Three misconceptions surrounding firewalls

Everyone knows what a firewall is, right? Wrong…

Let’s take a real-life example; does your Mother actually know (or care) what a firewall is? Does your little sister really need a firewall to protect her from the world of online criminals? By clearing up three misconceptions about firewalls, we hope our less-experienced users will understand the place of firewalls in the modern arsenal of online protection options.

Firstly, for our more experienced Emsisoft users, we’ve written previously about the technical definitions and applications of firewalls. After all, firewalls used to be the main way people protected their PCs from nasty programs and spying.

However, things have changed. Nowadays, most online threats behave in a way that makes it impossible for a firewall to protect the majority of everyday Internet users.

3 Misconceptions about firewalls

Misconception 1: Firewall was a good movie(!)

Whilst your Mother may have enjoyed handsome Harrison Ford’s appearance on the 2008 movie Firewall, it’s likely she will admit the film had a rather predictable plot. Sure, Firewall highlighted some of the threats in the online world, but I think you’ll agree that Firewall wasn’t an Oscar-nominating moment for Harrison Ford. Enough said.

Misconception 2: Firewalls protect your computer by detecting malware

Firewalls can provide a false sense of security in the modern online world. Allow us to explain: The main purpose of a software firewall is to eliminate potential entry points attackers could use to get onto your computer. However, what if you put up the firewall when you already have malware active on your PC? You may think you’re protected, but you already have a malware infection and the firewall won’t make it go away.

This is because software firewalls are simply not designed to detect malware that is already active on your PC.

Even with a firewall, malware could be actively communicating your data with a hacker on the other side of the world.

Also, common malware infection methods don’t require using any sort of brute-force methods of breaking into your computer. They infect using methods that a firewall can’t block in the first place, such as convincing the user to run an application that is other than what they think they’re getting.

But, why don’t firewalls detect malware?

While a modern software firewall can stop some outgoing connections from malware, if the malware managed to get into your PC in the first place, it probably also managed to disable your entire firewall to allow the malware to communicate. It’s too late to simply add a firewall. Instead, you’ll need to consider anti-malware software which will actively detect malware hijacking your computer.

For the record, this is not because firewalls are incompetent – it is simply because they are not designed to block malware.

Blocking malware is the task of anti-malware software such as Emsisoft Anti-Malware. A firewall instead ‘hides you’ from the outside, by denying communication with other programs through certain ‘channels’ or ports.

Misconception 3: Firewalls are always HIPS (host-based intrusion prevention systems)

Not so long ago, all software firewall products did exactly what users expected them to do: Filter network data. Today, that’s still the classic definition of the term ‘firewall’; however, firewall technology was soon ‘developed to death’ (= no more space for innovation -> all vendors offering a similar level of quality). Therefore, vendors started to add new and often overkill features to their firewall products, such as monitoring of all sorts of operating system changes and detecting thousands of other ‘suspect’ things.

The major problem with these technologies is that for all their monitoring and detection capability they are relatively clumsy. They tend to raise an alert for each and every action that could possibly lead to an attack, but the truth is that about 99.9% of all such alerted actions are not malicious.

As mentioned earlier, such alerts are annoying and even dangerous because they can train users to click ‘Allow’, day in, day out.

Eventually, the users’ well-intended and complacent clicking of ‘allow’ is likely to allow an intruder through the gate.

HIPS are therefore recommended for experts only, who can fully understand the large amount of alerts they produce and take advantage of the extra protection layer this can provide.

HIPS are the forebearers of modern anti-malware software

A lot of credit is due to HIPS: Firewall technology doesn’t make HIPS irrelevant to everyday users. In fact, the technology behind HIPS is what eventually evolved into behavior blocking, an essential component of modern anti-malware. Thanks to what behavior blocking borrows from HIPS, false alarms from antivirus software using the technology are now extremely rare. Behavior blocking isn’t HIPS though, and neither is the term freely interchangeable with ‘firewall’.

For our less experienced users (such as your Mother) nowadays, it’s sufficient to say that most PC users can be protected by high-quality Internet security software which not only protects your computer, but also detects active malware.

What should most everyday computer users do?

In conclusion; if you are a computer user that frequently travels and connects your laptop to different networks such as public WiFi and Cafes, we recommend running Emsisoft Internet Security (which has a built-in software firewall). If you mostly run your computer on the same Internet connection, you can simply run Emsisoft Anti-Malware (Windows 7 and above has a built-in software firewall).

With either Emsisoft product, you will be protected, and you can be sure both versions will detect any malware active on your computer: Firewall or no firewall.

A reminder to our existing customers: Should you wish to upgrade from Emsisoft Anti-Malware to Emsisoft Internet Security at any stage, you can do this at any time via the ‘renewal’ button. On the other hand, should you ever wish to ‘downgrade’ from Emsisoft Internet Security to Emsisoft Anti-Malware, our customer service team would be happy to assist you.

In the meantime, have a nice, well protected day!

Related Posts:

• What’s the point of having a firewall?


• Emsisoft Online Armor support roadmap


• Warning: There’s a rabid POODLE running loose in SSL


• Stable update: Emsisoft Anti-Malware and Internet Security…


• Emsisoft Anti-Malware & Emsisoft Internet Security…

Three misconceptions surrounding firewalls

Why antivirus uses so much RAM – And why that is actually a good thing!

Lots of computer blogs and magazines give smart advice on how to speed up your computer by reducing the load on your hardware resources. While it is true that having a few gigabytes of free hard disk space is better than no space, the same wisdom usually isn’t true for your RAM (Random Access Memory), your computer’s super-fast short term memory.

RAM is the fastest component of your PC

To give you some numbers to work with: An old school hard disk with spinning disks (HDD) usually allows for transfer rates of around 80-160 MB/second. A newer, solid state disk (SSD) that uses memory chips similar to those of the SD-card in your camera or smartphone, provides speeds of around 200-400 MB/s. But your RAM, that can’t store memory without power on, allows for 10-20 GB/second. That’s more than 100 times faster than the hard disk!

If you were an operating system architect, where would you preferably run programs from? RAM is the obvious choice.

How Windows uses RAM

When Windows starts up, it reads all the programs that are part of the system from the hard disk and puts them into RAM. That’s the place where the CPU can access them most efficiently. The working data that is created by your programs, along with other programs, are kept in RAM. That means the more programs you start and the bigger the data you’re working with, the earlier your RAM gets maxed out.

As RAM is typically between 2 and 16 GB nowadays, it may happen that Windows requires more RAM than you physically have installed. No cause for alarm, as the developers at Microsoft were aware of that risk and introduced something called Page File. The principle is simple: Programs or data in RAM that aren’t used frequently get written down to a ‘virtual RAM’ file on the hard disk (hidden at c:\pagefile.sys). That way, you get some free extra RAM space. However, any data required from virtual RAM needs to be read from the slow hard disk before it can be used again.

This is when your computer gets significantly slower and you start scratching your head, asking yourself what happened and if your computer is maybe about to bite the dust. Don’t be concerned, it has merely started swapping data to the page file.

Good high memory usage vs. bad high memory usage

Let’s conclude what we have learned so far: RAM is fast, make use of it! Reducing memory usage from e.g. 70% down to 40% doesn’t get you any advantage, as free RAM is wasted dead material. It doesn’t save you any power nor does it provide any performance improvements. From that point of view: Make sure you’re using as much RAM as possible to get the best overall system performance.

But there’s a tipping point when it’s maxed out and Windows starts to use the page file. You can avoid Windows hitting this point frequently by making sure you have enough RAM installed. RAM is cheap to buy and a bigger RAM module is probably the easiest way to extend the lifetime of your old computer for another year or two. For example, I’m a heavy computer user but I rarely need more than 4 GB of RAM.

Why does antivirus/anti-malware software need so much RAM after all?

We often hear customers blaming our software for using too much RAM. Well, we want to detect malware. To do that, we need recognition/search patterns to compare files with our database of known threats. Those patterns (sometimes called fingerprints or signatures) are not really that big, but there is a really huge number of threats out there, and therefore we need many signatures too.

At present, the Emsisoft protection software uses more than 7 million malware signatures. To load them all into RAM, it needs a bit more than 200 megabytes. That sounds like a lot, but keep in mind that this equals a short sequence of 28 bytes on average that we can use to confirm whether a file is good or bad. To illustrate that: Imagine a text sequence of just 28 letters that must be found in a library of 1 billion books, and you are not allowed to come up with a single false detection. A malware scanner has to check 7 million signatures against each of roughly 300,000 files on your hard disk, – all within a fraction of a second!

Technically there is no way to make 7 million signatures suddenly disappear. They must be stored somewhere if you want a really good detection rate instead of an absolute minimum (as seen in Windows Defender). They also need to be accessed somewhere quickly, so they can scan every new and modified file that enters the computer. Fast enough, so you don’t even notice that something was scanned in the background. The place to do this is the RAM.

The challenge with RAM usage doesn’t only affect Emsisoft, it’s an industry-wide issue. All signature-based antivirus or anti-malware scanners naturally require a significant amount of RAM to protect your computer effectively.

An insider’s secret: Antivirus programs tend to hide their RAM usage

High memory usage is bad for marketing, but what do you do if you can’t avoid it? You hide it. There are two major techniques to make a big program look like a small one:

1. Use the page file: As described earlier, Windows puts less frequently used parts of programs onto the slow hard disk. Programs can also force that process and ‘ask’ Windows to swap them to the pagefile in regular intervals. Then the Windows Task Manager shows a very low memory usage, but the price for that is regular 1-3 second ‘thinking-periods’ when you access the program. That’s the amount of time needed to read the data from the harddisk again.
   
   

   Reduced memory usage

   
   
   
   

   In Emsisoft Anti-Malware and Emsisoft Internet Security, you have full control over that feature. When you turn off the “Memory usage optimization” in main settings, the software doesn’t initiate swapping to the page file. This means overall system performance is likely to increase if you have enough RAM.



2. Use system drivers: Windows Task Manager only shows active programs and services, but not drivers. Drivers are code modules that are loaded directly by the operating system for certain core functionality. Some anti-virus vendors load hundreds of megabytes of data in their drivers to create the illusion of low memory usage. You can spot these by summing up the memory usage of all active programs and compare that with the value of total used RAM. If there is a huge difference, something is probably hiding high memory usage from you.

As the number of threats doubles every year, why doesn’t memory usage double at the same rate?

The good thing about malware is that many samples appearing in the real world (outside labs) are very similar. There is a limited number of malware families and often samples just differ in a few bytes of data. That means we can detect large numbers of threats with fewer, but smarter signatures. Using that method, the number of required signatures for best detection don’t grow as fast as the total number of threats out there in the wild.

Conclusion: Make use of your RAM

Take some time to open the Task Manager (right-click the taskbar, select “Task Manager”) and check how much RAM you effectively use during a busy computer day. If you’re not somewhere near the physical maximum, disable the “Memory usage optimization” feature in Emsisoft protection software, to make sure you get the best possible performance.

Emsisoft protection software settings

Don’t select your antivirus/anti-malware software based on memory usage reviews, unless you are really short of memory (less than 2 GB).

 

Related Posts:

• An in-depth look at the Emsisoft scanner technology


• Emsisoft Anti-Malware for Server wins VB100 Award with 100%…


• Poweliks: The file-less little malware that could


• Antivirus software: Protecting your files, at the price of…


• Stable Scan Engine Update Identifies Over 6000 New PUPs

Why antivirus uses so much RAM – And why that is actually a good thing!

Video: Meet the Emsisoft File Guard – Scanning for malware in real-time

The Emsisoft File Guard is a crucial part of the 3 layers of malware prevention built into Emsisoft Anti-Malware and Emsisoft Internet Security. It checks all files that are downloaded or run against millions of signatures of known malicious software and self-optimizes continuously, allowing for real-time protection.

Most importantly, the Emsisoft File Guard operates in the background, meaning you don’t feel the impact of its power while it is scanning dozens of files every single second. That way, it is effectively and efficiently protecting you from the worst case scenario of a malware infection by not even allowing it to occur.

In this short demonstration you can take a peek at how the Emsisoft File Guard actually works.

For the best viewing experience, a fullscreen icon (right bottom corner) is available after starting the video.

Related Posts:

• Emsisoft Emergency Kit against a badly infected system


• Video: Emsisoft Surf Protection vs malicious hosts and…


• Innovations to Emsisoft Anti-Malware 8.1


• Emsisoft wins top security award


• Zberp Banking Trojan: A Hybrid of Carberp and Zeus

Video: Meet the Emsisoft File Guard – Scanning for malware in real-time

Video: Emsisoft Surf Protection vs malicious hosts and phishing domains

More than ever, phishing is becoming one of the main reasons for stolen login details, emptied bank accounts and theft of other private data. The reason is simple: fake e-mails and websites are looking more and more authentic these days, so that even professionals have to examine them very closely to see if they are fake or not.

This is precisely what Emsisoft’s Surf Protection is designed for: It warns you the moment you try to access a malicious website and interecepts connections to dangerous hosts at the system level so that no data can be exchanged.

In this short video we demonstrate Emsisoft Surf Protection, which is one of the amazing features of Emsisoft Anti-Malware and Emsisoft Internet Security, works and how it can prevent malware infections.

For the best viewing experience, a fullscreen icon (right bottom corner) is available after starting the video.

 

Like what you see? Feel free to share the video with your friends. For even more insight into the Emsisoft Surf Protection feature, feel free to digg into this older but still valid article “Prevent malware from entering your PC with Emsisoft Surf Protection“.  And don’t forget to get to subscribe our newsletter to stay on top of the latest malware threats!

Related Posts:

• Emsisoft Emergency Kit against a badly infected system


• What’s the deal with protection vs cleaning?


• ALERT: Google Drive Phishing Scam


• Emsisoft Anti-Malware & Emsisoft Internet Security…


• Preview: Emsisoft Mobile Security offers protection for your

Video: Emsisoft Surf Protection vs malicious hosts and phishing domains

A typical Skype scam attempt by a spam bot

Skype scams have been around for ages. With technology constantly evolving, one would think that chat bots get a little more convincing too. As it so happens I recently got a contact request from a nice young lady that had something very special to offer.

I thought, OK, let’s play it through once and take some screenshots of the conversation:

 

Complete chat dialog with a scam-chatbot on Skype

 

This is how it works

Obviously, Katrina Kauffman is not a real woman (or even a man), but an automated program. At this point it is unclear if the bot hijacked someone’s personal Skype account by hacking their password or if the user account was just created to fool people.

The only purpose of the bot is to convince people to provide their credit card information on a fraudulent website. The shorturl leads to a fake adult entertainment website where you are supposed to sign up to see more.

Scammer website that tries to steal your credit card information

 

Example 2

Just a few weeks later I have received another contact request from a lady called “dear.churchill”. It was obviously a scam bot too and looked like it was made by the same people that were behind the first one. The only ‘improvement’ I could notice was that the new version also had a proper profile image set.

The full Skype scam conversation with a bot-script.

 

This poor girl maybe doesn’t even know that her pictures are mis-used for scamming

 

Of course, this website requires your credit card detaily ONLY for age verification. Who still believes that?

 

How to recognize a scam-chat-bot?

1. Ask any question. In the case above, the bot ignored what I was writing or asking and just kept sending me messages, trying to convince me to sign up and pay.


2. Watch for behavior patterns. This bot didn’t just run a series of plain messages. It always waited for me to say something first, then posted a message back after exactly 30 seconds. When I paused, the bot paused too. When I typed more, the bot replied more.

What to do now?

If you think you have already fallen for a (suspected) Skype or credit card scam, contact your bank or credit card provider as soon as possible and ask them to cancel your card immediately. Otherwise scammers could use your credit card for purchasing goods on the Internet (or worse) and you’ll end up with a pile of debt – or even be at risk of criminal conviction.

 

Related Posts:

• New Skype scam uses chat bots: Fake webcam girls want your…


• Beware of these popular WhatsApp scams


• Data Breach Alert: 51 UPS Stores Affected!


• ALERT: Google Drive Phishing Scam


• ALERT: The Google Drive Phishing Scam Returns!

A typical Skype scam attempt by a spam bot

Emsisoft – the anti-malware solution professionals and enthusiasts increasingly use

---

Nil Satis Nisi Optimum
(Nothing but the best is good enough)

---

Are we there yet? No, but due to continuous commitment to providing the very best, Emsisoft is certainly heading in the right direction, as confirmed once again by the latest AV-Comparatives independent annual IT Security Survey (PDF download).

As the questionaire shows, users rate AV-Comparatives, AV-Test and Virus Bulletin as the three most respected, trustworthy antivirus testing agencies. Emsisoft is tested by all three, AV-Test for the first time in 2016.

Our key points of this survey in a nutshell:

• According to the survey, Emsisoft is now the 7th most preferred main protection solution in Europe, steadily improving its rank and now ranked ahead of Microsoft in 8th and Symantec in 10th place.
  
  

  Which anti-malware security solution do you primarily use?

  
  
  
  


• On a Worldwide scale, Emsisoft moved up one position to the 9th rank. Being a newcomer in the industry, this confirms we’re becoming well established amongst the 50 competitors.


• Participants were asked “What are the most important things in a security product?”. The most frequent answers were: 1. “Good detection rate”; 2. “Low impact on system performance”; 3. “Good offline proactive/heuristic protection”; 4. “Good online surfing protection”; 5. “Good malware removal/cleaning”. We’re proud to say that all of these are what we are specialized in.

Some more interesting general facts:

• The number of users who rely on free desktop security has fallen again in 2016. Maybe that’s because nothing is truly free?


• Almost 47% of respondents now use windows 10.


• Google Chrome and Mozilla Firefox were very close to even as the preferred browser chosen by survey participants.

Would you ask a plumber to re wire your house?

Finally, you will read in the survey that over 70% of respondents refer to themselves as either IT experts or enthusiasts. While perhaps suggesting that the survey is not necessarily representative of the average computer user, wouldn’t you take the advice of an expert in their field as a guide to which product to use, especially when it could matter to you and your business as much as it mattered to these Australian guys?

 

We at Emsisoft will continue to work towards the “Nil Satis Nisi Optimum” motto. Getting feedback such as in the described survey is more than enough reason why we do so.

 

Related Posts:

• AV-Comparatives Survey: Emsisoft #8 most common antivirus in


• Advanced+ Rating in AV-Comparatives Proactive Test – March


• 2nd out of 20: AV-Comparatives confirms huge speed…


• VB100 Award: Emsisoft ranks 2nd out of 27 in PC slowdown…


• Speedy and spot-on: Emsisoft makes the AV-Comparatives Top…

Emsisoft – the anti-malware solution professionals and enthusiasts increasingly use