Emsisoft Anti-Malware 7.0 review

Emsisoft Anti-Malware 7.0 now includes technology licensed from Bitdefender, but you'd be much, much better off just buying Bitdefender's antivirus, or any of the other PCMag's Editors' Choice products.
Photo of Emsisoft Anti-Malware 7.0

I try my best to keep up with all the new versions of all the antivirus products out there, but sometimes I miss one. The last time I reviewed Emsisoft’s offering, it was version 5.0. Somewhere on the way to the current Emsisoft Anti-Malware 7.0 ($39.95, direct) I missed version 6.0. There’s not much visible difference in this new version; its strengths and weaknesses are much the same as before.

One big difference isn’t visible at all. Emsisoft has always used a combination of in-house antivirus code with a third-party licensed engine. Version 5.0 licensed Ikarus; the current version licenses Bitdefender. Given Bitdefender’s stellar performance in independent lab tests, I expected a big improvement from Emsisoft. Alas, it didn’t deliver.

Simple Install
The product installed without issue on ten of my twelve malware-infested test systems. I like the fact that the installation process includes updating the antivirus definitions and running a full scan. I finished with the ten no-problem systems in a single morning, making good time.

Ransomware on one system renders the desktop inaccessible in all Windows modes, which meant I couldn’t easily install Emsisoft. A little consultation with Emsisoft tech support turned up a way to get the product installed despite resistance by ransomware. One full scan removed the ransomware; I ran a second scan just to be sure.

Malware on another test system interfered with Emsisoft’s update process. A full scan fixed that problem, after which I let it update and ran another full scan. All in all, getting this product installed for testing was a breeze. All was well until it came time to finish the scanning process.

Complex Cleanup
The initial Deep Scan ran with total success on just two of the twelve infested systems. On the other ten, the scanner announced that it was unable to quarantine one or more files, and advised getting help from tech support for full cleanup. In some cases the files were virus-infected system files, or even files belonging to Emsisoft that had been infected. In other cases the scanner warned that it doesn’t support automatic removal of rootkits.

Technically I should have taken my problems to the Emsisoft forums, but in the interest of saving time I arranged to work directly with a tech support expert. Initially he suggested using Emsisoft Emergency Kit 2.0 to clean up the problem systems, but he quickly shifted to a collection of third-party tools.

The process was arduous beyond belief. Over the course of a week, I spent more than 30 hours running diagnostics, emailing logs, executing cleanup scripts, and otherwise manually cleaning up the problem systems. I wound up using over a dozen third-party tools, including some from Kaspersky, McAfee, and Panda, and exchanged over 150 separate files with tech support.

Some of the third-party tools are quite powerful, and include warnings against use by non-experts. I stuck strictly with the instructions from tech support and didn’t improve. Even so, two of the test systems wound up in a non-bootable state. Fixing them would have required creation of a Bart PE CD, a task that I felt would be too far beyond the abilities of Joe User. As it is, I’m doubtful about Joe’s stamina, with an average of three full hours spent on each system’s cleanup.

New Lab Results
I do like to refer to tests performed by the many independent labs, to see how they do or don’t jibe with my own tests. In the past, all I’ve had to go on with Emsisoft is the fact that in the last ten tests by Virus Bulletin it only received VB100 certification twice. Quite a few antivirus products have passed all ten of the last ten; two in ten is rather poor.

Now I have a bit more to go on, as Emsisoft participated in the latest on-demand malware detection test by AV-Comparatives. Based on detection alone, Emsisoft would have earned the top rating, ADVANCED+. However, a large number of false positives (valid files detected as malicious) knocked it down to ADVANCED.

Emsisoft does use Bitdefender’s antivirus engine, so you might expect its results to track with those of Bitdefender Antivirus Plus 2013, which gets excellent scores across the board. However, based on my own tests I don’t think there’s necessarily a correlation.

For more about the independent labs and their tests, see How We Interpret Antivirus Lab Tests

Emsisoft Anti-Malware 7.0 lab tests chart

Two Malware Cleanup Scores
Given that full cleanup made use of many non-Emsisoft utilities, I couldn’t see giving Emsisoft credit for the job. I wound up recording two separate scores, one for Emsisoft alone and one for Emsisoft with tons of third-party help.

I had to cogitate for a while on how to handle the two systems that were “killed” during the manual cleanup process. Simply omitting them from the calculation would artificially inflate the removal scores. Marking them all as missed would unfairly drag the score down. In the end, I simply retained the scores that I recorded for Emsisoft alone.

Emsisoft detected 75 percent of the samples, the same as avast! Free Antivirus 8, but avast! did a significantly better job of cleaning up what it found. Avast! scored 5.8 points for cleanup, while Emsisoft scored 4.8. That’s the lowest score among products tested with my current malware collection.

With help from tech support and over a dozen third-party utilities, Emsisoft managed an 86 percent detection rate and scored 6.8 points. Both the score and the detection rate are the highest among products tested with my current malware collection, and compare favorably with the top products tested with the previous collection.

Tested with my previous collection of malware samples, Malwarebytes Anti-Malware 1.70 detected 89 percent and scored 7.1 points. Norton AntiVirus (2013) and Kaspersky Anti-Virus (2013) also detected 89 percent of the samples and scored 6.6 and 6.5 points respectively.

I also rate products based on how easy it was to clean up my twelve malware-infested systems. Emsisoft alone earned five stars, meaning it installed with hardly any help from tech support. But Emsisoft with manual cleanup got the lowest possible score, zero stars, because it rendered a couple of the test systems unbootable. There’s definitely a trade-off here.

For a full explanation of my malware removal testing regimen, see How We Test Malware Removal.

Emsisoft Anti-Malware 7.0 malware removal chart

Malware Blocking, Two Ways
As one part of my malware blocking test, I simply open a folder containing the current sample set. The minor file access that occurs when Windows Explorer displays file details is enough to trigger real-time protection for most antivirus products. Not Emsisoft; by default, its real-time protection only kicks in when a file is about to execute, or when it’s created or modified.

For my own convenience, I enabled real-time scanning when files are read. As I clicked each sample in Windows Explorer, Emsisoft took a look. It quarantined a few, but not nearly as many as most products. I typically see 80 percent or more of the samples vanish in this initial culling; Emsisoft removed just 25 percent.

Besides detecting known malware using real-time scanning, Emsisoft includes a Behavior Blocker module that watches for possibly-dangerous behaviors. When I tried to install twenty rather old PCMag utilities, the Behavior Blocker popped up for more than half of them. Accepting its advice to block the suspicious activities derailed the installation of some, and prevented others from functioning.

Based on that experience, I determined how I’d handle behavioral popups during my malware blocking test. For a simple warning-level popup, I’d always allow the behavior, but for a red danger-level popup I’d block that behavior and any subsequent behaviors. And of course if Emsisoft actively identified the program as malicious I’d block all reported behaviors.

Armed with this plan I proceeded to launch all of the samples that weren’t wiped out on sight. The results weren’t pretty. Emsisoft detected just 72 percent of the samples and scored 5.9 points for blocking, both figures the lowest among products tested with my current sample set. Avast! tied with Kaspersky PURE 3.0 Total Security in this test; both detected 86 percent and scored 8.5 points.

Separately, I tested Emsisoft’s Web-based protection by attempting to re-download my collection of malware samples. In some cases it blocked all access to the malware-hosting URL; in other cases it wiped out the file during the download. Including both methods, it blocked 75 percent of the downloads whose URLs are still valid. That’s good, but avast! blocked 88 percent of this same collection.

One thing did surprise me. When I launched already-downloaded samples, 28 percent completely slipped past Emsisoft to install and run unhindered. Yet 40 percent of these were blocked during the download test. I can’t explain that one.

The chart below summarizes recent malware blocking tests. For details on how I perform these tests, see How We Test Malware Blocking.

Emsisoft Anti-Malware 7.0 malware blocking chart

Limited Phishing Protection
Some antivirus products install a toolbar to handle URL blocking, phishing protection, and other security-related functions. Emsisoft handles phishing protection the same way it handles protection against known malicious URLs, by blocking the connection completely and displaying a notification. With no toolbar required, it’s browser-independent.

In testing, it became very clear that Emsisoft’s phishing protection relies totally on a database of known phishing sites, with no heuristic component to detect brand-new phishing sites. Norton, my touchstone for phishing protection, gets a high detection rate by including heuristic detection. McAfee AntiVirus Plus 2013 has beaten Norton’s high detection rate using a similar technique.

As for Emsisoft, its detection rate lagged a dismal 80 percentage points behind Norton’s. The SmartScreen Filter in Internet Explorer 8 was significantly more effective than Emsisoft, with a detection rate 32 percentage points higher. Leaving Emsisoft’s phishing protection turned on won’t do any harm, but don’t rely on it to keep you away from frauds. For details on how I obtain the freshest phish and run my antiphishing test, see How We Test Antiphishing.

Emsisoft Anti-Malware 7.0 antiphishing chart

No Reason to Buy
I had hoped for a big improvement in this new version, but what I got was more of the same. In my own testing Emsisoft lags behind other products in both malware removal and malware blocking; phishing protection too. I was impressed by the dedication of the tech support agent who guided me through 30 hours of diagnostics and third-party utilities to fully clean ten test systems, but I was horrified at the need for such an arduous manual cleanup.

Emsisoft now licenses Bitdefender’s antivirus engine, but you’d be better off just buying Bitdefender Antivirus Plus 2013 itself. Bitdefender is an Editors’ Choice for antivirus, along with Norton AntiVirus (2013) and Webroot SecureAnywhere Antivirus 2013, and all of them cost the same as Emsisoft.

Specifications
Tech Support Email, live chat, guaranteed malware removal.
Type Business, Personal, Enterprise, Professional

Verdict
Emsisoft Anti-Malware 7.0 now includes technology licensed from Bitdefender, but you'd be much, much better off just buying Bitdefender's antivirus, or any of the other PCMag's Editors' Choice products.
Published under license from Ziff Davis, Inc., New York, All rights reserved.
Copyright © 2012 Ziff Davis, Inc