New in 2017.9: Making things simpler and easier

New in 2017.9: Making things simpler and easier

2017-9-simpler-easier-blog

Over the past month, our development team have spent most of their time fine-tuning our products and simplifying several structures in preparation for exciting new things that are on the horizon. Our biggest change with this release is the merging of Emsisoft Internet Security with Emsisoft Anti-Malware, as we announced earlier. The transition is expected to go smoothly, just like every other monthly software update. If you’d like to learn more about the reasons behind the merger and how it might affect you, please check out our article featuring the most frequently questions and answers on the Windows Firewall.

All 2017.9 improvements in a nutshell

Emsisoft Anti-Malware

  • New: Feature to connect with Emsisoft Enterprise Console from client side. Available at Settings -> License.
  • Improved: Communication protocol with Emsisoft servers to speed up updates and Anti-Malware Network lookups.
  • Improved: Management interfaces for technology partners.
  • Improved: Support for various languages.
  • Several minor tweaks and fixes.

Emsisoft Enterprise Console

  • New: Feature to connect with Emsisoft Enterprise Console from client side. Available at Settings -> License.
  • Several user interface improvements.
  • Several minor tweaks and fixes.

How to obtain the new version

As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users please download the full installer from our product pages.

Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically.

Have a great, well-protected day!

  • Majik thise

    So let’s see after running this inside one of my VMs I’m now aware of something you didn’t bother to tell anyone.

    It appears that WF does not inherit any rules made in EIS meaning that this update instantly allows all block rules to be bypassed, not only that it does not give any warning that WF will be enabled and there no UAC prompt on update.

    This means the 2017.9 lowers the security on a system without informing the user because it does not transfer the rules, and allows those connections that were previously blocked to become active. If a user then switches to deferred (back to what is currently 2017.7) it does not reenable those rules either. BTW you still haven’t told us how long deferred users will have until 2017.9 is pushed to deferred channel.

    So in a nut shell 2017.9 will actively make your system less secure while not providing feedback to the user. Did EMSI not think it would be wise to inform users of these facts or are you just resting on the fact that people would need to set up WF after the update once they find that blocked addresses and programs are being allowed after the update after they find that previously blocked items are being allowed?

    • Hello,

      EIS’ firewall module was independent of Windows Firewall, it was not an extended Windows Firewall GUI (like Binisoft or others); so obviously, unlike those GUI, rules in EIS won’t be transferred into EAM. If you are believing than every 3rd party firewalls should transfer their rules into Windows Firewall, it is wrong. This isn’t a reduction of security.

      • Majik thise

        I’d hate to disagree with you given that you are the ones that took away the 3rd party firewall from EIS > EAM, as such it is your responsibility to make sure that the level of security is maintained on that system.

        So you statement that this isn’t a reduction is security is bull.

        You took away the feature, and reeanabled WF without user interaction as such the user should expect the same level of protection post downgrade to EAM as the had with EIS and that include transfering the block rules, since if they are blocked in EIS they obviously want them blocked.

        By not transferring the rules you HAVE lowered their security.

        • diwul62

          Up front: I have full confidence in Emsisoft and trust the software will keep my pc clean from whatever malware as before.
          Apart of that, their service goes way, way beyond that of some competitive products. I have been using some leading AV products in the past.

          Same as the ‘competition’ Emsisoft was/is is offering two products, i.e. with- and without firewall.
          I confess: I have no knowledge about firewall-stuff, so left it to Emsisoft to deal with that.

          On How-to Geek at the bottom of their article “Do I Need a Firewall if I Have a Router?” it says that whilst using a hardware firewall (router) and Windows firewall, in most cases there is no real need for a third party firewall.
          With two good firewalls in place, generally speaking, one may indeed be raising questions about using yet another firewall.

          Maybe Emsisoft will be one of the first removing one product and others may follow…

          As for me, there is no real reason to lower my trust in the product. I am sure, without the firewall, Emsisoft will continue to be a top notch product.

          =

          • Hello, thank you for your trust, it is really appreciated.
            3rd party firewalls were really needed during Windows98/XP era (because the Windows one at that time was quite weak), it improved a lot when on Win7 and is every time slighty polished.

            I agree with How-to-geek statement, you don’t really need a 3rd party Firewall; after all, the original purpose of a firewall is to block unwanted inbound connection (so protecting you from connection’s attempts from outside), which Windows Firewall does quite well.
            In the meantime, we had the appearance of keyloggers and trojans which “call home” to transmit the datas they have stolen from you to the hacker, so outbound controls were implemented to block those malicious connections. Those malware shouldn’t even be able to call home since it is your antivirus’ job to detect and remove them beforehand.

            In the other hand, many people are worrying about their privacy being violated by some softwares’ telemetry and “spying” (which is understandable) and need those outbound controls to block those legitimate and safe applications from acessing internet. Those control can be implemented in Windows Firewall manually or via 3rd party tools.

          • LodeHere

            To block all MS spying I’ve been utilizing the free Spybot Anti-Beacon for Windows.

          • Majik thise

            And yet you still continue to avoid answering direct questions, is there something difficult about them or are they just not worth your time while you continue to pat yourself on the back?

            Unfortunately every time you avoid the questions you lower in my expectation since every answer you give is either circular, none relevant or does not address the point.

            So I’ll ask you again :-

            When will this be pushed to deferred?
            Are deferred users as unwanted as you appear to be to power users and business users?
            Why are you not inheriting block rules to WF?

            You seem intent on lumping me with the conspiracy nuts who are anti Microsoft, however as I’ve already explained twice the reason I don’t want to use WF due to it’s whole integration into the OS you claim that as a benefit I call it a con since if the OS gets compromised the Firewall is at risk, not to mention GP manipulation and other attack vectors against WF.

            Given that in recent test EAM was one of only 4 AV/AM products to fail a 100% test pass, are you saying I should not worry about security that my product provide?

          • Fabian Wosar

            The timetable for deferred updates hasn’t been finalised yet as it largely depends on user feedback of the normal stable update tree as well as crash telemetry.

            Inheriting block rules only would be dangerous. Rules like “Allow UDP to port 53 on IP 8.8.8.8” followed by “Block all UDP to port 53 anywhere” are very common, especially for power users. Just importing the block rule in this case would have drastic consequences. You would technically have to import all rules. That will raise issues with how it may interfere with the existing rulesets. Should we just dump all WF rules and add ours? Should we merge the sets? What about if rules are conflicting and something is allowed in the existing WF rule set that is blocked in the EIS ruleset and vice versa? There are a metric tonne of issues to solve. Given that the vast majority of users never changed the defaults in EIS and Windows Firewall and EIS used the same defaults, we chose not to attempt conversion as any attempt to convert the existing rules would have probably caused more harm than good.

            VB, which you refer to, only performs validation of on-demand detection. Just because a file wasn’t picked up by the file scanner, doesn’t mean it would go unnoticed when executed. In fact, all VB misses were caught and neutralised by the behaviour blocker just fine. The same is true for a lot of other products as well by the way.

          • Majik thise

            “Many users” is not an excuse for lowering the security on a system and shame on you for thinking so.

            You are passing the buck to the end user for issues caused by your removal of EIS from the package via the downgrade to EAM, which is exacerbated by the fact you don’t even bother to inform the end user of these changes.

            If I hadn’t explicitly set out to see if the rules were inherited I would have been incorrect to assume all was the same with the security of the system and all rules were intact when this isn’t the case. Which would be the default mindset for “many users”

            The fact you seem to want to pat yourself on the back for that is irritating to say the least, you are intent on washing your hands of the situation since it’s not your problem any more with the removal of EIS.

            “There are a metric tonne of issues to solve” you are right there are but you are giving those issues to the end user to solve while giving no notice to the user. Hell even a popup windows telling people that “Your firewall rule may be unsuitable due to the change to EAM please check your Windows Firewall setup” would have been sufficient. You are instead relying on implicit trust on the part of the end user or that they are too lazy or incompetent to understand what just happened with the change over. Along with the fact that “default is fine” when rarely is that the case.

            This is why I stopped recommending EMSI products after the announced retirement of EIS and why I’m now telling people to look for another security product post downgrade. I can’t justify supporting that mindset or practices the same way that I can’t support the fact you are trying to talk your way around the “in the wild” results as being ok when EMSI was one of four products that failed the ITW test (that means that the V/M was known,) in fact EMSI hasn’t passed a ITW test for nearly a year according to VB (last 100% ITW was October 2016)

            Isn’t it odd that these other products passed ITW100% implying they were picked up by on-demand or real-time scanning while EMSI didn’t and needed to wait for execution (per your response,) which BTW means that the file made it onto the system and was executed before it was detected. By that point the system is already technically infected since the infection is on the system even if it’s not actively attacking it. As you should be aware VB tests by On-Read then On-Write then On-Demand in that order and fail is registered when those 3 tests are done and it isn’t detected by a program.

          • Fabian Wosar

            We can continue ad infinitum. You made your position clear. It has been noted. Feel free to contact support for a partial refund and to recommend those people you recommended EIS to, to do the same.

          • cat1092

            In regards to the Firewall, one’s best is not that installed on Windows or other OS, rather that of the NAT Firewall inbuilt into most all modern routers for at least a decade. If an attacker gets past the router, any system can be compromised, given the attacker is persistent. There’s simply not enough rules in a software Firewall to stop an attacker by a determined professional hacker & still have a usable system (probably couldn’t open our Mail client).

            Like at least one other participant in this discussion brought up, I trust Emsisoft to do the right thing. That in itself doesn’t mean that everyone will be pleased, if not, then move on to another loaded with ‘cleaning’ tools we don’t need.

            To put it in perspective, security begins at the inbound network level (the modem/router), NOT the network interface (aka NIC) of every connected computer on the network. So with that in mind, rules can be created within the router’s NAT Firewall by logging into the router. While not quite the same level of protection as a spare converted dedicated PC running as a Firewall appliance, as long as remote administration is disabled & all passwords has been changed from default, the router still offers superior Firewall protection than WF or that of any 3rd party. For best protection & any possible added features, it’s good to check for firmware updates while logged in, as well as have to up to date copy of the router’s manual, which may have been revised to reflect firmware upgrades, that’ll guide their customers step-by-step on how to use features.

            If that weren’t the case, then Emsisoft wouldn’t had dropped support for OA sometime back. Which over time became overkill for many, to include myself, sometimes took as many as 25-30 clicks to install MS Office, which in a working environment is ridiculous & a waste of productivity for employees. The other & bad downside is that most would soon be clicking ‘OK’ blindly to everything, potentially handing the keys to the door to a data thief. With the NAT Firewall, there won’t be popups, and any rules created will remain there, as long as the router isn’t reset to default values, not to be confused with a reboot or power cycle needed for maintenance. Just like computers & printers, there’s a CMOS battery installed to maintain settings, probably hidden somewhere to make consumers think that we ‘need’ a new one every 3-5 years.

            Otherwise, unless a hard reset was performed, any network profiles of a router pulled out of the closet for an emergency, or given to one in need, wouldn’t still have the same network profiles & other settings maintained. In the case of the latter, good idea to perform a hard reset after finding the manual to obtain the correct procedure, if not included with the router.

            Emsisoft is top rated security & the test results at AV-Comparatives will show this over the past few years, winning a huge one last year & on other sites as well. Like other business offerings, Emsisoft has to make the best business decisions for not only it’s customers, also to sustain their existence. Therefore, better to have one or two top notch offerings, rather than half a dozen with too few human resources to manage all.

            I don’t believe that Emsisoft will lose many long term customers over these type of issues that they should already be maintaining themselves with the hardware already on hand to do so, nor do I believe that the employees of Emsisoft from the top down will lose a wink of sleep over the few that leaves over this single issue.

            Sorry for the long post, there’s times when things can’t be described in two sentences.

            Cat

          • cat1092

            Fabian, sorry, my reply was meant to be directed to the first responder of this otherwise fine article, not you.;-)

            Cat

          • Majik thise

            NAT is not a firewall, also if your users are doing your software installation you have an issue that extends beyond basic security. None administrators should not be installing stuff it’s a huge security risk to give them those privileges.

    • Quick question: Will I end up with WF enabled as well when it’ll update (on delayed) to 2017.9 even if I’m just updating from EAM?
      As for the settings issue (yes, obviously that is a huge concern for those who relied on EIS as traffic control as well), if any non-default EIS “firewall” settings exist they should at least be exported when updating and the user should be prompted to select which to move over to WF. I mean, those who just left the defaults won’t be “inconvenienced” because it won’t happen for them, but those who do have manual settings there would be able to preserve them (if it can indeed be done in WF), and since they made manual settings in the first place they’re expected to know how to deal with it and not be scared away by a prompt. This really should be added in a 2017.9.1 and have the delayed channel skip right to it when it’ll be migrated.
      Not that the whole thing can ever be in any way excusable, but just mitigating the damage slightly…
      On another note, I’d still want that logging issue that popped up ever since 10.8 (which the delayed channel got updated to straight from 10.0 – or was it 11.8 and 11.0? think 10 though), making it generally not display entries that are more than tenth before opening the window, fixed. Was told back then (when it was really bad, appearing to fail to read older information altogether, pulling up faulty older entries) that it was a log parsing issue you were becoming aware of but wasn’t high priority, will get fixed at some point, then I saw log parsing fixes show up a few times in changelogs since then, and admittedly the older entries stopped being faulty at some point, but the fact that some are not retrieved at all hasn’t changed.

      • Fabian Wosar

        EIS never disabled the Windows Firewall. Instead, the Windows Firewall generally disables itself when a different firewall registers itself. Likewise installing EAM or switching to EAM doesn’t enable the Windows Firewall either. It will simply not be disabled during boot by a different firewall registering itself. That means, switching to EAM will default to whatever the user set for his system. If the user disabled the firewall manually, then it will continue to stay disabled. If they didn’t, it will become active.

        As mentioned before, we will not export or attempt to migrate rules. The biggest issue there is, that it is impossible for us to determine which rules have been automatically created and which ones haven’t. We could attempt to apply some kind heuristic, but that is bound to fail in situations where users set up packet rules that prohibit everything that isn’t explicitly allowed by an application rule as we would import the “block everything” rule without importing the rules that allow applications as they would look like auto-created rules to us. Not to mention that the Windows Firewall rule import format isn’t officially documented.

        About the log issue I suggest contacting support to get an update on the status of that bug.

        • Majik thise

          So again you are fine with lowering this security profile on a system due to update and are not going to bother to fix it.

          You don’t tell the user these things, there are no prompts, no notices, nothing, not even a pop up to tell people to check their application settings in WF.

          You just enable WF and let all previously blocked applications run rampant on the system. You claim this isn’t your problem when the problem absolutely rests with EMSI and it’s downgrade.

          • Fabian Wosar

            When the cure is potentially more devastating than the ailment, then yes: We won’t shove the cure down everyone’s throat. The reality is: No application based firewall on Windows can efficiently prevent any application from accessing the internet. If you believe otherwise, you are fooling yourself. If your security is based on the assumption that you can, I am sorry to tell you, but your security has been compromised long before the update.

          • Majik thise

            Here we are again making assumptions, it’s part of what got you into this argument in the first place.

          • cat1092

            Majik, it’s you that began the argument. Instead of making a nuisance out of yourself, could had asked the questions desired, took the answers & then walked away & made the decision that’s best for your situation.

            As I stated above, you can create all of the rules you desire within your router & therefore, won’t be dependent on a software Firewall to do these things on your behalf. You can also export/import rules as needed, as long as the Windows Firewall will take imports, or that of the router (I’ve not tried either method).

            I prefer the router because it gives me what’s needed for my most important computers. When on the go, carry one of my lower priority models with me that has zero personal ID data on it, not even my name, rather one of my pets. So if hacked, all they’ll get are random browsing history & some pet pics.

            After using these away from home, will scan the computer(s) with several tools before reconnecting to my network & don’t include these in the Homegroup.

            You’ve been given good advise on how to proceed, what you do with it is your decision & yours alone.

            Cat

  • LodeHere

    All I know is that the Windows firewall has so far been judged as very good. (Yes, Microsoft did a good job on that one, whatever else one might think of that company.)

    I for one like to see now and then what comes in and what goes out, and have been utilizing the free version of GlassWire for that in combination with EAM for years now.
    GlassWire is based on the Windows firewall.

    • Indeed, there is plenty of free/paid tools to manage Windows Firewall and its inbound/outbound conenctions.

      • LodeHere

        Every time some connection changes or when there is a new one made, GlassWire shows a popup. One can then see what product or program made the change or the new connection.

        So just a few minutes ago when I was typing my post above the new update for my EAM was downloaded and installed, and right away that GlassWire popup popped up. Of course looking at what it was under Alerts, Emsisoft’s logo and the new EAM version information was shown in GlassWire.

      • Trevor Steel

        Please name a few. “Plenty” implies at least 10-20.

        • Fabian Wosar

          Sphinx, Glasswire, Windows Firewall Notifier, Windows Firewall Control, Tinywall, Free Firewall, Firewall App Blocker and simplewall. That doesn’t include commercial options available as part of commercial products like security suites from Avira, F-Secure and Panda among others.

          • Trevor Steel

            Good. That is a start. Before I weed through them, another question. Which of them are tested and confirmed as compatible with your new product?

          • Fabian Wosar

            None of them. We do not test with anything but the vanilla Windows Firewall. From a technical point of view they will most likely not conflict and a lot of them are in use by our customers, especially Glasswire and Windows Firewall Control, but we do not test for compatibility with any of them.

          • Trevor Steel

            Aha. That is one of the core problems!
            When you actually start to look at standalone firewalls, ones that either replace Windows firewall (my first choice) or add features to it, then each has their problems. I have yet to find one on the market, paid or unpaid, that suits my needs.

            Quote: “the original purpose of a firewall is to block unwanted inbound connection (so protecting you from connection’s attempts from outside), which Windows Firewall does quite well. ”

            Nope. The original purpose of a firewall is to police the programs on your computer. Connection blocking is another feature, and secondary.

            At a pinch, I can live without an Antivirus. I cannot live without this policing of programs. The test case is a computer not connected to the internet. I need a good firewall with program control.

            So, what has happened. We started with Online Armor. An AV was added. OA was killed off. Even the free version was killed, even the free version without updates, which was close to what many wanted. We got a cut down firewall in the suite. Now the suite has been cut, and we get next to nothing in an AV. People are now hunting around for a product which is light, and which provides a real firewall.

            Now, business sense is for you. That is your choice, to aggravate customers. But please do not aggravate them even more by praising the virtues of Windows Firewall. it simply is not up to the basic job. Plus, it is a microsoft product and we all know the habitual way Microsoft behaves as a virus.

            Out of business sense, you now have an inferior product. Consumers are left in the lurch.

          • “Nope. The original purpose of a firewall is to police the programs on your computer. Connection blocking is another feature, and secondary.”
            Totally wrong… please learn the basics before stating incorrect information

            https://en.wikipedia.org/wiki/Firewall_(computing)

            “In computing, a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules”

            What you were talking about was the HIPS part of some 3rd party firewalls like OA had, that was added to the firewall.

          • SLS

            Most definitions of a firewall focus on network traffic control, not application, if at all.

          • cat1092

            Emsisoft doesn’t have ‘inferior’ products & you over simplified how ‘We started with Online Armor. An AV was added..OA was killed off’. OA & EAM both were on the market, coexisting for years, it wasn’t like EAM came in as though a thief in the night & OA disappeared. Actually it was closer to time of the release of EIS that OA was dropped, and existing license holders could keep running the outdated software that was not intended for this decade, especially the last half.

            The good folks at Emsisoft had to make a business decision, and just as with any other, there’ll be customers (or employees) that doesn’t agree. We can all agree that it’s OK to disagree, as long as we all remain civil in doing so.

            Being that OA was one of the first of Emsisoft prized releases, it was (likely) no easier for them to ditch a project which helped to place them on the map. Emsisoft also replaced their free combined AV/AM protection with a standalone scanner in Emsisoft Emergency Kit. Wished I had a single dollar for every infected computer cleaned with the tool, would buy a nice GPU upgrade.

            If you want a real Firewall, a Hardware one, then read my post above, no need for me to repeat or copy/paste it word for word here. You router, as long as was a model of no longer than a decade back & supports WPA2 encryption, also has a powerful NAT Firewall that may be worth as much as the wireless signals transmitted. .

            Cat

          • Majik thise

            It’s interesting that you go on about being civil yet you call me a nuisance for having legitimate and valid concerns about the reduction of the security profile on a downgraded system then to go on a peen waving exercise about your network setup which frankly has nothing to do with the matter I raised, and before you ask nope I’m not going to compare network topography with you since it’s not relevant.

            I’m also not going to rehash the HIPS debate since that’s still very much a thing some users swear by it others don’t see the need, neither of them are wrong, btw OA was bought in by EMSI they weren’t the original developers and the conversations that are going on now regarding EIS > EAM are the same ones we were having regarding OA > EIS and the points raised and the attitude towards legitimate customers are still the same – if you are a power user or you want extra features that we are pulling GTFO.

            Since you want to be confrontational about it, NAT is not a firewall and NAT has nothing to do with security, in fact NAT by it’s nature is not secure because it breaks end-to-end connections it is also dumb since it absolutely needs to know where to route the traffic, a real firewall only blocks certain connections based on concrete policies. A device that cannot forward packets, since it is not able to process them correctly, should not be called a firewall. Which is the case with NAT.

            Even encrypted wi-fi is less secure since it can be sniffed without physical access especially if the key is broken but again that’s not relevant to this discussion. Especially since that discussion was regarding disregarding rules made by the user and them not being transferred and the inference that those rules are unimportant and the end user should deal with the consequences.

          • diwul62

            @trevorsteel:disqus
            “…you now have an inferior product.”

            Eh… just out of curiosity: why is that?

            I mean, are you now essentially claiming that users all over the world, also those who are using competitive products without firewall, essentially are using ‘inferior products’?

          • Majik thise

            Well when you compare two products and one and has a firewall and the other does not it’s pretty clear to see that the one without is inferior since it is lacking the firewall.

          • Laser_Beam

            I don’t think there was much difference between the Windows Firewall and EIS’s firewall in the first place. I thought so too initially, but they shared the same underlying ‘driver’ so it was mostly about the interface and being/not being part of the OS. Effectiveness was essentially the same. So, if you need something different or ‘stronger’, you probably either need HIPS software (EIS was not) or look for hardware solutions. EIS wasn’t the answer, unless of course being/not being part of the OS is the deal breaker for you.

  • Jon

    Love the New feature to connect with Emsisoft Enterprise Console from the client side (Settings -> License)…. Fantastic job Emsisoft Team!