How well is your PC protected?

  • April 4, 2012
  • 5 min read

Good security software is essential these days due to the increasingly rapid spread of malware. However, there are vast differences between the various anti-virus and anti-malware programs available, and often not only in terms of operation but also with regard to the degree of protection they offer.

Emsisoft Anti-Malware, for instance, uses three security levels (or layers) in order to provide the best possible protection. These layers are made up of: surf protection, a dual-engine file guard, and advanced behavioral analysis. In the following article, we will explain why these three layers are used and how they distinguish Emsisoft Anti-Malware from other security software.

Security level 1 – Surf protection

Surf protection

Surf protection basically consists of a database that contains the addresses of dangerous websites. When you access a website, Emsisoft Anti-Malware checks if the address is already known for spreading malware, and if so, gives you a warning instead of loading the site.

This feature may sound simple at first, but there is a lot of work involved in keeping the database up-to-date. At the end of March 2013, Emsisoft Anti-Malware knew of more than 160,000 potentially dangerous websites, and more are being added every day. These are categorized into phishing (52%), malware-spreading (31%), exploits (7%), advertising/tracking (6%), hijacking, warez, and fraud.

Surf protection is the first layer of defense that prevents malware from entering your PC. Tests prove this layer of defense alone wards off a significant volume of current threats, as infected websites are one of the primary sources of infections. In addition, it also protects you against scammers who use fake websites to try to gain access to your savings (Phishing).

For threats spread through other means such as e-mails, USB sticks, vulnerabilities or downloads, there is a second layer of defense in place:

Security level 2 – Dual-engine file guard

Dual-engine file guard

Emsisoft Anti-Malware’s file guard represents the classical core component of anti-virus software. Each file which has been newly downloaded, created or modified by programs on your PC will be checked with a dual-engine malware scanner. This means that whenever there is a file operation (usually hundreds of times per second), Emsisoft Anti-Malware checks a file against the more than 13 million fingerprints in its signature database. Approximately 30,000 new fingerprints are added daily for the detection of new malware samples. This is why Emsisoft Anti-Malware is updated more than 20 times a day.

A special feature of Emsisoft Anti-Malware is its use of two scanners in combination. The first scan engine specializes in the broad detection all types of malware from the last 15 years, so that standard threats are already covered. The second scan engine is dedicated to current high severity threats and specialized malware attacks. Emsisoft’s analysis team keeps a close eye on the malware scene and is able to react to new threats quickly thanks to their extensive contact network. There are Emsisoft employees in almost any specialized forum, either officially or undercover. Not only does this help keep Emsisoft Anti-Malware constantly up-to-date, but also ensures you receive the best possible support for infections, including direct responses from developers and malware analysts where necessary.

If you have enabled frequent automatic updates in Emsisoft Anti-Malware, you will receive the appropriate signatures for new malware outbreaks within minutes after onset. Emsisoft’s analysis team are constantly proving their brilliant reactivity as regular test victories show. The detection rate is above 99% and is well ahead of other renowned providers; current comparative tests can be found on our blog.

If a brand-new malicious file should ever manage to breach the first two layers of defense, there is always Emsisoft’s special weapon at the ready:

Security level 3 – Behavior analysis/blocker

Behavior analysis/blocker

Thanks to the combined forces of its surf protection and dual-engine scanner, Emsisoft Anti-Malware already detects almost 100% of all malware. However, the first two layers of defense must already know the malware or malware spreading website in order to be able to protect against it. As this is not always possible in the case of highly specialized attacks, Emsisoft relies on a third layer of technology that is extremely difficult to penetrate.

Emsisoft’s behavior analysis constantly monitors the behavior of all active programs. If an active program shows any anomalies that may be indicative of malicious activity, there will be an immediate alert, and the program will be stopped until you make a decision. This enables you to stop malware already active on your PC before any harm can be done. No database or fingerprints are necessary as malware is detected by its behavior, and the technology continually improves with every new behavior pattern detected.

A backdoor Trojan can be disguised in many different ways in order to evade detection by signatures, but there is no mistaking its behavior. Emsisoft Anti-Malware takes advantage of this fact to protect you against the behavior of malicious software from some 20 major categories.

Emsisoft’s behavior analysis has been under development since 2003 and is one of the most powerful, proactive protection suites on the market today. This fact has been proven by numerous tests: Behavior analysis, even on its own, is capable of detecting up to 100% of brand-new malware. See current tests.

Virus scanners vs. virus protection

Many users rely on freeware virus scanners due to the mistaken belief that they offer the best protection. Unfortunately this is not the case, as there are few free programs that include a high quality implementation of more than one of the aforementioned security layers. A weekly or even daily scan using free software may be better than nothing, but does nothing to provide efficient real-time protection against new infections.

A manual scan can only find malware that has already infected your PC. In the case of particular types of malware such as ransomware or rogue antispyware (fake security software) this is already too late as your important personal data is destroyed without any chance of recovery.

In addition, most infections these days occur without you even noticing. Your PC may have been part of a giant network of infected PCs (bot net) for days, sending thousands of spam mails or illegal data – without you even having a clue of what is going on. Nevertheless, you remain personally responsible for this activity.

Some trojans, backdoors or rootkits can be difficult even for experts to find as they infiltrate your system’s core and cover their traces. Multi-layer protection is therefore a minimum prerequisite that your data should be worth.

Developing good security software is cost intensive as there are always new technologies that must be researched and developed, and countless new signatures to be created daily.

Conclusion: Three security layers offers optimal protection

Emsisoft Anti-Malware’s three layers, of surf protection, file guard and behavior analysis work in conjunction to offer optimal protection against online threats. Each layer is specialized in what it does, and with united forces, they are able to ward off online threats effectively.


Have a nice (malware-free) day!

Your Emsisoft Team

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

What to read next