Prevx scored no.1 in test

[PC__Gamer]

Quote:

Originally Posted by Sveta MRG

OK, lets all take a deep breath now

Hi all, this is the last we shall say on this particular matter, else, this could go on indefinitely.
Let us state some facts:

1) It is a fact that it is impossible to guarantee that any system is 100% clean.
2) It is a fact that it is possible to bypass DefenseWalls default protection and download and run malware on the system using standard Windows functionality.

Given these facts, it is also a fact that:

1) Even if DefenseWall had been installed on the “clean” OS to start with, the samples / code / malware used could still have been installed on the system, bypassing Defensewall.

2) When installing DefenseWall on any system, you can never be sure there is not malware on there already, which, with DefenseWalls default settings, will run as trusted.

Given these facts, it is also a fact that:

1) Having the samples installed on the OS to start with / not describing or including an infection vector has made no difference to the validity of the test since they could be placed on the system and run as trusted anyway.

DefenseWall is described by the vendor as:

“the simplest and easiest way to protect yourself from malicious software (spyware, botnets, adware, keyloggers, rootkits, etc.) and identification theft, that can not be stopped by your anti-virus and anti-spyware programs, when you surf the Internet!”

Given the product is described and marketed in this way, it is entirely proper that it should have been included in the test.
As a matter of interest, even if the tests are run as “untrusted”, DefenseWall is still unable to prevent all data being captured.

In conclusion and to repeat:

1) The protection provided by DefenseWall is easily and completely bypassed using standard Windows functionality.

2) Even if we purposefully run the tests as untrusted, Defensewall fails to prevent all data capture and so fails the overall test.
I hope we can now draw a line under this and move on to more productive discussions.

PS. Please do not ask how we bypassed DefenseWall as we will not disclose this publically. We have described the method to the developer and hope he is able to cover this in future releases.

Regards,
Sveta

well, maybe its just me, but i install my security software as my FIRST installation after a fresh OS installation, so id pretty much 100% say, my systems before i install my security are clean. (so, not impossible)

im sure, there are many others who install their security as their first installation after a fresh OS.

if DW says it needs to be installed on a clean system, why test it differently?

also, your stating that DW is easily bypassed but wont state how, what is the developers thoughts on this?

[demoneye]

Sveta MRG

can u test appguard 1.4.7? it provide a protection even if u got infected by monitoring critical system area ..

http://www.blueridgenetworks.com/products/appguard.php

[Sveta MRG]

Quote:

Originally Posted by Pleonasm

Sveta, simply for the sake of transparency, can you please clarify if any of the vendors examined in the Online Banking Browser Security Test (March, 2010) has or had a financial relationship of any kind with the Malware Research Group?

Personally, I do not believe that the existence of a financial relationship between a vendor and a testing organization necessarily implies that the results are illegitimate. Yet, it is always wise, in my opinion, to disclose any such potential conflicts of interest.

Thank you.

P.S.: I hope you do not interpret my question as “confrontational” or “offensive” -- neither is intended.

If you are asking me did someone commission us to conduct this test, the answer is absolutely no. This is an official test and as such, nobody outside MRG knew about it.

You asked me how we are funded. We conduct private testing, analysis and research for numerous vendors. Private tests are not made public and their use is for analysing and improving products only.

If anyone wants to use our tests in any way, they must first purchase a license.

We reserve the right to maintain client confidentiality and therefore will not disclose client names are without their express permission, nor will we disclose fees.

[Sveta MRG]

Quote:

Originally Posted by PC__Gamer

well, maybe its just me, but i install my security software as my FIRST installation after a fresh OS installation, so id pretty much 100% say, my systems before i install my security are clean. (so, not impossible)

im sure, there are many others who install their security as their first installation after a fresh OS.

if DW says it needs to be installed on a clean system, why test it differently?

also, your stating that DW is easily bypassed but wont state how, what is the developers thoughts on this?

Installing security applications first is not a common practice by many people.

You also have to take into consideration that most people stick to their systems for a long time and install applications on it, so in 99% of the cases you can't guarantee that the system is clean.

[PC__Gamer]

well, M.R.G seems to test Prevx's detection, and it always comes off as one of the worst detectors out-there.

Quote:

[b] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\8qwr9xnm\6[1].exe [PX5: 29B2D78080FC083BA197005C8B7D2D0008FE4BB5] Malware Group: Medium Risk Malware
[b] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\3v3y5kgi\ff5bad[1].exe [PX5: 29B2D78080FC083BA197005C8B7D2D0008FE4BB5] Malware Group: Medium Risk Malware
[HP] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\8qwr9xnm\loadpdf[1].exe [PX5: B9653A3F00C93BD26C6C17B34C3E4000A11C2099] Malware Group: Community.Heuristic
[BP] c:\users\168957\appdata\local\temp\teste1_p.exe [PX5: 2D0CB372009BCBE4342105FBFEDF450041B81E51] Malware Group: Medium Risk Malware
[BP] c:\users\168957\appdata\local\temp\avto.exe [PX5: DC9C642F0036B01B4E78046F9292F200AD42F763] Malware Group: Medium Risk Malware
[BP] c:\users\168957\appdata\local\temp\6_ldry3no.exe [PX5: AC48608D0099062D4E2101CF520E7600101EE481] Malware Group: Medium Risk Malware
[BP] (ACTIVE) c:\users\168957\appdata\local\temp\5_odbnsy.exe [PX5: 19C3D9D7001A3E455CD4041FAFE92B00A9FD8B0D] Malware Group: Medium Risk Malware
[BP] c:\users\168957\appdata\local\temp\4_pinnew.exe [PX5: 0532C5FB00848769A2620099C777B800BBD599B9] Malware Group: Medium Risk Malware
[BP] c:\users\168957\appdata\local\temp\2_load.exe [PX5: E22FAB680047B5FD3C2900438BB9320006FCD39F] Malware Group: Medium Risk Malware
[b] c:\users\168957\appdata\local\temp\1your_exe.exe [PX5: 03BF63A400950759540600A9C9330700CCF76496] Malware Group: Medium Risk Malware
[b] c:\users\168957\appdata\local\temp\1268953351.exe [PX5: 062D22A5000E6D79425101D0B2340B00ED6D914E] Malware Group: High Risk Fraudulent Security Program
[b] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\arlbf4gk\2012[1].exe [PX5: 05A0A4CE001ACFDA262401DC9C7520009406AF2F] Malware Group: Medium Risk Malware
[HP] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\whtrukae\e22ec[1].exe [PX5: B9653A3F00C93BD26C6C17B34C3E4000A11C2099] Malware Group: Community.Heuristic
[b] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\arlbf4gk\bt[1].exe [PX5: 52FA7F450043675458D601840E4F07005E70AC4C] Malware Group: High Risk Cloaked Malware
[BP] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\10tkem4e\fid[1].exe [PX5: C27FE74100AA7422167F0392E505E200C59511DC] Malware Group: High Risk Cloaked Malware
[BP] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\arlbf4gk\build6_318[1].exe [PX5: C281A7F400CCF6451A3B05CE00013500C3C9FAED] Malware Group: Medium Risk Malware Dropper
[b] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\76gpp41y\avlck[1].exe [PX5: B88FB32200EFEDD7803E00FE17F33700456B6BFB] Malware Group: Medium Risk Malware
[BP] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\10tkem4e\build6_318[1].exe [PX5: C281A7F400CCF6451A3B05CE00013500C3C9FAED] Malware Group: Medium Risk Malware Dropper
[b] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\10tkem4e\setupxv[1].exe [PX5: A48CB27B597E49DEC1DB55A3FD414300320DF4C9] Malware Group: Medium Risk Malware
[BP] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\10tkem4e\build8_318[1].exe [PX5: C281A7F400CCF6451A3B05CE00013500C3C9FAED] Malware Group: Medium Risk Malware Dropper
[BP] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\1ymrkch3\packupdate_build8_318[1].exe [PX5: C281A7F400CCF6451A3B05CE00013500C3C9FAED] Malware Group: Medium Risk Malware Dropper
[b] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\1ymrkch3\setupxv[1].exe [PX5: A48CB27B597E49DEC1DB55A3FD414300320DF4C9] Malware Group: Medium Risk Malware
[BP] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\10tkem4e\inst[2].exe [PX5: D61F1FF80047661CE21E0F21E858F60073C32D32] Malware Group: Medium Risk Malware Downloader
[BP] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\10tkem4e\inst[1].exe [PX5: D61F1FF80047661CE21E0F21E858F60073C32D32] Malware Group: Medium Risk Malware Downloader
[BP] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\arlbf4gk\inst[1].exe [PX5: D61F1FF80047661CE21E0F21E858F60073C32D32] Malware Group: Medium Risk Malware Downloader
[BP] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\arlbf4gk\inst[2].exe [PX5: D61F1FF80047661CE21E0F21E858F60073C32D32] Malware Group: Medium Risk Malware Downloader
[BP] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\76gpp41y\inst[1].exe [PX5: D61F1FF80047661CE21E0F21E858F60073C32D32] Malware Group: Medium Risk Malware Downloader
[b] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\10tkem4e\inst[3].exe [PX5: 2FE25B4BE1F9E3D10B7300DA6922B200D791E9EA] Malware Group: Medium Risk Malware Downloader
[b] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\8qwr9xnm\inst[2].exe [PX5: 2FE25B4BE1F9E3D10B7300DA6922B200D791E9EA] Malware Group: Medium Risk Malware Downloader
[b] c:\users\168957\appdata\local\microsoft\windows\temporary internet files\content.ie5\8qwr9xnm\inst[1].exe [PX5: 80E14E76716B93FF1924003F05D40A0038619D00] Malware Group: Medium Risk Malware Downloader

I can run as many as possible, ranging from new Zero-day samples, to ones a few weeks, months, it doesn't matter to Prevx, hardly anything gets through Prevx, and this isnt even running highest settings. (High/Med/Med)

according to HMP with all its engines, this was my remaining infections:



Im sure you guys are just right clicking a folder of believed-to-be-infected files and cleaning the machine, seeing which files are left.



* & just because everyone else does, i ran MalwareBytes just to be sure.




So, i decide to find that one missing file (copy>paste to desktop) , and perform a simple right-click scan. (this is after a full advanced system scan - which completed and told me clean/protected)

and now i get this:



I am not sure why Prevx acted like this on that last file, but are we now seeing Prevx perform 100% in one of my own little tests, never seen that before on my machine.


*************

Ok, We are not seeing Prevx get a 100% on my machine, here is the results of that 'delayed detection' on that one remaining file.

Its a screen that ive personally never seen before, and its nice to see. (strange i feel like that really, but i think its good that if the software fails on one file, that this process is not left un-attended )

of course, this has happened during my some-what frequent tests of my software, and this was the only file that Prevx has left through, so VERY VERY impressed.

[PC__Gamer]

the puzzle is not quite over,

although Prevx is saying it has failed in its removal of this one file, MalwareBytes seems to think differently.



however, I think MBAM is incorrect in its assumption, Prevx is correct in its failure, both Prevx and HMP still detect them, gonna try HMP's removal now.

Quote:

False Alarm:


[NF] (ACTIVE) c:\program files (x86)\occt\occtaux.dll [PX5: DC0DA2B9001CD5D8005A0B82666CA800DD9E0D59]
[NF] d:\games\section 8\binaries\vorbis.dll [PX5: 851F19BA8040047DF628044245A5C60061EB5AA2]




TroubleSome file:



[BP] (ACTIVE) c:\users\168957\appdata\local\temp\1_barac.exe [PX5: 1186CBD00081656EAA6C003B4D646500B8188DD0] Malware Group: Medium Risk Malware




T.E Analysis:



File MD5: 0xB9E70E911163A20E1BEA5E3D144FB211
Filesize: 43,520 bytes
Alias:
Packed.Generic.290 [Symantec]
Mal/Basine-C, Mal/EncPk-LT, Mal/FakeAV-BT [Sophos]


Technical Details:


File System Modifications

The following files were created in the system:

# Filename(s) File Size File MD5 Alias / Other Info
1 %System%\13441600.dat 109 bytes 0x064EBF2EB5F4BFAF43F16E78B707856B (not available)
2 [file and pathname of the sample #1] 43,520 bytes 0xB9E70E911163A20E1BEA5E3D144FB211 Packed.Generic.290 [Symantec]
Mal/Basine-C, Mal/EncPk-LT, Mal/FakeAV-BT [Sophos]


Note:
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
The following file was deleted:
c:\boot.ini


Memory Modifications

There was a new memory page created in the address space of the system processes:

# Process Name Process Filename Allocated Size
1 svchost.exe %System%\svchost.exe 57,344 bytes


There was a new service created in the system:

Service Name Display Name Status Service Filename
BrowserDcomLaunch Computer Browser BrowserDcomLaunch "Stopped" [file and pathname of the sample #1] srv


The following system services were modified:

Service Name Display Name New Status Service Filename
ALG Application Layer Gateway Service "Stopped" %System%\alg.exe
SharedAccess Windows Firewall/Internet Connection Sharing (ICS) "Stopped" %System%\svchost.exe -k netsvcs




Registry Modifications

The following Registry Keys were created:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserDcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserDcomLaunch\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserDcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserDcomLaunch\Security
The newly created Registry Values are:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserDcomLaunch\Security]
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrowserDcomLaunch]
Type = 0x00000010
Start = 0x00000002
ErrorControl = 0x00000000
ImagePath = "[file and pathname of the sample #1] srv"
DisplayName = "Computer Browser BrowserDcomLaunch"
ObjectName = "LocalSystem"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserDcomLaunch\Security]
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserDcomLaunch]
Type = 0x00000010
Start = 0x00000002
ErrorControl = 0x00000000
ImagePath = "[file and pathname of the sample #1] srv"
DisplayName = "Computer Browser BrowserDcomLaunch"
ObjectName = "LocalSystem"

To all whom who may be interested, Hitman Pro could not remove it either, both prevx and HMP still detect it.

weird thing is, not only did prevx not immediatly detect it, the prevx engine in HMP is still not detecting it.

just thought id share that.

[Pedro]

Quote:

Originally Posted by Sveta MRG

2) Even if we purposefully run the tests as untrusted, Defensewall fails to prevent all data capture and so fails the overall test.
I hope we can now draw a line under this and move on to more productive discussions.

This is the only thing in your post that's actually of some use. You tested DefenseWall by running the executables as untrusted?
That would be completely different from what you and others implied in previous posts.

[Pleonasm]

Quote:

Originally Posted by Sveta MRG

If you are asking me did someone commission us to conduct this test, the answer is absolutely no.

Thank you, Sveta, for the clarification. In the future, I recommend that you include this information as a footnote in your published “official tests.”

[PrevxHelp]

Quote:

Originally Posted by PC__Gamer

Ok, We are not seeing Prevx get a 100% on my machine, here is the results of that 'delayed detection' on that one remaining file.

Its a screen that ive personally never seen before, and its nice to see. (strange i feel like that really, but i think its good that if the software fails on one file, that this process is not left un-attended )

of course, this has happened during my some-what frequent tests of my software, and this was the only file that Prevx has left through, so VERY VERY impressed.

I'd suspect that if you run another scan, it will likely clean it up. Detection for your sample was added purely automatically after it was seen to bypass Prevx initially on your PC - that screen prevents cleanup from running around and instead tells the user that they will likely need assistance. However, in your case, it looks like detection was added after one scan which triggered the cleanup message erroneously: if we had run a normal cleanup after, it would have likely cleaned it up without a problem.

However, it's definitely worth bringing that screen to public view more so than it has been It is a relatively rare screen to see, but it is how we ensure that our customers receive the best experience. If we see that a sample was not successfully cleaned on the first round, we will immediately send them to that page and tell them to contact our support directly - even if we would clean it on the next scan, it is generally better to have us intervene in case there is an improvement that we can make

[PrevxHelp]

Quote:

Originally Posted by Sveta MRG

Installing security applications first is not a common practice by many people.

You also have to take into consideration that most people stick to their systems for a long time and install applications on it, so in 99% of the cases you can't guarantee that the system is clean.

Sveta has been responding to most of these posts, but I'd like to echo this one in particular. This is precisely the case we see with our users - while it is definitely an ideal situation if you can get a user to install their security (whether it is DefenseWall, Prevx, or any other security product) immediately after installing their OS and then keep it up-to-date, this is an extremely rare case, albeit a common one amongst forums like Wilders.

Users "in the wild" have any number of bizarre pieces of malware already on their PC - while it is still useful to install a security product on top of that, the test which MRG has performed is looking to see the effectiveness of a security product with pre-existing infections, the most likely case for an infection that would steal banking details.

Even if an infection is not pre-existing, in the case of sandboxing applications, the sandbox would have to cover every application all the time and additionally cover every possible point in kernel mode... which is not possible. So, as long as you have an application which can access kernel mode or have one which enters the system through a non-sandboxed program, you will be susceptible to these types of threats. That is where SafeOnline and other products step in - if a threat already exists on the PC before these products are installed, these products try and circumvent the threat while banking online.

Granted, this is not perfect and indeed there is no silver bullet in any of these solutions - SafeOnline is built on top of Prevx 3.0 and many of the other products require the user to use an up-to-date AV solution.

Although it may seem that I am biased because of how SafeOnline scored, I stand behind the methodology that MRG have used as it is valid for testing threats in these conditions.

[pegr]

Quote:

Originally Posted by PrevxHelp

Granted, this is not perfect and indeed there is no silver bullet in any of these solutions - SafeOnline is built on top of Prevx 3.0 and many of the other products require the user to use an up-to-date AV solution.

This is precisely the reason that the MRG test is flawed. SafeOnline has been developed in order to fill a gap left by other security products (including Prevx itself). It's not valid to compare SafeOnline against products that have been designed for an entirely different purpose and which have different operating parameters.

Before SafeOnline was developed, had Prevx anti-malware been included in this test, it might have fared very badly. The methodology used for the test correctly ignored the capability of the products to detect, prevent, and clean malware; as the purpose of the test was to test the ability of the products to protect the browser on an infected system. In this scenario, Prevx would likely have been the first to point out that the methodology was flawed and that Prevx anti-malware must be tested as a whole, including its ability to detect, prevent, and clean; that nothing is perfect and a layered defense is always best, etc, etc.

You just can't take programs using different approaches such as policy restriction, virtualisation, whitelisting, blacklisting, heuristics, HIPS, etc and start comparing them willy nilly with scant regard for what each program does, how it does it, and the range of scenarios that determine and limit its proper use.

EDIT: Minor clarification added.

[Scoobs72]

Quote:

Originally Posted by pegr

You just can't take programs using different approaches such as policy restriction, virtualisation, whitelisting, blacklisting, heuristics, HIPS, etc and start comparing them willy nilly with scant regard for what each program does, how it does it, and the range of scenarios that determine and limit its proper use.

The issues of 'installing the software on a clean system' aside, all of the software tested has specific anti-logger capabilities. The approaches may be different (e.g. HIPS, policy restriction etc) but they all have specific functionality that can be classed as anti-logging. So yes, you can compare the anti-logging capabilities of such programs.

[pegr]

Quote:

Originally Posted by Scoobs72

So yes, you can compare the anti-logging capabilities of such programs.

I take your point but the test was described as an "Online Banking Browser Security Test", not just a generic anti-logging test. Even Prevx anti-malware (minus SafeOnline) on its own has some anti-logging capability.

Of the programs tested, only Prevx SafeOnline and Trusteer Rapport have been specifically designed for the express purpose of browser security on an infected system. Both programs put a wrapper around the browser, operating as a kind of reverse sandbox. IMHO this puts these two programs in a different class to the other programs tested, also witnessed by the fact that both are aiming at gaining acceptance by the banks. In this respect they are direct competitors in a fairly new genre in which there are as yet few players. It didn't surprise me that SafeOnline did so well in this test, but it did surprise me that Rapport did so badly, given that the test methodology was tailor-made for these two programs to shine. For anybody considering deploying online banking security software, it's useful to know how these two programs stack up against each other.

I'm not looking to start a fight, just expressing the view that the test wasn't a level playing field; and I'll say it again - kudos to Prevx for achieving such a good test result, and kudos to MRG for carrying out the test.

[trjam]

It works, just plain works, and that is what some cant stand. To bad, Prevx did it and it is a fact. Perosnally, I am really a follower in the fact Prevx with SafOnline is all you need.

[CloneRanger]

Originally Posted by Sveta MRG

Quote:

Installing security applications first is not a common practice by many people.

He's totally correct, so conducting a test in this manner is more than just appropriate, it is a Real World test. Of course no one can possibly predict exactly what nasties ALL those people out there have already been infected with, but even so it's a very worthwhile exercise, and i wish there where more like it.

[Threedog]

Quote:

Originally Posted by CloneRanger

Originally Posted by Sveta MRG



He's totally correct, so conducting a test in this manner is more than just appropriate, it is a Real World test. Of course no one can possibly predict exactly what nasties ALL those people out there have already been infected with, but even so it's a very worthwhile exercise, and i wish there where more like it.

I agree with the way the test was done also. If the test was about installing on a clean system and then running the malware and using the anti-malware apps as intended, Defensewall and others would have done a lot better, but as the test was about a real world scenario the tests do portray exactly what would be the real world outcome.

[Threedog]

Quote:

Originally Posted by trjam

It works, just plain works, and that is what some cant stand. To bad, Prevx did it and it is a fact. Perosnally, I am really a follower in the fact Prevx with SafOnline is all you need.

For the non paranoid relatively safe surfer Prevx would indeed suffice.

[PrevxHelp]

Quote:

Originally Posted by pegr

Before SafeOnline was developed, had Prevx anti-malware been included in this test, it might have fared very badly. The methodology used for the test correctly ignored the capability of the products to detect, prevent, and clean malware; as the purpose of the test was to test the ability of the products to protect the browser on an infected system.

I think it is crucial to ignore the detection aspects of these products in this test, especially when testing leaktests. It is very easy to detect a single sample, or even a class of samples by behavior, but what happens when the malware authors test their creations against your product until it doesn't detect it any more? It would likely take less than an hour to make a known piece of malware completely undetectable from every AV-style product, so I think taking the detection of files out of the picture is the only valid way to test this type of protection.

[Konata Izumi]

I don't have a clue
but I like PrevX

[Threedog]

Quote:

Originally Posted by Konata Izumi

I don't have a clue
but I like PrevX

That's the spirit Konata!!!!

[LoneWolf]

Quote:

Originally Posted by Sveta MRG

You will see from the methodology that the inactive samples were already on the system

Quote:

Originally Posted by Sveta MRG

Please do not ask how we bypassed DefenseWall as we will not disclose this publically.

Sorry Sveta, Either they were already on the system or Defensewall was bypassed, not both, which is it?


Trust is a big issue with anything security related, be it a security program or security software testing.
Personally I do not trust MRG.

For those who missed this informative thread..............
http://www.wilderssecurity.com/showthread.php?t=251113

[Scoobs72]

Quote:

Originally Posted by LoneWolf

Sorry Sveta, Either they were already on the system or Defensewall was bypassed, not both, which is it?

That's not what Sveta is saying. He is saying that independently of these tests MRG have found a bypass to DW. Hence the argument that DW would have prevented the system being infected in the first place doesn't hold water either.

[DavidCo]

DW was bypassed & then the tests started with samples on the system?

[LoneWolf]

Quote:

Originally Posted by Scoobs72

That's not what Sveta is saying. He is saying that independently of these tests MRG have found a bypass to DW.

Scoobs72, thanks for clearing that up for me. (if it is indeed true)

Yet I still cannot trust MRG.

[Threedog]

Quote:

Originally Posted by Scoobs72

That's not what Sveta is saying. He is saying that independently of these tests MRG have found a bypass to DW. Hence the argument that DW would have prevented the system being infected in the first place doesn't hold water either.

Hope he contacts Ilya with details on the bypass.