Fabian Wosar

Emsisoft Employee
  • Content Count

    4403
  • Joined

  • Days Won

    1

Posts posted by Fabian Wosar


  1. 17 minutes ago, darktwillight said:

    Aus dieser Antwort ging für mich nicht hervor was Du oben geschrieben hast,
    oder ich überlese etwas .

    Ich habe dort genau das gesagt was ich hier jetzt wiederholt habe. In keiner der beiden Varianten steht, dass wir das zu der Standard Option gemacht haben, weil sich Leute vermehrt fuer eine Option entschieden haben. Es gab fuer Nutzer nichts zu entscheiden. Die Verteilung wer welchen Bestellvorgang zu sehen bekam war ausserhalb der Kontrolle des Nutzers.

    17 minutes ago, darktwillight said:

    Es geht nicht darum ob es über spezielle Firmen wie Cleverbridge oder 2Checkout abläuf !
    Sondern das  der Bestellprozess hier anders abläuft, Beispiel ...ich bestelle bei Bitdefender eine Av werde nach Abschluss
    nach Cleverbridge  zur Zahlung der Bestellung weitergeleitet.

    Ja, das wird derzeit ueberarbeitet. Derzeit ist es so, dass es Nutzer gibt die den User Account verwenden und andere die nur einen Lizenzkey benutzen. Ueber die naechsten Monate werden alle Nutzer zu Nutzeraccounts migriert, was dann auch einen komfortableren Bestellablauf ermoeglichen sollte.

    17 minutes ago, darktwillight said:

    Und das Denglisch (halb Englisch halb Deutsch ) findet man auch beim bestellen wieder !

    Ich habs mal weitergeleitet.


  2.  
     
     
    On 5/2/2019 at 11:04 AM, darktwillight said:

    Und das sich während dieser Test Zeit die meisten User zu der Variante  4) Automatisches Abonnement entschieden haben,
    hat dazu geführt das dieses ABO System jetzt der Standard ist. Und Alternativen Umständlich zu benutzen sind !

    Das ist nicht was bei dem A/B Test gemessen wurde. Beim A/B Test wurde gemessen, welche der Optionen zu allgemein mehr Verkaeufen fuehrt. Bedeutet: Es wurden mehrere tausend Testserien mit den unterschiedlichen Bestellverlaeufen gemacht und welcher Verlauf dann ueber mehrere Monate hinweg am Ende die meisten erfolgreichen Bestellungen vorzuweisen hatte, wurde als neuer offizieller Bestellvorgang uebernommen. Es ist also nicht so, dass sich mehr Leute fuer das Abo entschieden haben, sondern dass das blosse Vorhandensein der Option fuer ein Abo bzw. das Fehlen eines Abonements im Bestellvorgang zu mehr abgebrochenen Bestellvorgaengen gefuehrt hat als Abonements fuer alle standardmaessig anzubieten. Das war uebrigens in allen Teritorien der Fall, inklusive Deutschland, was uns letztlich selbst ueberrascht hat, da Deutschland eigentlich eher als Abo-feindlich gilt. Das spiegelt sich letztlich allerdings nicht in den gesammelten Daten wieder.

     
     
     
    On 5/2/2019 at 11:04 AM, darktwillight said:

    Auch wenn diese Daten so wie mir erklärt wurde nur für Emsisoft sind so gehen sie ja doch über die Partner
    (Online-Bezahlvorgang = 2Checkout und Zahlungsabwickler Cleverbridge).

    Das ist als wenn man den Käse erst zum Bahnhof bringt, und das obwohl die Käserei wo sie hin soll eine Straße daneben ist.

    Nein, das ist wie Online Payment Processing und Clearing funktioniert. Wenn Du beim Baecker mit der EC Karte zahlst, gehst Du ja auch nicht davon aus, dass der Baecker im Hinterzimmer nen Server stehen hat, der mal eben die EC Zahlungen cleared. Die Auflagen die Banken und Kreditkartenfirmen auferlegen damit man ueberhaupt am Zahlungsverkehr teilhaben kann sind komplett unrealistisch zu erfuellen fuer jede normale Firma. Daher gibt es spezielle Firmen wie Cleverbridge oder 2Checkout, die sich darauf spezialisiert haben und es entsprechend als Service anbieten. Mir ist nicht ein einziger AV Hersteller bekannt, der Online Bezahlungen selbst abwickelt, voellig egal wie gross die Firma letztlich ist.

     
     
     
    On 5/2/2019 at 11:04 AM, darktwillight said:

    3) Die Support Seite "Jetzt in Englisch Sprachige Menü Führung" ?
    Oder ist das ein Bug ?

    Nein. Die Uebersetzungen wurden deaktiviert, da der Forenanbieter offiziell nur Englisch unterstuetzt und in der Vergangenheit die inoffiziellen Uebersetzungen immer wieder zu Problemen fuehrten.


  3. Hallo,

    Da die Forum Software keine offiziellen Uebersetzungen anbietet und Community Uebersetzungen letztlich allesamt unvollstaendig oder fehlerhaft sind und teilweise zu erheblichen Problemen bei der Installation von Sicherheitsupdates fuehren, haben wir uns dazu entschlossen alle nicht-offiziellen Uebersetzungen, inklusive der Deutschen Uebersetzung, zu entfernen.

    Fuer den Fall, dass jemand mit dem Forum jetzt nicht laenger zurecht finden sollte, bleibt stets der Weg uns via Chat oder Email zu kontaktieren:

    https://help.emsisoft.com/de/

    Vielen Dank fuer das Verstaendnis.


  4. Hello everyone,

    We would like to inform you that due to a corrupted MySQL database we had to restore a recent forum backup. This means that all changes made since 2019-04-25 at 18:08:37 UTC have been lost. This includes among others: Posts, topics, registrations and profile changes. We apologise for the confusion and inconvenience this may have caused you.

    • Thanks 1

  5. 13 hours ago, pallino said:

    How widespread is the cheating problem?

    Nobody knows. 

    Quote

    How many might be cheating (e.g in %) and don't these companies cheat in all tests they take part in causing the same problem in all tests? 

    Again, nobody knows. A couple of them were caught doing it (Qihoo most recently IIRC). If the testers become aware, it usually results in disqualification and sometimes a block from future tests for a certain time period.

    Quote

    Shouldn't test companies detect these (or other AV companies denounce them), make these public and ban the cheaters ( at least one suspect got caught and banned in the past) and this act as a big deterrent?

    It probably depends a lot. I mean, do people still remember Panda being disqualified and hold it against them? I don't think so. Outside of a very small circle of enthusiasts nobody cares about these results. The rest will buy what PC Mag or a quick Google search tells them to buy.

    There is also like a huge grey area. If AV-C and AV-T publishes the exact PC models they perform performance tests on including an exact list of software and an AV vendor goes and buys the exact same hardware and starts tuning his product to work very well on that specific hardware, maybe even to the detriment on other more commonly found hardware, is that cheating already or just bending the rules a little bit? It's not strictly against the rules, but it also makes the test results not very applicable to the general public.

    Quote

    Were the driver problems during AV-C tests the same that affected Cruelsister test last year?

    We can't tell you as Cruelsister neither shares details nor samples. It may or may not be fixed. We will never know.


  6. 1 hour ago, andone said:

    This is EXACTLY how every test in the world works; when I passed admission for university , I had to solve in 3 hours 5 math. tests . Only 5, even though in high school I solved thousands of tests.

    Last time I checked standardised tests in education are just as controversial. But even if you ignore that: Tests in school are accumulative. Maybe it is different wherever you live, but at least here to even get to university you had to go through all the prerequisites. Meaning the fact that you are even allowed to take the test is the result of those thousands of tests you did before on the various topics through your school career up to that point where you demonstrated that you understood each of the sub-topics in question. Since the material taught doesn't radically change every couple of months, your previous achievements and test scores are still valid and proof that you at least have the capacity of understanding these topics, even though you may a bit rusty now.

    Such an effect doesn't exist when it comes to malware, as unlike algebra for example, the threat landscape and body of malware you have to deal with changes almost every day. Therefore, results obtained just a few months ago are completely obsolete as they (if at all) reflect performance in an environment that in that form no longer exists.

    1 hour ago, andone said:

    Anyway, as a consumer, I will always chose an antivirus which was tested by third parties versus one not tested and self proclaimed   "good / the best"

    We are still participating in several tests and continue to participate. We just dropped our AV-C engagement as many other companies did before us.


  7. I agree and there were a couple of things in the last tests that I unfortunately am not able to talk about. One of the first things most testing companies make you do is sign an NDA. Otherwise they won't even tell you their prices or tell you anything. That's also why Arthur mentioned that we can't really comment as in depth as we would want to. I imagine people would be quite surprised about the amounts of money that exchange hands and all the discrepancies going on. I can completely understand why more and more companies drop out of testing. It almost feels arbitrary at times and unless you start building your products for testing specifically, you can't really compete and for us at least the return of investment wasn't there to further justify it.

    The real world protection tests for AV-C are a one year commitment in general, so participating just once to show that the bug is fixed (which you wouldn't know in the first place, as the samples are completely different every time) isn't really an option. That being said, we may still participate in one time tests with AV-T or AV-C occasionally if we release some major changes.


  8. As Jeremy already mentioned: Most cloud storage providers offer revisioning. Meaning they keep old revisions of your files. Dropbox has support for it and Google Drive does as well (just click on the file in question, click on the hamburger menu and select "Manage versions"). It can be kind of a pain to roll back all your files though as there is often not a way to do it for your whole cloud storage but only on a per-file basis.


  9. Quote
    6 hours ago, pallino said:
     

    what do you mean with "all you have to do is design it to pass the test"?

    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does.

    Quote
    6 hours ago, pallino said:

    In other words, if Emsi's real world detection is very high, why shouldn't it also be for the AV-comparatives test?

    For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. 

    So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions.

    The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example:

    • you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance
    • you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently
    • some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later

    What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product.

    So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.

    • Like 2
    • Thanks 1

  10. 1 hour ago, JeremyNicoll said:

    Why does the link URL look like a normal   https://   one but not act like it?     Is there a redirect in the page's headers?

    It's just the way the forum software works. And yes, it will do a redirect.

    1 hour ago, JeremyNicoll said:

     When,  logged-in to the forum, I look at the list of subforums, I see  eg "(22 visits to this link)" after the no-longer-a-subforum thing's name.   Is this counter going to be present all the time?

    Yeah. Just shows how many people clicked it. 

    1 hour ago, JeremyNicoll said:

    Presumably ordinary users can't read what other people post into that not-a-forum?

    It's email. So no. 

    1 hour ago, JeremyNicoll said:

    Regarding  "mailto://",  I use webmail at the moment.   If I wanted to send feedback that way - or maybe if someone else who uses webmail wants to - what are they supposed to do?

    Send it manually to [email protected] :)


  11. On 3/1/2019 at 10:47 PM, Razz said:

    Based on your wise advice, I just enabled the MVPS filter list within uBlock Origin.  This leads me to the question: how do I delete the MVPS host file in order to make sure that uBlock Origin is in control of host files?  I had been using HostsXpert to manage the download and install of the periodic MVPS file updates, do I just use that to access the MVPS file and then just delete it?

    You can technically just remove all entries from your hosts file using Notepad. Just delete everything except the "127.0.0.1 localhost" entry if there is any. Lines starting with "#" are comments by the way.

    On 3/1/2019 at 10:47 PM, Razz said:

    Not sure I understand what you were saying.  I use Chrome and are you saying that when I was using the MVPS Host File (for years) that it wasn't even being used? 

    Pretty much.

    On 3/1/2019 at 10:47 PM, Razz said:

    As you know from my list, I am indeed using your Emsisoft Browser Security Extension.  It is my understanding that your browser extension only blocks malicious sites, not ads as well, is this correct?

    We are not an ad blocker, no. You use uBlock Origin which is pretty much the best adblocker you can get. So you are well covered in that area already.

    On 3/1/2019 at 10:47 PM, Razz said:

    It would be wonderful if you do add search indicators in your extension.  I personally really like that even though I guess it's not necessary because if you click on a bad site your other protection should block you, at least I assume it's supposed to.  I used to use Kaspersky Total Security and their browser extension that came with the suite did have that search indicator feature.

    Correct. When you try to click the link, it will block access to the site. But I do understand that a lot of people would like to know before they click, which is why we consider adding it.

    On 3/1/2019 at 10:47 PM, Razz said:

    EDIT: Just wanted to add that I gather that WOT (Web of Trust) is still not recommended?  I realize the trouble it got into years ago, just wondered if it's still a no go.

    Interestingly enough WOT got in trouble for the very same thing that some AVs are doing with their extension.

    17 hours ago, bobbonomo said:

    You make a request to thiscrazydomain.com which needs to be resolved. This is done by UDP in clear text. Your ISP probably farms out DNS to a Big Boy like Google's 8.8.8.8 or other like cloudflare's 1.1.1.1 or openDNS's 208.67.222.222 just to name a few. So now it is known.

    You can always set up your own DNS server locally or in a cheap VPS box online. DNS also can be tunneled via various secure protocols (DNS-over-HTTPS for example).

    17 hours ago, bobbonomo said:

    If using Google Chrome or Firefox then the URL is checked by safebrowsing.phishing or safebrowsing.malware by Google. Microsoft has the same thing using its Edge. Not sure how safebrowsing works or where they check. I see safebrowsing stuff in my FF profile.

    Those use methods that provide k-anonymity. Firefox in addition also sends "fake" requests if I remember correctly so the hoster of the block list does not know whether that was a website you actually surfed to or a random request.

    17 hours ago, bobbonomo said:

    Using a VPN is good too. Now you need to trust the VPN guy.

    If you are so concerned, just host your own VPN. Get a cheap VPS with bitcoin at njal.la for example, host OpenVPN and your own DNS server on it and there will be no link between you and the VPS. It's serious overkill though.

    • Thanks 1

  12. 22 hours ago, Razz said:

    I did not realize the impact on performance that using the MVPS Host File would have.  In your opinion, is enabling the MVPS filter list in uBlock Origin even necessary - i.e. you think I may as well just be content with the lists that come with uBlock Origin, that's probably more than sufficient?

    uBlock is exceptionally good at removing duplicate filter rules. So if you enable the MVPS filter list there, it will only enable it for stuff that isn't covered by other lists. That's also why in the rules list it says "x used out of y". Because it tells you how many rules it actually used out of that filter list. The rest was already covered by other lists.

    uBlock is also a lot more efficient as parsing and applying these filter rules than the DNS API in Windows is, which is the component that parses the "hosts" file. Depending on the browser you use, the "hosts" file may actually get ignored entirely. Some browsers like Chrome, for example, implemented their own, faster DNS client as the Windows DNS API isn't the fastest. So in the worst case scenario, you were having this huge hosts file, slowing down every program that does remotely something with networking, while at the same time your browser completely ignored it.

    Quote

    I had absolute no idea that Traffic Light did that.  You would think that BitDefender and the other companies you mentioned would have to disclose that somewhere (perhaps they do and I just missed it). 

    Yeah, most people aren't aware of it and it is the main reason why we decided to create our own browser extension. The worst part is, that it is completely unnecessary from a technical point of view as well. But yeah, as it is often the case: If something a free, you pay with your data. 

    Quote

    I will certainly uninstall Traffic Light now.  Can you recommend a good browser extension that flags good & bad websites when you search in Google so you know what not to click?

    Unfortunately not. If you find one, let me know which one and I can check how intrusive it is for you though. We are also considering adding search indicators in our extension. So you may want to wait for that. There is no ETA though.

    • Thanks 1

  13. Quote
    • MVPS Host File

    Just don't. You will hurt your general performance considerably. Better to just enable the MVPS filter list in uBlock.

    Quote
    •  SpywareBlaster

    Kind of pointless. uBlock does a better job. Ad hosts blocked by uBlock can't set cookies in the first place. That's all it pretty much does if you are using Firefox.

    Quote
    • TrafficLight

    For someone who is concerned about their privacy it is interesting that you willingly send your entire surf history to any company in clear text:

    image.png
    Download Image

    Literally every single website you browse to will get submitted in that way. Bitdefender Traffic Light isn't the only extension that does this. Other extensions known to do this are Avira Browser Safety, Avast Online Security, Norton Safe Web and Comodo Online Security Pro.

    • Thanks 1

  14. Sorry, der Beitrag wurde aus Versehen verschoben. Sollte jetzt wieder richtig sein. Ansonsten war die Inkludierung von Emsisoft, wie vom Autor in seinem Forum bereits bestaetigt, ein Versehen seinerseits. Wir verschicken keine vollstaendigen URLs. Wir verschicken nichtmal Domainnamen im Klartext. Wir verschicken ausschliesslich Hashes von Teilen des Domainnamens, die von uns nicht einmal zurueck in einen echten Domainnamen umgewandelt werden koennen. Die Idee ist im Endeffekt nicht, dass wir wissen wo da jemand grade rumsurft, sondern nur, dass wir genug Informationen haben um 99.9999% aller schaedlichen URLs die wir kennen auszuschliessen. Das Ziel ist die Liste an potentiell moeglichen schaedlichen URLs soweit zu reduzieren, dass es praktikabel ist sie zurueck an den Browser zu schicken, damit dieser dann schauen kann ob sich der User grade auf einer bekannt schaedlichen Seite aufhaelt.

    • Like 1

  15. Other companies have 10 to 100 times the number of employees we do. Having one person there that fixes bugs in Windows Insider builds isn't much of an issue there. However, us doing that would mean ~30% of all development time disappears to keep a couple of hobbyists happy who use a system that is not intended for use in production systems on their production system. We do include insider builds in our QA runs, so we know if or what is broken so we can fix it in time for a release. But unless something is fundamentally broken, risking system security or stability, we won't fix bugs specific to insider builds before a release to web is close.

    • Upvote 2