How to use Emsisoft Surf Protection to prevent malware entering your PC
Would you rather your home security system removed an intruder after they entered your home or stopped them before they could even open the front gate?
The latter is obviously preferable. Emsisoft’s Surf Protection component is built with this basic premise in mind.
Real-time protection components are only able to detect malicious software after your system has been hit with a dangerous file. Ideally, your antivirus software should be able to intercept malware before it touches your PC. This is precisely what Emsisoft’s Surf Protection is designed for.
What does Surf Protection actually do?
Surf Protection keeps watch as you browse the web and warns you the moment you try to access a malicious website. By blocking your connection to dangerous hosts, Surf Protection prevents data from being exchanged and minimizes the risk of malware infecting your machine.
A host can be defined as a website domain such as www.google.com or an IP address that might contain data for several domains. Hackers often use single physical servers with unique IP addresses that dozens of different domains point to. Emsisoft’s Surf Protection is able to detect new malware domains reliably and halts all exchange of data – unless you as the user explicitly grant access.
One of the key benefits of Surf Protection is that it intercepts connections at the Windows system level. This ensures that Surf Protection works with all browsers, and doesn’t require compatibility updates whenever a new version of your browser or browser plugin is released.
How does Emsisoft’s Surf Protection recognize suspicious hosts?
In addition to a massive collection of conventional malware signatures, Emsisoft Anti-Malware also has a huge database of known malicious hosts. The data is gathered from publicly available lists, intel from specialized companies that Emsisoft has partnered with, and verified user submissions. To keep the database up to date and provide maximum security against the latest malicious websites, new threats are continually added and the list is updated every 15 minutes.
There are four categories of suspicious hosts:
- Malware hosts: Suspected to spread malicious software such as bots, ransomware, trojans, adware, rootkits or viruses.
- Phishing hosts: Steal passwords and other private data via fake websites.
- PUP hosts: Engaged in distribution of potentially unwanted programs.
- Privacy risks: Hosts that are used for advertising or tracking.
Malware, phishing and PUP hosts are automatically blocked as they are generally undesirable. Hosts that fall under the “privacy risks” category are not automatically blocked as this group includes a large number of websites that claim to be legitimate. Among these, for instance, are all sorts of advertising networks that track their users across the Internet to create surf profiles.
You can change the default settings via Protection menu > Surf Protection and selecting an option from the Privacy risks dropdown menu.
After changing the default settings for Privacy risks to “Alert”, you will typically see an alert similar to the one below when trying to access a benign website such as www.hitlink.com. This can be confusing for less experienced PC users, so we’ll explain the reasons for this in a moment.
Google Analytics is a tracking service that evaluates a user’s behavior in order to provide its operator with statistical data. Advertising networks take it one step further by, for example, displaying personalized banners. While this is considered dangerous per se, it is nevertheless the user’s prerogative to decide for themselves what constitutes an invasion of their privacy.
In the event that Surf Protection blocks a host that is classified as a privacy risk, the originally requested website will probably still load. This is due to the fact that most websites utilize third-party domains to display their advertisements and provide their tracking functions. As a result, only the advertisements and functions related to these third-party domains are blocked (this is the cause of the alert in our example image above when accessing hitlink.com).
How to configure Surf Protection
Emsisoft Anti-Malware’s default settings offer maximum security and are simple to use. However, you can change the settings at any time to meet your individual needs.
1. How to view custom blocked hosts
Protection menu > Surf Protection > check Hide built in list
You can see the list of all custom blocked hosts by clicking Protection menu -> Surf Protection. By clicking on the checkbox “Hide built in list” in the top right, you will see only customized rules. You can also find individual entries by using the Search bar.
2. How to check if a host is on the built in list
Protection menu > Surf Protection >uncheck Hide built in list > Search for host
As noted, Emsisoft’s built-in host list is fairly comprehensive, but if you want to confirm that a certain host is blocked you can do so by using the Search function and unchecking “Hide built in list”.
3. How to import hosts file
Protection menu > Surf Protection > Import hosts file > select hosts file > select Implemented action > OK
The hosts file is part of Windows and is located in c:\windows\system32\drivers\. It is used for overriding DNS settings by redirecting certain domains to certain IP addresses in a targeted manner. Various hosts file lists are available to download online and this has been a popular method used by people to build their own form of “surf protection” with tools that come with Windows. Malicious domains are then redirected to the local IP 127.0.0.1, which neutralizes them.
There are some disadvantages to this approach, though. You never know when a connection has been redirected, and a large hosts file can slow down your system’s performance. There are also no automatic updates, so you have to keep your hosts file list up-to-date yourself.
If you wish to use third-party hosts file lists, we recommend you import them directly into Emsisoft Anti-Malware instead, by using the “Import hosts file” option which allows you to import individual entries as well as larger lists in one go. Unlike using a custom Windows host file, importing a third-party list into Emsisoft Anti-Malware’s Surf Protection, will not slow down your system. Use of third-party lists is purely optional – most entries are already on the built-in list that is updated every 15 minutes.
4. How to change block and notification rules
Protection menu > Surf Protection > select option from hosts dropdown menus
Host rules feature the following modes:
- Don’t block: Allows access to the host without asking.
- Alert: Alerts about access, and lets you decide whether to block or to allow it.
- Block and notify: Blocks the connection automatically and displays a notification pop-up window to let you know about it.
- Block silently: Blocks the connection, but does not show any notification.
We recommend using the default setting “Block and notify” so that you will know immediately when a connection has been blocked. This may keep you from wondering why a certain website has not loaded.
5. How to clear all custom hosts
Settings menu > General > Factory defaults > check “Host rules” only > OK
The fastest way to clear the entire list of custom hosts is to use the “Restore to factory defaults” function and ensure that “Host rules” is the only category that is checked.
Maximum protection against phishing
Phishing remains one of the most popular attack vectors among cybercriminals due to the fact that it’s far easier to fool humans than machines. In many cases, phishing websites and emails look indistinguishable from the real thing, save for a slightly modified domain name. When you unwittingly enter your username and password into these sites, you’re inadvertently sending your login credentials straight into the hands of the bad guys.
Emsisoft Anti-Malware with its sophisticated Surf Protection module is specifically designed to detect most phishing sites and block any connection attempt to them, thereby protecting you against phishing in the best possible way.