3 questions about EIS v.9.x firewall

[Guest Tempus]

Hey Emsisoft.

 

1. I have some questions regarding the  firewall in your new product Emsisoft Internet security. The first question I have is in connection with a Blog you wrote, about Botnets. The Blog article was " Internet Zombie Defense Training, or: How Not to Become a Bot ". In that blog I asked a question which I haven't received any feedback on. So I hope that it is okay to bring it up here. I asked about: Is Emsisoft Internet Security firewall so smart that is can recognize suspicious traffic/behavior that is passing the firewall. I ask because the firewall is the place where all traffic has to go through, and should be the first layer of protection intercepting suspicious data packets. You know Botnets is changing frequently in contrast to network protocols, so I am asking if the firewall can detect that as suspicious behaviour.( and ask the user for sending of information to Emsisoft's anti malware network.)
2. The second question I have is: How can an user know if the firewall they are buying is doing its job regarding handling data traffic-ports-stealth and so on, effectively, regarding security-flexibility ( flexibility=without blocking everything). AC comparative did a firewall test but beside that, how can I know that I am not buying a firewall that is less effective than windows own. I ask because it seems like a more grey and obscured area for the consumer. You have different awards like Virus bulletin and Av comparative, but those awards is more about the detection done from signatures, behavior and Hips blockers, and the cloud. I really miss some sort of quality control regarding firewalls.
3. The third question I have is: Does an user using Emsisoft Internet security firewall, receive a higher degree of anonymity compared to using windows firewall. I know, asking about anonymity on the net is a joke, but you can always try to limit the flow of information, or at least choose to whom you what the information goes to.(more or less).

Thanks for any feedback  =)

 

 

[Peter2150]

I can answer no. 2 for you.   I have one notebook, that I can connecct out via Verizons broadband network, so there is no router involved, hence no firewall in the router.   I've tested EIS 9.0 agains GRC's port stealth test.  Passed 100%.

 

Pete

[Guest Tempus]

I can answer no. 2 for you.   I have one notebook, that I can connecct out via Verizons broadband network, so there is no router involved, hence no firewall in the router.   I've tested EIS 9.0 agains GRC's port stealth test.  Passed 100%.

 

Pete

 

Thanks Pete that is truly nice to know. Let us see if they have something to say regarding the rest of my post, especially question no 1, which I am most curious about. =)

[Christian Peters]

Hello,

 

1. The EIS firewall is a application based firewall. The EIS firewall does not use statefull packet inspection. Suspicious or malicious behaviors will be detected by the EIS Behavior Blocker.

 

3. We do not collect any data to tracking the users activity that breaks the users privacy.

 

Also please take a look in our blog on: http://blog.emsisoft.com/2014/06/17/emsisoft-quite-possibly-the-most-privacy-conscious-anti-malware-around/

[Guest Tempus]

Hello

 

Thanks Christian for taking the time to answer my post  . Your answer was more or less what I expected it to be. =) Btw. has Emsisoft tried to emulate different known botnet infections, to see if the behaviour blocker kicks in when needed. (There are some clever botnets installers e.g. with signed certificates which pretend to be Adobe Flash player)

[Christian Peters]

Hello,

 

we are running regularly tests with zero day malware to tune our behavior blocker rules. We also know there are faked digital certificates in the wild. This faked or stolen certs are blacklisted in our database.

[Guest Tempus]

Thanks Christian for the answers (and with your patience with me  )

[Christian Peters]

Hello,

 

you are welcome.

[HAWKI]

I can answer no. 2 for you.   I have one notebook, that I can connecct out via Verizons broadband network, so there is no router involved, hence no firewall in the router.   I've tested EIS 9.0 agains GRC's port stealth test.  Passed 100%.

 

Pete

 

Ummm, your answer troubles me. When I run EMIS 9 on Shields-UP almost every port is shown as blocked. Only a handful are steathed. Is this because I have no group network and my setting is at "private network." Would there be any adverse results on the operation of my Windows PC or Internet Access if I changed the setting to public network? It was set at private network by default.

[Peter2150]

I wouldn't do that.  Are you behind a router.  That will mess up results from Shields up.   They way I tested there was no router.

[HAWKI]

I wouldn't do that.  Are you behind a router.  That will mess up results from Shields up.   They way I tested there was no router.

 

Nope. No router.

[HAWKI]

Any official response to this?

 

While using EMIS on a "private network" should all ports be stealthed rather than blocked, not that it really makes much difference in practical terms.

[Christian Peters]

Hello,

 

because trusted networks would allow most of the connections the ports shouldn't be stealthed.

[HAWKI]

Umm....... I'm not on any network. I have one PC where I am. Is there some Windows setting I have wrong in 8.1 that has placed me on a private network that I can change so I am not on any network and be stealthed? Or by definition is a single PC on a private network? I know next to nothing about networks :-)

[Fabian Wosar]

A single PC connected directly to the Internet is essentially participating in a public network. Private networks mean you are part of a protected and trusted network environment like a small home network or a work network where you want to allow various network services like ping or file sharing to work. So if you are directly connected to the internet, without any kind of router in between, you really should set the internet connection to "Public" in both Windows as well as Emsisoft Internet Security.