Hey guys,

From reading threads on the Prevx board, I saw that a new site was testing anti malware apps and I was wondering what everyone thought of some of the results they were finding.

Appears that Prevx didn't do as well as I would have liked.

It looks like they are quite thorough in their tests, at least as far as I can tell.

Any opinions, and is their site reputable as far as you know?

If this is the wrong place to post this, please feel free to move it.

Here's a link to the site.

http://malwareresearchgroup.com/forum/index.php

This has been discussed in the Prevx section and the Anti Virus section of Wilders. You can check out the replies there.

MRG Tests are Untrustworthy And the ones that run them are Untrustworthy I would take there advice with a grain of salt!

Read this whole thread and you be the Judge! http://www.wilderssecurity.com/showthread.php?t=251113

TH

-{ Quote: "MRG Tests are Untrustworthy And the ones that run them are Untrustworthy I would take there advice with a grain of salt!

Read this whole thread and you be the Judge! http://www.wilderssecurity.com/showthread.php?t=251113

TH" }-

Untrustworthy, why? What proof we saw of all the accusations? Do we associate with ssupdater, I guess as much as http://microsoft.ssupdater.com/ (http://microsoft.ssupdater.com/)does. Do we associate with and send "massive" amounts of samples to COMODO, or to be more precised our member languy99 (he is a moderator of COMODO forums) does, here is what he said about it http://malwareresearchgroup.com/forum/viewtopic.php?f=17&t=87.
Are we an anonymous organization? You can see our names, address, phone number...;)

I would like to be able to come to Wilders and answer questions about our tests and not gossip, this place is very important for the whole internet community and can be helpful for many users, would be great if everybody concentrated on precisely that.

Regards,
Sveta

It was proven by Paul Wilders in that thread the I referred to! Why don't you go back and read that thread!

TH

-{ Quote: "It was proven by Paul Wilders in that thread the I referred to! Why don't you go back and read that thread!

TH" }-

I did, then I made my comment;)

-{ Quote: "I did, then I made my comment;)" }-i like the test you make and i want to say thanks:thumb:keep doing what you are doing and please let us know of any new tests please:)

-{ Quote: "i like the test you make and i want to say thanks:thumb:keep doing what you are doing and please let us know of any new tests please:)" }-

Happy to do that, thanks for the kind words.

Regards,
Sveta

And also with what Chris has said about the Prevx test sounds really TRUSTWORTHY? ::)

http://malwareresearchgroup.com/forum/viewtopic.php?f=20&t=165

TH

-{ Quote: "And also with what Chris has said about the Prevx test sounds really TRUSTWORTHY? ::)

http://malwareresearchgroup.com/forum/viewtopic.php?f=20&t=165

TH" }-

What exactly are you referring to? If you are talking about Prevx, they were aware of how the test was conducted. Do we need to get into details here, I would be happy to;)

-{ Quote: "MRG Tests are Untrustworthy And the ones that run them are Untrustworthy I would take there advice with a grain of salt!

Read this whole thread and you be the Judge! http://www.wilderssecurity.com/showthread.php?t=251113

TH" }-

TH,

Thanks for the link. I don't know how I missed that thread.

I would have never started this thread if I had seen that other one.

I hate to rehash old news.

Thanks again.

Sometimes i can actually reach that website, but most of the time i get that "Cure" page. Cure, mmm....

-{ Quote: "Sometimes i can actually reach that website, but most of the time i get that "Cure" page. Cure, mmm...." }-

http://www.projecthoneypot.org/ That is why;)

Regards,
Sveta

I fail to see what that has to do with me.

-{ Quote: "I fail to see what that has to do with me." }-

Your IP must be in their database, that is why you get the "cure" page and can't access the site.

Regards,
Sveta

-{ Quote: "What exactly are you referring to? If you are talking about Prevx, they were aware of how the test was conducted. Do we need to get into details here, I would be happy to;)" }-

Hey if you don't understand what UNTRUSTWORTHY means look it up! Many here and at other security sites don't treat your tests as Trustworthy tests so why would one recommended your site for test results on security products?

TH

TH, give it a rest, they lost all credibility a long time ago and nothing will change that. Dont feed the monster.;)

-{ Quote: "TH,

Thanks for the link. I don't know how I missed that thread.

I would have never started this thread if I had seen that other one.

I hate to rehash old news.

Thanks again." }-

Not a problem Buddy the proof is in the pudding!

TH

-{ Quote: "TH, give it a rest, they lost all credibility a long time ago and nothing will change that. Dont feed the monster.;)" }-hey you have a similar set up as mine;D congrats;)

-{ Quote: "Hey if you don't understand what UNTRUSTWORTHY means look it up! Many here and at other security sites don't treat your tests as Trustworthy tests so why would one recommended your site for test results on security products?

TH" }-

Hold on, don't you mean the same group of people here and on other security sites...

Why would one recommend our tests? Well if you don't like them, I'm not asking you to;)

Regards,
Sveta

-{ Quote: "hey you have a similar set up as mine;D congrats;)" }-
The night aint over yet my friend, I actually have ESS loaded on all computers. I am having trouble understanding Defensewall. I went to a rogue site and loaded one of the fake AVs. After ending it I ran MBAM that found 15 infections, so what was Defensewalls role?

-{ Quote: "TH, give it a rest, they lost all credibility a long time ago and nothing will change that. Dont feed the monster.;)" }-

Yea I know I might as well go hit my head against the wall :P But the truth is the truth ;)

TH

-{ Quote: "Hold on, don't you mean the same group of people here and on other security sites...

Why would one recommend our tests? Well if you don't like them, I'm not asking you to;)

Regards,
Sveta" }-

Don't worry I wont and never will!

TH

-{ Quote: "Your IP must be in their database, that is why you get the "cure" page and can't access the site.

Regards,
Sveta" }-
Your website is among the list of 2 websites i ever saw with this. If i met more, they never blocked me, ever. You might want to look into it.

Edit: the other website might actually be yours now that i think of it.

-{ Quote: "The night aint over yet my friend, I actually have ESS loaded on all computers. I am having trouble understanding Defensewall. I went to a rogue site and loaded one of the fake AVs. After ending it I ran MBAM that found 15 infections, so what was Defensewalls role?" }-defensewall will never allow any changes to your system those rouges were there but dead/freeze ;) can not do any harm to your pc,just hit stop attack bottom and end of story,plus by using the rollback feature tool,you are able to remove all malware traces:thumb: and your mbam will not pick up nothing and if you noticed after cleaning your temp files you will never find any malware when you have defensewall:thumb: trust me on this one defesewall will save your bacon

-{ Quote: "Your website is among the list of 2 websites i ever saw with this. If i met more, they never blocked me, ever. You might want to look into it.

Edit: the other website might actually be yours now that i think of it." }-

Well I know hundreds of sites that use that service, you can contact them and they will remove your IP asap.

Regards,
Sveta

I did hit stop attack after installing. The ran MBAM with 15 active detections. I know what you are saying I think, but from a consumer view how does this work.

-{ Quote: "Well I know hundreds of sites that use that service, you can contact them and they will remove your IP asap.

Regards,
Sveta" }-
I just tried the link in Prevx thread and i got in.. i think that thing - not the Honey project thing, but your script or something - is broken somehow.

Wish I could remember what test it was, but about 1-2 years ago there was a test of various anti-malware applications including Prevx.
As it turned out Prevx had one of the poorer showings, and AV suites like KIS did much better.

There has been a lot of hype from time to tiime re Prevx, but the few tests I have seen do not bear out that it is an effective application compared to others.

Regards,
Jerry

-{ Quote: "Untrustworthy, why? What proof we saw of all the accusations? Do we associate with ssupdater, I guess as much as http://microsoft.ssupdater.com/ (http://microsoft.ssupdater.com/)does. " }-The point was not that ssupdater had subdomains using other website names like this microsoft example. The point was that your website, malwareresearchgroup.com, had links to "mrg.ssupdater.com" coded in your contact pages.

You have cleaned up those pages since it was last discussed, but, the google cache still has a copy of some of your pages containing the "mrg.ssupdater.com" links:

http://74.125.93.132/search?q=cache:yChTsH9In3wJ:malwareresearchgroup.com/%3Fpage_id%3D4%26rurl%3Dtranslate.google.com%26usg%3DALkJrhjq8DqwqddI990kfgNtZdPM3sNuow%26lang%3Dgl+mrg+site:malwareresearchgroup.com&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a

If you mouse-over the Info@MalwareResearchGroup.com link, you see the link underneath points to "http://mrg.ssupdater.com/info@malwareresearchgroup.com"

That's what the discussion was about before, the content of your own contact page, not whether ssupdater had a subdomain called mrg.ssupdater.com. No matter what subdomain a website like ssupdater might make, that doesn't cause other websites like yours to have code imbedded in them pointing to that other website. You did have mrg.ssupdater.com code in your webpages. That's why people said there was a relationship between you and them, why else would you have coded their website links into your contact page?

-{ Quote: "The point was not that ssupdater had subdomains using other website names like this microsoft example. The point was that your website, malwareresearchgroup.com, had links to "mrg.ssupdater.com" coded in your contact pages.

You have cleaned up those pages since it was last discussed, but, the google cache still has a copy of some of your pages containing the "mrg.ssupdater.com" links:

http://74.125.93.132/search?q=cache:yChTsH9In3wJ:malwareresearchgroup.com/%3Fpage_id%3D4%26rurl%3Dtranslate.google.com%26usg%3DALkJrhjq8DqwqddI990kfgNtZdPM3sNuow%26lang%3Dgl+mrg+site:malwareresearchgroup.com&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a

If you mouse-over the Info@MalwareResearchGroup.com link, you see the link underneath points to "http://mrg.ssupdater.com/info@malwareresearchgroup.com"

That's what the discussion was about before, the content of your own contact page, not whether ssupdater had a subdomain called mrg.ssupdater.com. No matter what subdomain a website like ssupdater might make, that doesn't cause other websites like yours to have code imbedded in them pointing to that other website. You did have mrg.ssupdater.com code in your webpages. That's why people said there was a relationship between you and them, why else would you have coded their website links into your contact page?" }-

That was disclosed in full on our website, you can see that one name missing from that list, you can figure out on your own what happened;)

And let me assure you for the last time, we are not associated with them or any other website.

-{ Quote: "Wish I could remember what test it was, but about 1-2 years ago there was a test of various anti-malware applications including Prevx.
As it turned out Prevx had one of the poorer showings, and AV suites like KIS did much better.

There has been a lot of hype from time to tiime re Prevx, but the few tests I have seen do not bear out that it is an effective application compared to others." }-
You mention a test from "1-2 years ago" where "Prevx had one of the poorer showings". Then you mention a "few tests" that you have seen that say it is not effective. I'd love for you to be more specific.

Here is a test (http://www.pcmag.com/article2/0,2817,2346862,00.asp) from 6 months ago where Prevx "does a great job".

-{ Quote: "Prevx detected a larger percentage of malware than any of the other products in this test, and it tied with Webroot for best detection of keyloggers and rootkits. " }-
-{ Quote: "While designed to work comfortably with other security tools it proved more effective overall than the top signature-based products. " }-
I have yet to see a valid test where Prevx performs poorly, so please try to present the links to substantiate what you are claiming. :)

-{ Quote: "I did hit stop attack after installing. The ran MBAM with 15 active detections. I know what you are saying I think, but from a consumer view how does this work." }-

If you right click on the files and select DW then properties, it will show the file as untrusted meaning it can do no harm. To get rid of them you can use DW's file and registry tracks rollback or an on demand scanner to clean them up.

-{ Quote: "You mention a test from "1-2 years ago" where "Prevx had one of the poorer showings". Then you mention a "few tests" that you have seen that say it is not effective. I'd love for you to be more specific.

Here is a test (http://www.pcmag.com/article2/0,2817,2346862,00.asp) from 6 months ago where Prevx "does a great job".



I have yet to see a valid test where Prevx performs poorly, so please try to present the links to substantiate what you are claiming. :)" }-
with all due respect Page, he is likely comparing it to the orginal Prevx. Having said that, I do know its detection ability are very good but honestly feel that SafeOnline is a total waste of resources that Prevx may regret in time. A sandbox was orginally planned and their reason stated, even though it did not say it, came down to money and investment, bottom line.

-{ Quote: "If you right click on the files and select DW then properties, it will show the file as untrusted meaning it can do no harm. To get rid of them you can use DW's file and registry tracks rollback or an on demand scanner to clean them up." }-
thank you, how do I know which file that is?

trjam, I'm not overly enthused about SafeOnline myself. I tend to agree with your statement about it being a waste of resources... but we stray from the topic, don't we. ;)

-{ Quote: "hey you have a similar set up as mine congrats" }-
-{ Quote: "The night aint over yet my friend..." }-
What a classic reply! :thumb:

Hi Page42

I wish I had the link, but I have never had an interest in Prevx. It was just a matter of interest at the time since there had been a lot of folks praising it. It missed, if my memory serves, 5 samples and was one of the worse of the applications tested. It did convince me that I did not need it, and I have never had a reason to change. Since I had no interest I did not bookmark the link.

I have no dog in this fight, but commented because it is always the case that when a test is conducted, and someone’s favorite rates low, then the claims are that the test is not valid. I am sure I have ever seen an exception to that. I don’t know how valid anyone’s test is from a technical standpoint as I have no expertise in these areas. However, I place more trust in IBK than anyone. I just wish he would test applications such as Prevx.

Although many always disparage tests by PC Mag, I see no reason why their tests are seriously flawed, as some claim, and generally accept their ratings. However, I prefer to use a minimum of applications, and have stayed clean for the 10 years I have owned computers primarily counting on good AVs and firewalls.

“I have yet to see a valid test where Prevx performs poorly, so please try to present the links to substantiate what you are claiming. ”

Maybe the test I saw was not valid, and I am sure some claimed it was not.;D

Regards,
Jerry

-{ Quote: "thank you, how do I know which file that is?" }-

Look at the DW file and registry tracks screen and you will see all the files and registry keys for the infections that MBAM found. There you can rollback or delete as desired. Below is the definition of delete and rollback from the DW help docs:

Delete: Will remove an item or set of items from the list and delete all files and registry keys from your hard drive. Use with caution!


Rollback to: Will remove an item or set of items that were created after the item selected and erase files and registry entries from your hard drive. Use with caution!

Hope that helps.

-{ Quote: "I have no dog in this fight, but commented because it is always the case that when a test is conducted, and someone’s favorite rates low, then the claims are that the test is not valid." }-
I think that there are more objective souls out there than you give credit for. Count me as someone who wants to see a test where a program I am using performs poorly... if such a test exists. And I doubt that I am alone in that sentiment. Show me evidence that I am using something that is failing tests, and I will reconsider my security setup. That only makes sense to me. And it is the only reason I asked you to provide links.

Does anyone know anything about MRG? They have always seemed to me like a bunch of wankers with little/no academic or professional credentials playing with some malware they have found. No design of experiments or sample selection, too small a sample to hope to wash those types of problems out, little real information on the experiment setup. At least they don't seem as hostile toward the community as SSUpdater (I was around for their Comodo fiasco as a moderator) although some of the same players seem to pop up. Hard to argue with "we collected a bunch of uncharacterized data, ran it against some programs, here are the results, YMMV". But is this science/engineering or another high school science project? And does arguing about the results make any sense?

Rather than go through another round of comments on the subject of this thread, see this thread instead.

http://www.wilderssecurity.com/showthread.php?t=251113