MRG Banking Test

Discussion in 'other anti-virus software' started by 1000db, Jun 8, 2011.

Thread Status:
Not open for further replies.
  1. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Where is Spy Shelter?
    Oh, my Neck...:D
     
  2. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
  3. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Congratulations. And yes, my Sumatra can rotate PDFs just fine.
    A minor remark about a PDF that requires >12 rotate clicks to be readable puts you off nowadays? My apologies, your eminence.
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    QFX KeyScrambler Personal & Neo’s SafeKeys are listed as failing, which is a surprise to me !

    Very interesting that Zemana AntiLogger passed ALL tests on 32 & 64 Bit, even though "supposedly" their 64 Bit version offers less protection, as other vendors 64 Bit versions "can" also do, due to PatchGuard.

    Ain't that the truth !
     
  5. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Seems like Zemana are under-selling themselves. There is clearly a way to mitigate MITB attacks under 64bit Windows. Trusteer have done it and Zemana have done it. Prevx fails but claim that Prevx 4 will use a different method of protection that will address this.
     
  6. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,555
    Location:
    New York City
    Zemana is such an easy app to use. Download and it's ready to go. Still available for
    $10.42 here: http://www.programmers.com/ppi_us/Product.aspx?skupart=Z0B 01
     
    Last edited: Jun 9, 2011
  7. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Not to resurrect dead horses, but SpyShelter (SS) is quite adept in this area. However, it is persona non grata with MRG because there is a schism between the SS outfit & the MRG outfit. Regrettable.
     
  8. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    It is indeed adept, however if I recall correctly the 'issue' between MRG and Spyshelter was that MRG saw the alerts generated by SS as ineffective as they were unable to distinguish between the rogue app and the control app. Zemana in contrast could distinguish between the two. My own experience is also that Zemana's alerts are much more intelligent than SS, and hence fewer alerts are generated. When Zemana does pop up an alert you pay attention to it.
     
  9. LODBROK

    LODBROK Guest

    Indeed. Roger. 10-4. Affirmative. :thumb:

    And it's light. Very very light. In fact Zemana is so light my tower floats above my desk like a balloon; if not for the cables it would rise up into the sky and out to space.
     
  10. guest

    guest Guest

    Please read;
    https://www.wilderssecurity.com/showpost.php?p=1704243&postcount=273

    You can change options from high to medium. SS more quiet than before, It has 9700 signers database.

    SS has AntiNetworkSpy protection. Also Zeus, Spyeye or similar malware are not problem for SS. I think Spyshelter can pass this test easly.
     
  11. guest

    guest Guest

    No surprise at all since KeyScrambler only protects against real time capture. Test a product desined for something different remembers me to matousec...
    As they explain in the pdf they capture the data because of a hook in the broswer, so is not real time capture.

    I don't understand why they avoid to test some products that maybe would be able to block this (sandboxie and at least 2 more that have been banned by MRG) and instead they test some products designed for other things. They should explain the difference clearly in the pdf if they want to test them anyway. In they same way they could explained why some of the banned products protect against their simulator but not in the way they want, assuming that the user is a noob.
    At the end they are just testing Zemana, Prevx, trusteer, Protect on Q and them a bunch of products that fails in every single test.

    The test has been only done with IE, what about the other broswers? maybe you are protected against this hook simply using firefox or chrome. Which version of IE are they using? maybe the latest one is not vulnerable. I would like to have some details about this.
    A simple firewall would be able to protect your data.

    Anyway it's an interesting and quite unique test.
     
    Last edited by a moderator: Jun 11, 2011
  12. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    Hi guest,

    If you read the report, we state that we chose the dedicated browser / anti-logging application “which purport to provide security against financial malware and/or identity theft.”

    We included KeyScrambler because they state on their website that “Uniquely protects your Windows Logon and keystrokes in over 170 browsers and applications” AND also have claims such as:

    "The beauty of a program like KeyScrambler is: Once installed, that’s it. Forget about it and let KeyScrambler be another layer of protection in the fight against financial malware."

    And

    KeyScrambler as "an answer" to financial malware attacks.”

    As we explain in the report, real financial malware such as SpyEye etc use MitB attacks and that in reality, KeyScrambler provides no protection against these threats.

    If a vendor is going to claim in public that their product protects against a type of malware – in this case, financial malware, it would be prudent for them to have evidence to prove this – we would be very pleased to examine any evidence that KeyScrambler has been tested against and shown to be effective against the class of malware we refer to in our report.

    You say you don’t understand why have not tested some applications that could have passed the test - such as SandBoxie – and that we have “banned” it from our tests.

    We have not banned SandBoxie, but chose not to include it in the report as it is not positioned as a product which would provide protection against financial malware. Indeed, the author contacted us last year to make this very point. Sandboxie wouldn’t (indeed does not) pass the test in the report and we feel it would be unreasonable to have included it.

    In answer to your question about browsers, his test was conducted using IE9, however, the simulator will work will all the major browsers.

    In terms of your comment about a firewall being able to protect the data – firewalls offer no protection against this or similar attacks.


    Regards,
    Sveta
     
  13. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Hi Sveta,

    Within the context of your selection guidelines, and bearing in mind that you already test DefenseWall which is a similar type of application, do you see AppGuard as a suitable candidate for inclusion in future tests?

    I think there may be quite a few of us who would be interested to see how AppGuard performs in the MRG tests.

    Regards
     
  14. LODBROK

    LODBROK Guest

    So true. :D
     
  15. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209

    Hi pegr,

    We just did a quick test with AppGuard, here are the results:

    On the pre-infected system AppGuard failed on both 32 Bit and 64 Bit systems.

    AppGuard passed on both 32 Bit and 64 Bit systems when the sample was executed in real time.


    Regards,
    Sveta
     
  16. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    Thats great for AppGuard! It was designed as a prevention app anyway; I would be surprised if protected any on a pre-infected system.
     
  17. guest

    guest Guest

    About KeyScrambler, read everything and not just the part you are interested in, if not you are manipulating. This to sentences appears in the main page

    If somebody do not understand english probably he won't be able to read this and understand what the hell is the app about, so he probably will not buy the app either.

    The senteces that you have quoted just say that KS is just another layer of protection against financial malware not the solution to all the financial malware. Like and HIPS and AV both are layers and protection against malware but you can not compare both with the same methodology.

    Thanks for the answers, the same stuff should be written in the report, and about the firewall, sorry but the firewall is able to protect against this attack, the data stored in a local computer has no value, the exploit need access to internet to send the information out, and the firewall will be able to detect it and ask, or block it directly, depend on the configuration
     
    Last edited by a moderator: Jun 11, 2011
  18. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Since the web browser itself has been compromised and of course the firewall allows the browser to connect to the internet how will it be detected?Unless you set up the firewall in ultra popup mode and have it ask permission for each outbound connection and personally check the validity of each one there'll be nothing for the firewall to report upon since it's just the browser doing what it does.
     
    Last edited: Jun 11, 2011
  19. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    Hi Sveta,

    Thank you very much for carrying out this test. It's much appreciated.

    I expected AppGuard to fail on a pre-infected system but it's good news that it did prevent the infection in real-time on both 32-bit and 64-bit systems as that is what it is designed to do.

    It would be nice to see AppGuard included on a regular basis in the MRG tests. For those of us who don't do malware testing, we need testing organisations such as MRG to tell us just how effective these kind of applications really are.

    Keep up the good work. :thumb: :)

    Regards
     
    Last edited: Jun 11, 2011
  20. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)

    Well, I can read English and I can also read this from the Keyscrambler website:

    Which bit of this is not a big advert for Keyscrambler as a mitigation for financial malware? Keyscrambler clearly positions itself as a financial malware solution and therefore is quite correctly included in the MRG test....and fails.


    Dig a bit deeper however, and in an interview between Techrepublic and Qian Wang, Keyscrambler's developer and he states:

    From my reading of such malware, they all use form stealing approaches, rather than keylogging, simply because there is too much information to sift through when keylogging.

    So, yes, Keyscrambler does explicitly advertise itself as a solution for financial malware. And, yes, it fails against form stealing attacks which are the dominant method used by financial malware. If you can present any evidence that keylogging is the primary method used by financial malware (or is indeed used at all) then that would be interesting to see. Otherwise I see the Keyscrambler website as being deliberately misleading with regard to its capabilities against financial malware.


    No, a firewall will not protect you. This type of malware typically injects itself into other valid processes that are allowed outbound access already...which results in no warning.
     
    Last edited: Jun 12, 2011
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Hi Sveta, is it possible for you to test these applications:

    GesWall
    DefenceWall
    SpyShelter
    Comodo Sandbox
    Comodo HIPS

    About AppGuard, did it blocjk the execution of the simulator or it just stopped its keyloging?

    Also I think it will be nice if you add some screenshots of interceptions by the applications that have passed the test.

    Thanks
     
  22. guest

    guest Guest

    If you know how to read, read everything and not just the part you want and you will see that they claim to protect against real time keylogger because KS only encrypts the keystrokes on real time, if you dont understand this you can imagine whatever you want. After something is already written KS can not do anything else, if you write your passwords in a txt file and a malware steal your file there is nothing that KS can do.

    you didn't get it, as I said before if they still want to test it this should be explained in the pdf (like if they want to test winamp against their simulator), testing a product that before start you already know that is gonna fail in every single test due to how it works seems stupid to me, and do it for the second time, even more but each person losses their time as they want.
     
    Last edited by a moderator: Jun 12, 2011
  23. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Sorry guest but you're simply not getting it. The test is about evaluating solutions that advertise themselves as protecting the end-user against financial malware. Keyscrambler advertises itself in that way (as shown above), hence it is valid to be included in the test, regardless of whether informed people know in advance whether it is going to fail.

    Now, if Keyscrambler advertised itself purely as a solution against "Keyloggers" and didn't mention financial malware on its website, then it should not be included in the test. But it doesn't, so it is rightly included in the test. It even mentions Zeus and Carberp on its website! The advertising is very misleading and Keyscrambler deserves to be shown that it fails imo.
     
  24. guest

    guest Guest


    If you know how to read, read everything and not just the part you want and you will see that they claim to protect against real time keylogger because KS only encrypts the keystrokes on real time, if you dont understand this you can imagine whatever you want. After something is already written KS can not do anything else, if you write your passwords in a txt file and a malware steal your file there is nothing that KS can do.

    I'm just saying that they just need to say we dont test KS because the way it works is not designed to protect against this.

    Because is unfair why they don't do the same test using realtime keylogging malware? so we can see which one is better?, of course they have to get $$ with the simulator. In this test seems that this is the only way that your bank passwords can be stolen but there are many more. The test is another lie, seems to be the answer to all the methods of stealing banking passwords and is just 1 simple method and there are many more

    Anyway I understand you, you understand me, but we are not going to think the same xD
     
    Last edited by a moderator: Jun 12, 2011
  25. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    ...then KS should immediately stop their misleading advertising which suggests that it will protect against this sort of malware. If it wasn't for their misleading advertising then they wouldn't have been included in the test. It's very simple.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.