Manjusri108

CLOSED after update computer won't boot

Recommended Posts

Pinned posts

Edit: For those who are still having this issue, note that you can work around it by switching to the Delayed update feed so that Emsisoft Anti-Malware downgrades to an older version that does not have this issue. Here's how to do that:

  1. Open Emsisoft Anti-Malware.
  2. Click on Settings in the menu at the top.
  3. Click on Updates in the menu at the top.
  4. On the left, under Update Settings, click on the box to the right of Update feed and select Delayed from the list.
  5. Click on the Update now button on the right side.

___________________________________________________________
 

Hello Libor, thank you for your feedback.

As I'd mentioned, "We're still unable to replicate the issue". Up until just a few minutes ago, we have not been able to replicate this issue at all, whatever we tried, and nobody had been able to provide usable debugging information. Those who were willing to try ended up having the problem go away prior to any information being gathered, so we were left with a problem we could not see to diagnose. Impossible as you might imagine. So no, we're far from asleep, we have just not been able to get any usable data other than "it happens", and that it's with current Emsisoft Anti-Malware, Comodo Firewall, and Windows 7 x64.

By "up until this evening", I mean that I just had a virtual machine with Windows 7 x64, Emsisoft Anti-Malware, and Comodo Firewall (free) lock up well after the desktop was loaded. I'm going to try gathering information if I can, if the problem repeats itself. So, some progress possibly.

I'll post back here with workaround instructions should I find any, and update with fix status as well once that comes.

Share this post


Link to post
Share on other sites
UnPinned posts

Update:

...and again, nothing to do!!!

I installed it again, but  EAM instantly update to the last stable version so it doesn't work. If I switch to "delayed" nothing happens. And PC locks at first reboot, same as before.

Boot into safe mode, removed, reboot, PC works.

I tried to disconnect machine from internet, installed, but EAM needs connection both to enable 30 days trial or register my license. So tried to enable connection for license verification only, disconnected again before update started, switched to delayed, re-enabled internet connection and leaved EAM to update.

Then reboot and, surprise: black screen, white mouse pointer, and nothing to do. Reboot, black screen, black prompt window inside with blinking cursor (Gigabyte motherboard utility wainting something...), white mouse pointer....

And uninstall again. So please remove pinned post, or write inside "Hope it works"

Share this post


Link to post
Share on other sites

While I wouldn't be particularly surprised that it doesn't work after getting the recent version (should teach people to stay on delayed... not that it in any way gives the control that should be absolutely mandatory for any program whatsoever, namely to just notify of available updates and let the user decide if and when to install, but at least avoids some of the worst things like this to some extent), make sure it did indeed do a full update after it actually registered the switch to delayed. Noticed that settings changes may take a while, maybe up to a minute, to register, at least according to logs, so after installing do not reboot, even if it asks to, even if it updates. Let it do its business, then switch to delayed, give it a moment (check logs? think that such a switch should be listed there... but not going to switch to stable now to check, not even for a moment and with updates disabled, nope), then manually run an update, and then reboot.

Alternately, if it runs in safe mode (never tried), boot in safe mode with networking, open EAM and update it to the delayed version from there. Delayed version should be 2018.2.1.8483.

Share this post


Link to post
Share on other sites
9 hours ago, fabrix said:

I tried to disconnect machine from internet, installed, but EAM needs connection both to enable 30 days trial or register my license. So tried to enable connection for license verification only, disconnected again before update started, switched to delayed, re-enabled internet connection and leaved EAM to update.

Then reboot and, surprise: black screen, white mouse pointer, and nothing to do. Reboot, black screen, black prompt window inside with blinking cursor (Gigabyte motherboard utility wainting something...), white mouse pointer....

And uninstall again. So please remove pinned post, or write inside "Hope it works"

To my knowledge, the version in the Delayed update feed does not have this issue. It was introduced in 2018.3, and the Delayed feed has 2018.2.

Did you try starting Windows in Safe Mode With Networking, opening Emsisoft Anti-Malware, switching to the Delayed feed, and manually checking for updates to allow 2018.2 to install?

Also, be sure to check the version number in Safe Mode before uninstalling. When you open Emsisoft Anti-Malware you can click on the Emsisoft name in the upper-left corner to see the version number.

If you want the version number to be displayed on the Overview screen when you open Emsisoft Anti-Malware, you can do the following:

  1. Open Emsisoft Anti-Malware.
  2. In the gray box that says License, hold your mouse over where it says Renew for free!.
  3. A little X will appear to the right of where it says Renew for free!.
  4. Click on the little X, and the version number will be shown instead.

Important note: Keep in mind that one security software can interfere with another security software installing updates. Installing the update in Safe Mode With Networking should help to prevent such issues, assuming that the other security software (COMODO Internet Security in this case) doesn't make the unfortunate mistake of configuring Windows to load its drivers and services when Windows starts in Safe Mode. If the other security software does run automatically in Safe Mode, then you will need to configure it not to run when Windows starts.

 

6 hours ago, Cavalary said:

Noticed that settings changes may take a while, maybe up to a minute, to register, at least according to logs, so after installing do not reboot, even if it asks to, even if it updates.

Settings changes take effect immediately. When we test installing program updates from different feeds, we click the "Update now" button immediately after changing the update feed setting. There is no delay in between changing the update feed and Emsisoft Anti-Malware recognizing that it has been changed (we would notice pretty quickly if there was).

Also note that after installing a program update, Emsisoft Anti-Malware won't check for updates again until the computer is restarted, so waiting to restart will not have any sort of positive effect.

Share this post


Link to post
Share on other sites
2 hours ago, GT500 said:

Settings changes take effect immediately. When we test installing program updates from different feeds, we click the "Update now" button immediately after changing the update feed setting. There is no delay in between changing the update feed and Emsisoft Anti-Malware recognizing that it has been changed (we would notice pretty quickly if there was).

Also note that after installing a program update, Emsisoft Anti-Malware won't check for updates again until the computer is restarted, so waiting to restart will not have any sort of positive effect.

I'll just leave this here then, recorded now (after checking to see how, ah well...): https://www.youtube.com/watch?v=GuJt5gsIbgs Does seem to be a delay in registering that hours between updates change, doesn't it?

And I did say do a manual update, not wait for it to update again...

Share this post


Link to post
Share on other sites

There's no button to commit the changes to the update interval when you're just changing the time, so there can be a slight delay in the amount of time between it being changed and EAM registering the change. Since the update feed is a dropdown box, the change to the setting is registered immediately, and there is no need to wait after changing it.

Share this post


Link to post
Share on other sites

There is a fix that is working in our testing. It has now been released into beta. For those who wish to try it, here are instructions:

  1. After booting, install or re-activate Emsisoft Anti-Malware as needed depending on your machine's current state. Do not reboot again until step 5 or it will almost certainly hang.
     
  2. Click Settings in the top row, Updates in the second row.
     
  3. Change the drop-down menu from Stable update feed to Beta update feed.
     
  4. Press the Update now button. The update must complete. Afterward, verify the version by opening Emsisoft Anti-Malware and clicking the "EMSISOFT" logo in the upper left. It should be 2018.5.0.8668.
     
  5. Reboot the computer when it's finished updating to test, only if the version number is verified to match the Beta version listed above.
     

Please switch back to the stable version when the fix is released stable, even if the beta works. Beta releases are just that, beta, and may be unstable in some cases. You may learn more about when releases come out, here: https://blog.emsisoft.com/en/category/emsisoft-news/ (See the column on the right side of the page).

Note that the stable release with Comodo fixes should be mentioned as usual in the updates blog, when it is ready. Here is the beta release note: https://blog.emsisoft.com/en/31323/emsisoft-anti-malware-2018-5-beta/

I would appreciate feedback about whether it works for you or not, either here or via email to [email protected] Thanks!

Share this post


Link to post
Share on other sites

Since it's the start of the month and I see that a new update was already pushed on the stable feed, I must say again that I really hope the delayed won't be updated until and unless the version you mean to update it to will be very thoroughly tested to ensure that this issue, or any others which may pop up with it, have been fully fixed, on all supported versions of Windows, both 32 and 64 bit, and in case of this particular issue with various versions of Comodo Firewall as well (I am still and will definitely stay on 8.4, and remember when looking on the forums there at various points that I saw people still on v7, or even 5 or 6, and swearing by it - I mean, if used paired with another security solution, such as EAM, CFW is largely for system control and monitoring, the other solution is for actual security, so if you have a version you're happy with, it's fine).

And also definitely hope there will be advance warning about such an update to delayed... When so far you can't find out whether the delayed has been updated anywhere, there's a beta updates feed on blog, the stable ones are posted visibly, but nothing for delayed.

Of course, what is absolutely needed is separating program from definitions updates and not automatically installing program updates, instead prompting user if one is found at a check and respecting the decision. But until you decide your users are not all clueless and at least some may have a little bit of an idea about how to use their computers and can make a decision...

Share this post


Link to post
Share on other sites

I tried Beta update (Windows 7 64 bit, Comodo 10) and after Windows restart computer started ok. As Cavalary above wrote, this beta update is on stable feed now so I tried after that switch EAM to stable feed and rebooted. It started ok too. So just now on my home comp it seems all is working again (after two months mess... great work indeed...).

And identically with Cavalary I ask you for program (EAM) update only after it asks user for doing such thing (or add this possibility not to update program automatically somewhere to settings). And it should definitely make system restore point before any such update to be able to revert to point where computer were stable if something goes wrong.

Share this post


Link to post
Share on other sites

We used to have an option to disable program updates separately from database updates, however the end result was people turning program updates off to keep outdated versions of EAM for months or even years simply because they liked them better (we had people keep EAM v5 for years because they liked the icon better), and of course there were also many people would simply forget to turn the option for program updates back on. We eventually decided that it was safer for users to have a "Delayed" update feed in case of issues with a new build rather than turning off program updates entirely, that way they didn't end up with an extremely outdated build that was no longer capable of providing adequate protection, or potentially even incompatible with the latest database updates.

Keep in mind that the above is simply an explanation of why EAM works the way it does now. I'm not the one who decides what features we will or will not have. ;)

Share this post


Link to post
Share on other sites

What versions people keep and why, or anything else your users do on their computer for that matter, is not for you to decide. At all. Ever. For any reason. You are being paid to grant the customer the right, not the obligation, to legally use your product and receive updates for a certain period of time. How they use your software (in the sense of options and tweaks, not reverse engineering and actual program modifications, of course) and their update behavior, determining when or if they install updates and which updates they choose to install, is not your decision to make.

Besides, there keeps being this justification for it all that most people don't change the default settings. In that case said "most people" wouldn't disable program updates either. If they did, they had a reason, and knew at least enough to do that. What happens past that is their responsibility. Yours is to keep guaranteeing their right to update if and when they so wish during the period covered by the license, and to not unnecessarily restrict their use of the product due to their decision. Tying definitions to program updates is definitely unnecessarily restricting the use of the product, especially in case of the BD definitions, which are quite version-agnostic, as back when I used it I knew they still offered them even for versions some 10 years old.

In my case, Windows updates for the past several years have taught me to give the unpaid beta testers other valued customers a few days after a security update is released to try it out, then look up to see whether issues are reported and decide about installing based on that (and set nonsecurity updates aside unless they fix an important bug that actually affects me, and while it was possible to pick individual updates, install them if they seem safe whenever I next install a security update, then once they bundled it all together only install the security bundle and ignore the full one completely ever since). Your software doesn't offer that option. Doesn't even offer what little options even awful Win 10 home would offer, for that matter (as far as I heard, at least).

Anyway, back on topic, if the fix for the CFW issue is in 2018.5, can I assume there will not be an update to delayed this month, but only at the start of July, as in 30+ days after the release of 2018.5 on stable, and that IF and ONLY IF this is confirmed fixed and no other significant issues pop up?

Share this post


Link to post
Share on other sites
25 minutes ago, Cavalary said:

What versions people keep and why, or anything else your users do on their computer for that matter, is not for you to decide. At all. Ever. For any reason.

Please understand that we don't mean to try to control you or what software you have on your computer. You paid us to keep your computer safe, and we don't feel we can do that if you have old versions of our software installed with program updates disabled. We also understand that there are times when you may need to have an older version of our software installed to help work around a problem with an update, which is why we give you the choice of the Delayed update feed.

 

32 minutes ago, Cavalary said:

... "most people" wouldn't disable program updates either. If they did, they had a reason, and knew at least enough to do that. What happens past that is their responsibility.

Most customers don't see it that way. They paid us to keep their computer safe, and they expect us to do that regardless of what they do. At least with the Delayed feed they still have the choice to downgrade, but don't end up on very old versions of our software that are no longer up to the task of protecting their computers, and we've done our job of continuing to keep them safe.

 

35 minutes ago, Cavalary said:

... can I assume there will not be an update to delayed this month, but only at the start of July, as in 30+ days after the release of 2018.5 on stable ...

Builds aren't pushed to the Delayed feed on any specific schedule, but only after we feel that a build has demonstrated it is stable for the vast majority of our customers and will be unlikely to cause problems when moved to the Delayed feed. Ideally, if 2018.5 ends up being stable enough, we'll release a version of it to Delayed after it has demonstrated that level of stability.

Please keep in mind that it is technically possible for us to release a build to Delayed in less than 30 days, however we don't generally do that just to give a build enough time for us to be certain it is stable enough.

 

Share this post


Link to post
Share on other sites
18 hours ago, GT500 said:

Please understand that we don't mean to try to control you or what software you have on your computer. You paid us to keep your computer safe.

Road to Hell and all. What you mean is not relevant. The point is you're doing it. And I paid you to use your software, however I see fit. It's a tool. If I buy a hammer, I'm paying to have that hammer and use it however and for whatever purpose I think of, not necessarily and specifically just to drive nails, most likely into wood, though that's what most people would use a hammer for.

19 hours ago, GT500 said:

Most customers don't see it that way. They paid us to keep their computer safe, and they expect us to do that regardless of what they do. At least with the Delayed feed they still have the choice to downgrade, but don't end up on very old versions of our software that are no longer up to the task of protecting their computers, and we've done our job of continuing to keep them safe.

Just talking of me, what most customers do doesn't concern me, and I'm not saying do anything that takes away their right to use the software as they wish or even make them do anything to have those generic settings and am willing to read documentation, tweak settings, even edit registry entries or .ini files if it's a properly documented feature intended to continue being supported and not break things down the line, so why is the reverse true, taking away mine to use it as I wish? And when even delayed may cause some issues, including simply being installed at an inappropriate time, maybe leave EAM in a state that doesn't complete the update, maybe require a reboot, as will be the case now, likely leading to less protection. And what definitely does lead to less protection is forcing someone who wants to control updates to not update at all until they feel ready to deal with it, instead of allowing them to delay and/or select at still get something. (Same as with Win 10, the one way to go is to completely disable the update service I guess. Because that's way safer than letting the user decide what to install and when, eh?)

 

19 hours ago, GT500 said:

Builds aren't pushed to the Delayed feed on any specific schedule, but only after we feel that a build has demonstrated it is stable for the vast majority of our customers and will be unlikely to cause problems when moved to the Delayed feed. Ideally, if 2018.5 ends up being stable enough, we'll release a version of it to Delayed after it has demonstrated that level of stability.

Please keep in mind that it is technically possible for us to release a build to Delayed in less than 30 days, however we don't generally do that just to give a build enough time for us to be certain it is stable enough.

 

So far the release posts specifically said delayed updates were at least 30 days after the stable one. So even that's changing? And what about those not in that "vast majority"? The first order of business for an antimalware solution is for it not to become in itself malware. For however many or few users. And if some can look up and avoid it...

And the general idea of updates being unexpected remains whenever you release them, if it's not just notify and let user decide.

But it all is justifications and I don't see why I even bother to reply. I did say "At all. Ever. For any reason.", right?

Share this post


Link to post
Share on other sites

Love all of you to death. But what I see are a bunch of crazed people so infatuated with a firewall. Yes I agree Comodo is probably the best firewall only due to its HIPS. I was using it prior to these issues. Either switch firewall software or switch antivirus software. That simple. So obviously this won't be a quick fix, trust me on that one. It will all work out eventually. Trust me all will still be well in the universe not using Comodo for now. I am sure the staff is working on a resolution, give them a chance. Easy. Peace.

Share this post


Link to post
Share on other sites

Hi neneduty, we actually appear to have fixed it in the latest update, 2018.5.0.8686. Libor got back to me that the beta worked - shortly after that we released it in the stable feed. Feel free to run them both, and please let us know if you run into trouble with it!

Share this post


Link to post
Share on other sites
5 hours ago, Cavalary said:

If I buy a hammer, I'm paying to have that hammer and use it however and for whatever purpose I think of, not necessarily and specifically just to drive nails, most likely into wood, though that's what most people would use a hammer for.

And the hammer manufacturer shouldn't be liable for improper use of their tools, and yet they are still held liable by their customers aren't they? We're just trying to do our best to keep our customers safe and protected, just like they expect us to do. We understand that there is no ideal solution for how to handle this, so we're just trying to do the best we feel we can.

 

5 hours ago, Cavalary said:

So far the release posts specifically said delayed updates were at least 30 days after the stable one. So even that's changing? And what about those not in that "vast majority"?

Yes, they do. It is very rare for us to do otherwise, however there have been a couple of instances in the past where exceptions had to be made. There were technical reasons why it was necessary, and the builds that were published were stable enough not to cause problems for our customers who use the Delayed feed.

 

5 hours ago, Cavalary said:

The first order of business for an antimalware solution is for it not to become in itself malware.

Malware is "malicious software". I am not aware of anything we do that could be considered malicious.

Share this post


Link to post
Share on other sites
1 hour ago, GT500 said:

And the hammer manufacturer shouldn't be liable for improper use of their tools, and yet they are still held liable by their customers aren't they? We're just trying to do our best to keep our customers safe and protected, just like they expect us to do. We understand that there is no ideal solution for how to handle this, so we're just trying to do the best we feel we can.

Of course they shouldn't be. They should only be liable for damage or unpleasantness caused by the hammer itself, like when it's released to the market not being properly tested... If customers hold them responsible for how they themselves use it, that's the problem of the customers.

 

2 hours ago, GT500 said:

Malware is "malicious software". I am not aware of anything we do that could be considered malicious.

Preventing a computer from booting would sure count in my book. Blocking or otherwise hampering legitimate software from running, as in not just throwing up a prompt that the user can then create a rule from and move on as if nothing happened, also would.

Share this post


Link to post
Share on other sites

Hi all. Just a note that your fix seems to have finally fixed the problem. I had a chance to try it a few days ago and so far I can't tell any obvious problems. I wanted to test it for a bit before replying. I put it in Beta mode, then when that worked put it in Stable. Those both survived reboots. I did update to the latest Comodo Firewall before that (I had been about an update behind). So thanks for eventually finding the fix.

This most recent discussion here has motivated me to move back to Delayed, though. I think, generally speaking, experienced users have update fatigue. MS Windows and its attempt at controlling the update process is mostly the culprit here (the whole unpaid beta tester thing and how frequently they break things, after shamelessly tricking many people into Win10), but it isn't only them. Follow the https://www.askwoody.com/ site for a while and one sees the big picture.

Despite this recent hiccup with Comodo and how much time it cost me (!) two months ago, I still love your software. I know you don't want what must feel like many different versions of your software. There have also been many reported software and hardware vulnerabilities this year. It must be a difficult time to be responsible for anti-malware software. It won't get any easier. You have to run this show at the level you are capable of.

Still, giving the user more control and choice should be a priority. One only has to be burned by updates going wrong a couple of times and one gets update fatigue. Updates going wrong have cost me infinitely more time than malware!

  • Like 1

Share this post


Link to post
Share on other sites

Yes, that should be correct. I've only had feedback from a few people saying the issue is fixed, and we've ceased being able to recreate it ourselves. I haven't had feedback yet saying that it doesn't work, but I'd like more "it works" feedback, for sure.

Share this post


Link to post
Share on other sites
21 hours ago, Cavalary said:

Preventing a computer from booting would sure count in my book. Blocking or otherwise hampering legitimate software from running, as in not just throwing up a prompt that the user can then create a rule from and move on as if nothing happened, also would.

Wouldn't it only be malicious if it was done intentionally?

If every mistake a software developer makes which interferes with the functionality of some of their customers' computers is considered "malicious", then Anti-Virus software companies would have to add almost every program that's ever been written to their databases (including their own software, as every Anti-Virus software company has made these kinds of mistakes as well). Are you sure this isn't a bit too extreme?

Share this post


Link to post
Share on other sites

I could only confirm David's post - on both my computers with Comodo (Win 7 64 bit, SSD HDD - as this probably had some impact on that unpleasant EAM behaviour) I switched to stable version and all seem to work. So yes, the problem with Comodo on some comps is probably over.

I want to add my two cents to discusion above. I work with computer more than 25 years. A lot years ago I worked as programmer. This is all over now (even as I sometimes write a few lines of code in php and MySQL). My main work is with graphics software, but for a few of my customers I do also some kind of computer servis. Not that I'm any expert in LAN's or such but I could help individual users with some computer problems. So my computer knowledges are a little bit above standard. Usually I could help myself with any and all hardware or software troubles, but this time it was very frustrating and it took me a lot of precious time (which I should have spent differently) to revert my work and home computers back to working state. And it was because of EAM "no user asking" PROGRAM update (unfortunately it even didn't create system restore point - why this isn't standard upon bigger program update is above my understanding).

This is why I ask you for avoiding such program behaviour. I understand your points but you should hear our opinions also. Maybe it's not wise to let some users decide about something they don't understand but I don't ask you to do this. You can let default EAM settings on stable version update but I'd appreciate the possibility for some of us to switch off this behaviour. Why couldn't you add to setup/actualization menu two choices: 1) update program without asking user 2) update program only after user confirmation? First choice could be the default one - I don't care. This would be enough. And (not only) after this experience I'd immediately switch it to the "update program only after user confirmation".

And a few words to Neneduty post: no, I won't uninstall ANY of my programs only because ANY antivirus software couldn't work with it. All programs are in my computers for good reasons (this is true especially for Comodo firewall). This could end that Emsisoft (or any other antivirus producer for that reason) could ask me not to use my graphics programs, because they could be in conflict with EAM (btw. there was situation Adobe Acrobat didn't start because of conflict with EAM one time - I resolved it with Emsisoft help then - fortunately Emsisoft helpdesk didn't want me to uninstall it :-)  ). Antivirus software is in any computer to help not to be infected by computer virus; it's not there to block users to work with their programs... Any other debate about this is ridiculous.

Uffff. Enough from me.

  • Like 1
  • Upvote 1

Share this post


Link to post
Share on other sites
2 hours ago, GT500 said:

Wouldn't it only be malicious if it was done intentionally?

That's malicious intent. Intent doesn't matter for a malicious outcome.

And security software is far more likely to mess up systems than most programs.

And in this case it was something you should have seen early in testing. Said that since you decided years ago to no longer provide a proper firewall (not to mention HIPS and sandboxing, don't know if you had that even then), you should thoroughly test your software paired with at least the leading alternatives that provide those missing features, making a full suite when put together.

But, again, talking to walls. Or worse.

  • Like 1

Share this post


Link to post
Share on other sites
23 hours ago, Libor said:

unfortunately it even didn't create system restore point - why this isn't standard upon bigger program update is above my understanding

Unfortunately the System Restore will break EAM. It isn't capable of reverting all files to previous versions, and will only revert the service and drivers, thus leaving you with an installation of EAM that doesn't work and won't be able to update and fix itself. Many users don't notice when this happens, so we don't want to encourage the use of the System Restore to try to roll back updates. We prefer to have a built-in feature to do that (the update feed system) so that EAM can effectively manage what version is installed.

 

On 6/6/2018 at 7:32 PM, Libor said:

... you should hear our opinions also.

We do hear your opinions, and they do get considered. Feature changes and implementation aren't up to me, and all I'm trying to do is explain why things work the way they do. ;)

 

On 6/6/2018 at 7:32 PM, Libor said:

This could end that Emsisoft (or any other antivirus producer for that reason) could ask me not to use my graphics programs, because they could be in conflict with EAM (btw. there was situation Adobe Acrobat didn't start because of conflict with EAM one time - I resolved it with Emsisoft help then - fortunately Emsisoft helpdesk didn't want me to uninstall it :-)  ).

We generally recommend exclusions for software compatibility issues. Normally that's all that's needed, however with security software that isn't always the case.

Keep in mind that security software usually opens hooks to every running process, meaning that they inject code into every running process. When you have more than one program doing this (in this case EAM and CIS) then it can cause unexpected problems ranging from performance issues to system stability and freezing/hanging issues. This is one of the reasons why we (and most other Anti-Virus software companies) recommend never installing more than one security software on the same computer. Other reasons for not doing so are detailed here.

Note that some software react badly to hooks, and that is why exclusions are sometimes necessary for a program to work OK with your Anti-Virus.

 

22 hours ago, Cavalary said:

That's malicious intent.

How is it "malicious intent" if it's unintended?

 

22 hours ago, Cavalary said:

And security software is far more likely to mess up systems than most programs.

I've seen software that had nothing to do with security cause some very odd problems. Anti-Virus isn't the only software to use drivers and services, or to open hooks. Bugs in any of these can cause some very odd problems, sometimes resulting in unbootable or freezing/hanging systems.

 

22 hours ago, Cavalary said:

And in this case it was something you should have seen early in testing.

We don't intend EAM to be used alongside other security software, so we don't test it alongside other security software. We try to be very clear when we recommend that you don't use EAM alongside other security software. If you choose to disregard that warning, then please note that you could run into problems that we have not been able to account for.

Share this post


Link to post
Share on other sites
42 minutes ago, GT500 said:

We do hear your opinions, and they get dismissed.

Fixed that for you.

 

42 minutes ago, GT500 said:

How is it "malicious intent" if it's unintended?

Are you messing with me here? Meant that what you said, being done intentionally, would signify malicious intent. Outcome can be malicious (or not) regardless of intent.

42 minutes ago, GT500 said:

We don't intend EAM to be used alongside other security software, so we don't test it alongside other security software. We try to be very clear when we recommend that you don't use EAM alongside other security software. If you choose to disregard that warning, then please note that you could run into problems that we have not been able to account for.

EAM is not a complete security software by any stretch to be able to be used on its own, at least by those who know what they want from their computers. It's a piece of software with some specific purposes, which shouldn't get to make any requests about what else runs alongside. Plus, one of your selling points a few years ago was that you specifically advertised as being compatible with other security software, even in case of overlapping features, not to mention complementary ones. You may have moved away from that, as well as from most other good things you had going, but a part of your users, those who came and stayed in part for those features, aren't going to just drop their expectations and, more importantly, drastically change how they use their computers just because you say so.

As far as I'm concerned, having security software including EAM on a computer would typically mean either EAM+CFW or EAM+ZA+Sandboxie. There would be a number of other options past that, of course, but at the very least those should be the basic test setup.

  • Upvote 1

Share this post


Link to post
Share on other sites
2 hours ago, GT500 said:

 

We don't intend EAM to be used alongside other security software, so we don't test it alongside other security software. We try to be very clear when we recommend that you don't use EAM alongside other security software. If you choose to disregard that warning, then please note that you could run into problems that we have not been able to account for.

Whoa!

You don't test alongside other security software?

You've removed the firewall from EAM and then leave us with the option to either have no firewall on the machines or a third party firewall, be it the likes of Microsoft's or Comodo.  

And now you tell us that you don't test EAM against them and, further, you don't recommend us to use such a security product.   

Surely this can't be so.   Please could you clarify this because I would like to have some sort of firewall on my machines and, in particular, I don't wish to have Microsoft's because I simply don't trust them at all but, right now, I am wondering if I have misplaced my trust altogether.

Regards
  Malc

 

Share this post


Link to post
Share on other sites
41 minutes ago, Cavalary said:

 

Oh, they specifically recommend using only Windows Firewall, and say there's no point in anything else. Like here: https://blog.emsisoft.com/en/28637/emsisoft-windows-firewall-protection/ and in comments on the release threads around the time EIS was discontinued.

Thanks for the reply but this isn't exactly what GT500 has said " We don't intend EAM to be used alongside other security software, so we don't test it alongside other security software "

So if Windows Firewall isn't an example of security software then what the hell is it doing on our computers and if it is an example of security software then GT500 has categorically said in his recent message that it's not recommended and not tested against EAM.

If Windows Firewall is the sole exception to the rule and that EAM should be used with Windows Firewall and only Windows Firewall then this gives me great cause for concern because that's forcing us into a corner.  And, more to the point, if Windows Firewall were any good then it would, for example, stop the data slurping (aka telemetry) of our machines to MS HQ.

In short, I don't trust Microsoft to protect us at the firewall level.  And if the only firewall that will work with EAM is Microsoft's then I wonder what deal that they may have made with Microsoft and my level of trust in an application which is supposed to protect me is going to diminish significantly.  I find it very worrying that EAM will work with one, and only one, firewall and I am wondering what is going on in the darker recesses of my machine.  It is not as if we're asking EAM to run along nicely with an obscure piece of security code that's been cobbled together by one bloke in his spare time in his shed and isn't supported and hardly used: but we're looking to use EAM with a decent firewall application that's well known and respected.

Share this post


Link to post
Share on other sites

> So if Windows Firewall isn't an example of security software then what the hell is it doing on our computers

It's a standard part of Windows, which everyone has.  Implicitly thatwill be tested against - how could they avoid it?

 

> In short, I don't trust Microsoft to protect us at the firewall level. 

- despite the fact that most (all?) of the other 'firewall' products are just GUI frontends to the underlying Windows facility?

Share this post


Link to post
Share on other sites

Quote: "We don't intend EAM to be used alongside other security software, so we don't test it alongside other security software."

Surely you are misstating this. Can you please clarify? Conventional wisdom in the PC security space has been to use multi-layer protection, and that has been true for decades. Please state clearly:

Do you or do you not regularly test your software with Comodo Firewall, or any other non-Microsoft firewalls?

Share this post


Link to post
Share on other sites

Thanks for the reply.

So, Comodo is one of two things.  It's either just a GUI clagged onto Windows Firewall or it's not.     If it's just a clagged on GUI then how come EAM caused problems with it on the same machine?    If it isn't a clagged-on GUI then surely it's big enough or important enough to be tested against?

So, which is it?  Is Comodo just a GUI or an actual firewall?

Best
  Malc

Share this post


Link to post
Share on other sites

Comodo's its own different thing, definitely not a GUI for Windows Firewall. Normally Windows Firewall will be disabled with Comodo installed.

Share this post


Link to post
Share on other sites

This is what I had considered: that it wasn't a simple GUI clagged onto the Windows Firewall and that it was a fully fledged firewall in its own right.   I didn't bring up the subject of the GUI only stated that if it were a simple GUI then there is no way that EAM should have borked with Comodo installed.

Which brings us back to why Emsisoft have said that they wouldn't test EAM with anything other than the Windows Firewall and leaving all forced to use a firewall that some wouldn't rather use.

Share this post


Link to post
Share on other sites

Been through this with them a lot before, in comments on news posts, in e-mails, they don't give a damn. Most people do this, it's how the security market goes, they follow it. Because the point obviously isn't to keep users safe, despite what they say, but to sell a product marketed as keeping people safe. If you're left out in the cold by it, tough luck, not their problem.

And soon enough I assume they'll close this topic for going too much off topic and the matter at hand supposedly being solved, by the way.

(Should probably mention that the support people seem least to blame in it. Some may even agree that the direction is bad and want the more advanced stuff, options, monitoring and control, but decisions are taken at the top and they have to deal with the fallout.)

Share this post


Link to post
Share on other sites
22 hours ago, MalcolmSm1th said:

You don't test alongside other security software?

No, we do not. I don't think there's a security software company out there that does.

 

22 hours ago, MalcolmSm1th said:

You've removed the firewall from EAM and then leave us with the option to either have no firewall on the machines or a third party firewall, be it the likes of Microsoft's or Comodo.  

And now you tell us that you don't test EAM against them and, further, you don't recommend us to use such a security product.

Windows Firewall is not third-party. It comes will all editions of Windows since XP, and is of course present on all of our test systems due to this. We have Behavior Blocker features designed to monitor its settings.

Windows Defender is handled the same way. They are expected to be present and functional when EAM is installed, as this would be the default configuration on a Windows system.

 

9 hours ago, Door Knob said:

Surely you are misstating this. Can you please clarify? Conventional wisdom in the PC security space has been to use multi-layer protection, and that has been true for decades. Please state clearly:

Do you or do you not regularly test your software with Comodo Firewall, or any other non-Microsoft firewalls?

Layered protection shouldn't mean multiple softwares with real-time protection. As explained above, this has negative side-effects that are best to avoid whenever possible. Instead, layered protection should mean using hardware protections (special router firmware, pfsense, etc) in addition to a single Anti-Virus software.

As for testing, we do not normally test our products alongside products from other companies. We may do this as-needed when compatibility issues are reported, however we do not do it regularly.

 

1 hour ago, Cavalary said:

Because the point obviously isn't to keep users safe, despite what they say, but to sell a product marketed as keeping people safe. If you're left out in the cold by it, tough luck, not their problem.

If our products were incapable of keeping customers' computers safe, then we would not be OK with that, and our products would be changed to ensure optimal protection.

If you want to know the absolute truth, I run without a software firewall of any kind. They're not providing you any real protection unless your computer is connected directly to the Internet, and their HIPS is nothing more than an obnoxious pain in the neck. My systems are protected by a Linux router firmware which is infinitely less annoying, is far less likely to cause problems, and no software firewall is ever going to provide better network protection than this simple open source router firmware will.

Share this post


Link to post
Share on other sites
7 hours ago, GT500 said:

If you want to know the absolute truth, I run without a software firewall of any kind. They're not providing you any real protection unless your computer is connected directly to the Internet, and their HIPS is nothing more than an obnoxious pain in the neck. My systems are protected by a Linux router firmware which is infinitely less annoying, is far less likely to cause problems, and no software firewall is ever going to provide better network protection than this simple open source router firmware will.

Mine is. But, again, it's less about protection and more about system monitoring and control. Don't usually allow things to "call home" unless I specifically make use of said on-line feature, for example. Same with their HIPS. I want to know what programs do and to be able to allow or block behaviors separately if I care to do so, not the whole program. Sometimes maybe just to see if it still works if I stop something I don't think is necessary, if we're talking of programs that shouldn't mess around in the system, like games or such.

And hardly see what's annoying in their HIPS. It tells you what programs try to do and gives you control, which is the basic thing security software should be able to do. Automatic behaviors, determining what is and is not malicious, making decisions, are the advanced features that come on top of that.

(That said, no, it never so far prevented actual malware from operating. But no behavior module ever did, in all the years I've used computers. Usually keep a keen eye on things, had an active infection precisely once on a computer I was not only the only, but even just the primary, user of, in '99 or around 2000, and some three, give or take one, more cases where I found something present which I didn't think was actually active but couldn't be absolutely sure. All those times, they were found on scans, based on definitions, and definitions were also what blocked a few other things from running in the first place. Definitions and, most notably, network packet scanning, to stop things from getting on my computer in the first place, particularly true for things like infected ads or scripts. And you know what, EAM doesn't even offer that! It only acts after the infected file ends up on the computer.)

Share this post


Link to post
Share on other sites
On 6/9/2018 at 5:14 AM, Cavalary said:

... it's less about protection and more about system monitoring and control. Don't usually allow things to "call home" unless I specifically make use of said on-line feature, for example. Same with their HIPS. I want to know what programs do and to be able to allow or block behaviors separately if I care to do so, not the whole program. Sometimes maybe just to see if it still works if I stop something I don't think is necessary, if we're talking of programs that shouldn't mess around in the system, like games or such.

Our products aren't designed for people who need that kind of control. They're designed for the average user and for use on corporate computers where those kinds of features are unwanted, but they're also designed to provide enough protection on their own that supplementation with other security software isn't necessary.

As for application control, wouldn't it be better to say "If a publisher/developer is trustworthy, then their software should be safe and shouldn't need restricted. If a publisher/developer isn't trustworthy, then why should their software be allowed to execute on my computer at all?"

 

On 6/9/2018 at 5:14 AM, Cavalary said:

And hardly see what's annoying in their HIPS.

By its very nature HIPS interrupts what you are doing. For most people interruptions are annoying, and protection that doesn't need to interrupt you as frequently is preferable, especially if it provides the same amount of protection. Behavior Blockers like the one in EAM are intrusive enough, and dealing with the excessive alerts and notifications generated by HIPS is simply too much for most people.

Share this post


Link to post
Share on other sites
2 hours ago, GT500 said:

Our products aren't designed for people who need that kind of control. They're designed for the average user and for use on corporate computers where those kinds of features are unwanted, but they're also designed to provide enough protection on their own that supplementation with other security software isn't necessary.

So which products are designed for those? Assuming similar price, keep saying, tell me where to go and I'll go, don't want to "bother", just looking for something to suit me too (don't find the antimalware side of Comodo reliable enough, if you're wondering - great firewall but needs pairing with something).

2 hours ago, GT500 said:

As for application control, wouldn't it be better to say "If a publisher/developer is trustworthy, then their software should be safe and shouldn't need restricted. If a publisher/developer isn't trustworthy, then why should their software be allowed to execute on my computer at all?"

Not your call to make either way, but nope. Have in the past (rather distant past, but still) used software I knew had malicious features, but those required connecting to certain servers, so by carefully only allowing it to connect when and where I wanted it to, thanks to the firewall (BitDefender's at the time, was back when the prompts BD had offered a fair bit of information and quite a number of options from the prompt itself), I stayed safe. And by default I rather see what a program tries to do before deciding whether to trust or not. And for example I don't trust Microsoft, not in the least, but kind of stuck using their OS, so need something that can be used to control some unnecessary OS activities as well, and made by people who don't try to persuade me to trust it.

2 hours ago, GT500 said:

For most people interruptions are annoying, and protection that doesn't need to interrupt you as frequently is preferable, especially if it provides the same amount of protection. Behavior Blockers like the one in EAM are intrusive enough, and dealing with the excessive alerts and notifications generated by HIPS is simply too much for most people.

Again with the "most people" thing. You're free to make the default settings for them and they're free to use them, not my concern. My concern is having the stuff I can use as well. Which, again, should be easier to implement than the automated behaviors.

... Again, why do I keep replying? We just keep talking of different things.

Share this post


Link to post
Share on other sites

This conversation is way off the original topic.  The ongoing discussion is neither on topic or constructive.  Therefore this topic is now closed.

  • Downvote 1

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.