Tuesday, June 12, 2012

Emsisoft Emergency Kit 2.0


Finding that your PC (or your friend's) is so malware-riddled that you can't even install an antivirus is scary. You may be tempted to scream, "Eek!"?Emsisoft Emergency Kit 2.0, that is. This free cleanup-only antivirus is meant to be carried around on a thumb drive. In testing, it did a good job overall, though it doesn't handle rootkits.

The kit includes both a regular, GUI-style antivirus and a command-line antivirus for emergencies. The BlitzBlank tool can wipe out persistent file and Registry traces, and the HijackFree tool offers insight into many Windows elements. When you insert a thumb drive containing the kit, the autorun menu offers a choice between these four tools.

Given that it's meant to run from a thumb drive, you might think Emsisoft is similar to FixMeStick ($49.95 direct for three licenses, 3 stars). In truth, the two are quite different. FixMeStick reboots the system into Linux and runs a completely automated scan. It's aimed at the average consumer. Emsisoft doesn't reboot the system, and to get the best results you need a bit of security knowledge.

Little Information from the Labs
I usually refer to test results from various independent labs, but only one of those that I follow has tested Emsisoft's technology. In the latest nine tests by Virus Bulletin, Emsisoft achieved VB100 certification just twice. It detected all the threats, but false positives cost it the prize the other seven times. While AV-Comparatives.org doesn't include Emsisoft in its ongoing testing, a one-off report commissioned last year also reported numerous false positives. Emsisoft uses two antivirus engines, one home-grown and one from partner Ikarus. Online remarks tend to blame Ikarus for the false positives.

Emsisoft did win praise from Russian lab comss.ru. In a field of two dozen antivirus products, Emsisoft achieved the best protection rate. But without more results I can't really offer an overall lab summary. The chart below lists test results for Emsisoft and other antivirus companies. For more about the labs I follow, see How We Interpret Antivirus Lab Tests.

Related Story

Informative Scanner
Several products I've reviewed recently have utterly failed to install or run on one or more malware-infested test systems. Not needing installation, Emsisoft had no such problem. Malware on one test system protects itself by disabling Command Prompt, thereby disabling batch files use by Emsisoft's autorun menu. That didn't stop me from launching the scanner directly.

Lately I'm seeing a lot of antivirus scanners that simply report the number of threats found and offer to clean them. Anvi Smart Defender (free, 1 stars) is an example. With these tools, if you want to see what actually happened you have to dig for it. Not so with Emsisoft. It reports each threat at the time it's found, and even lets you dig in to see the associated file and Registry traces while the scan is still running.

By default, the scanner lists its findings when done and waits for permission to quarantine found threats. You can set it to quarantine files automatically when done, and even to shut down the PC afterward. All but a couple of the test systems requested a reboot to finish eliminating locked files. A scan of my standard clean test system took about 25 minutes, slightly faster than average.

Emsisoft can't remove rootkits, and it shouldn't remove essential Windows files that are infected. On several systems, a popup warning advised me to get expert help from the Emsisoft forums to resolve such problems. That put me in a bind, as going back and forth on the forums would simply take too long. In any case, I'm testing the product, not the forums.

To give the product the best chance for success, I drew on the expert tools. First, I ran a second scan to learn precisely which files presented a problem. Then I used BlitzBlank to wipe out all of those except essential Windows files. When I totaled up the results, I was impressed.

msg network ray j anthony shadid gary carter this means war bobby brown suzanne somers

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.