NOT say that the extension 'isn't recommended to use'. Whoever invented that label at Mozilla deserves an award for broken UX design...
  14. Christian Mairoll
    Jesper, could you please point me to the place of such a warning message? I couldn't find anything on the addon page or the addon admin panel.
  15. Christian Mairoll
    Emsisoft Emergency Kit is one of very few truly portable apps that come with a fully-featured dual-engine scanner and comprehensive cleaning abilities. The post New in 2020.3: Redesigned Emsisoft Emergency Kit appeared first on Emsisoft | Security Blog. View the full article
  16. Christian Mairoll
    To put things in perspective a bit: Within the first month after the launch of the Cloud Console we already accumulated more active users than for the entire life span of the on-premise Enterprise Console. The advantages of a cloud based solution clearly outperform the potential data safety risks for the majority of users. It just doesn't pay off for us as a rather small team to continue maintaining the on-premise product. I'm sorry if that's a disappointment for some customers, but at the end of the day we also need to make a reasonable income with our products to pay our wages.
  17. Christian Mairoll
    Emsisoft Anti-Malware was awarded VB100 certification in the February 2020 tests by independent testing body Virus Bulletin. The post Emsisoft awarded VB100 in February 2020 tests appeared first on Emsisoft | Security Blog. View the full article
  18. Christian Mairoll
    At the end of the day, no technical or organizational measure can truly guarantee that your data will never be hacked or leaked, which is why we always design our systems with the expectation that it may get hacked one day. However, it's in our hands to reduce the potential surface for attacks significantly. In particular (among other general security principles), we make sure that: Only one person in our company (that's me, as acting managing director) has full access to our main customer database servers, with one technical management person in backup for emergency situations only. Regular software developers don't have access at all. We manage our critical cloud servers by ourselves without third parties having access to them. Developers can never access our production servers directly, all new code exclusively goes through our code repository and build processes that log all changes. So if someone would be tempted to sneak in bad code, we could easily trace it down to a person. We do have strict data protection protocols in place with all our team members. The fact that someone works remote doesn't change anything from a legal perspective, they are still members of our team just like someone who would be sitting in an old-school office. We design our software to only process the least amount of information required to achieve the software's purpose. We don't collect random data just because we can. Our software never sends any customer files to Emsisoft servers without the user's permission. We are only interested in executable files and don't send any files that contain personal information (documents, user data files, etc). In most situations, we don't even transfer files but work with calculated hash values and meta data only. Our browser extensions don't submit the complete website addresses that a user visits, but only sends hashes of URL fragments that may or may not match. At no point Emsisoft knows if and which exact URLs are detected as malicious or fraudulent. So we're unable to create extensive user profiles based on web browsing habits. As I said before those are still no perfect guarantees but that's the best we can do. The fact that Emsisoft is a rather small team of 40 also somewhat reduces the risk for you as a customer, compared to many of our competitors that have more than 1000 people on their payroll and each of them posing a potential risk for data exfiltration. My observation is that business size and the unavoidable exponentially growing complexity of systems are one of the main reasons for security problems these days. Back to your initial concerns about cloud solutions: The main advantage of cloud based AV management solutions is that if it ever happens that your device gets infected, you still have an off-site record of what happened. Even if the entire devices gets encrypted or wiped, you still have a full action log stored in the Emsisoft Cloud Console, which potentially allows you to forensically trace an infection back to its origin. Hope that helps.
  19. Christian Mairoll
    Kurzer Zusatz aus unternehmerischer Sicht: Letztlich entscheiden unsere Kunden, wie lange wir Windows 7 noch supporten werden. Faellt die Anzahl der Nutzer bis Januar 2021 unter die Signifikanz-Schwelle, macht es betriebswirtschaftlich keinen Sinn, den Code dafuer weiter zu pflegen. Die Beibehaltung des Win7 Supports verlangsamt letztenendes unsere gesamte Produktentwicklung, da wir neue Funktionen vom Betriebssystem nicht verwenden koennen, oder aufwendige Workarounds bauen muessen. Resourcen, die wir eigentlich lieber in die Entwicklung neuer Sicherheitsfunktionen investieren wuerden, die allen zugute kommen. Daher ist es auch immer eine Abwaegung der Interessen der Mehrheit unserer Kunden. Der Unmut Einzelner, die von solchen Entscheidungen unmittelbar negativ betroffen sind, ist natuerlich nachvollziehbar, aendert aber an der Situation leider nichts.
  20. Christian Mairoll
    This month's update includes a name-change and a new feature to specify custom update feeds for testing. The post New in 2020.2: Bye Surf Protection, welcome Web Protection! appeared first on Emsisoft | Security Blog. View the full article
  21. Christian Mairoll
    This month's update gets you a series of little changes that make Emsisoft products and services more convenient to use and more secure. The post New in 2020.1: Improved usability & Google Authenticator support appeared first on Emsisoft | Security Blog. View the full article
  22. Christian Mairoll
    Emsisoft Anti-Malware earns VB100 in December 2019 tests by certification body Virus Bulletin. The post Emsisoft earns VB100 in December 2019 tests appeared first on Emsisoft | Security Blog. View the full article
  23. Christian Mairoll
    Introducing the new workspace audit log feature in our latest update. The post New in 2019.11: New workspace audit log appeared first on Emsisoft | Security Blog. View the full article
  24. Christian Mairoll
    In October 2019, the independent security experts over at Virus Bulletin carried out a series of tests designed to evaluate the detection capabilities of various endpoint anti-malware solutions. The results have just been released and we’re happy to announce that Emsisoft Anti-Malware flew through the tests and has once again been awarded VB100 certification! What is the VB100? To earn the VB100, a security product has to pass the Certification Test. The tests are performed on physical computers or virtual machines with specifications similar to those you would expect to find on a typical business PC. Each security product is installed with default settings on a clean instance of Windows. The tests involve exposing the security products to thousands of malicious samples curated by various organizations, including the WildList Organization, the Anti-Malware Testing Standards Organization and Virus Bulletin. To determine how accurately a product can distinguish a malicious file from a safe file, the products are also exposed to a set of 100,000 clean files taken from popular software downloads. To be awarded the VB100, a product has to achieve two things: Detect at least 99.95 percent of the malicious files. Mistake no more than 0.01 percent of the clean files as malicious. How did Emsisoft do? We’re happy to report that Emsisoft Anti-Malware excelled in the latest round of tests. Our flagship software detected 100 percent of the 1,487 malicious files without generating any false positives and was consequently awarded the VB100. Click here to see the full report, or click here to check out some of the other awards we’ve won in the past. About Virus Bulletin Headquartered in the UK, Virus Bulletin is an independent security information portal and certification body. The organization regularly performs tests designed to evaluate the protection capabilities of security products and help users make a more informed decision about their choice of antivirus software. A product that has earned the VB100 can be considered to have met a certain standard of quality in regards to malware detection. The post Emsisoft awarded VB100 in October 2019 tests appeared first on Emsisoft | Security Blog. View the full article
  25. Christian Mairoll
    This month our developers created a fine-tuning and maintenance update for Emsisoft Anti-Malware Home and Emsisoft Business Security. Which means lots of minor changes and improvements under the hood that are not necessarily visible to most users, yet provides the best possible experience and protection. Improved automation features Part of all our Windows protection products is Emsisoft Commandline Scanner, a tool that allows admins and professional users to automate common malware scanning tasks. It’s also available as a standalone download package without any visual UI components. We have slightly changed the behavior of the standalone package of Emsisoft Commandline Scanner in the most recent update: In the past, the /s (/service) parameter had to be used for all scans that were to be performed by the integrated Windows service. In the new version, the /s parameter is only used once to install the service, but then no longer needed to run scans. That helps to simplify the scanning process. A new parameter /uninstallservice was introduced that allows you to remove the service component if it’s no longer needed. Note that these changes only apply to the standalone package of Emsisoft Commandline Scanner. When using the scanner as part of the endpoint protection products, it will always use the built-in service component. The Windows service helps to save resources and time, as the entire signature database is kept in memory and doesn’t have to be loaded for each scan. That way you can perform frequent scans with very low system impact. All 2019.10 improvements in a nutshell Emsisoft Anti-Malware Changed service behavior in command line scanner. Several minor tweaks and fixes. MyEmsisoft/Cloud Console New ability to move multiple devices at once to other policy groups, via drag&drop. Improved user interface in many sections. Several minor tweaks and fixes. How to obtain the new version As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically. Have a great and well-protected day! The post New in 2019.10: Updated Command Line Scanner appeared first on Emsisoft | Security Blog. View the full article