New MRG test results

[jmonge]

threatfire and PR Guard both fail this test

[Triple Helix]

Quote:

Originally Posted by jmonge

threatfire and PR Guard both fail this test

You better find something else to try Timmie's sounds good about now Extra Large Double Cream!

TH

[jmonge]

you know what i am mad now i am going to drink coffee at timies untill i get really drunk

[Noob]

Lol can't believe Zemana is so good in this test O_o
How do Zemana protects on already infected systems if it doesn't scans?

[CloneRanger]

@jmonge and Triple Helix

Quote:

Originally Posted by jmonge

threatfire and PR Guard both fail this test

You mean PEGuard methinks

[jmonge]

yes thanks ranger for the correction

[Sveta MRG]

Quote:

Originally Posted by jmonge

threatfire and PR Guard both fail this test

Hi,

In our unofficial part of the test we are testing quite a few applications. First round will include GeSWall, ThreatFire and PE Guard.
These applications are being tested using various settings, so if you see their name on the test site, that does not necessarily mean that the program in question failed the test.

Unofficial test results coming soon

Regards,
Sveta

[Sveta MRG]

Quote:

Originally Posted by Noob

Lol can't believe Zemana is so good in this test O_o
How do Zemana protects on already infected systems if it doesn't scans?

Hi,

Zemana has SSL protection technology - and this is enabled as a default setting. Zemana detects the action of the simulator and displays a clear warning via its HIPS function - but will also prevent data theft, even if you allow the action because of the SSL protection technology.

Regards,
Sveta

[jmonge]

thanks alot Sveta for your value tests and time thanks again man

[Triple Helix]

@Sveta where are the recent results?

TH

[CloneRanger]

http://malwareresearchgroup.com = So ?

[Sveta MRG]

Day 20 results published.

Regards,
Sveta

[jmonge]

thanks Sveta

[aigle]

Quote:

Originally Posted by Sveta MRG

Day 20 results published.

Regards,
Sveta

waiting for geswall results!

[Sveta MRG]

Day 24 results published.

In the latest report we have included the results for ThreatFire, GeSWall and PE Guard.

Regards,
Sveta

[jmonge]

where are the results for PE Guard as i dont find it?

[Sveta MRG]

Quote:

Originally Posted by jmonge

where are the results for PE Guard as i dont find it?

Check the bottom of the report

Regards,
Sveta

[jmonge]

thanks sveta

[Sveta MRG]

Hi,

For the last few days of this project, we will be taking more requests from you. If you wish us to test additional applications (that are suitable for this test), feel free to let us know. Also you may request particular settings ect.

Regards,
Sveta

[BoerenkoolMetWorst]

It would be interesting to see if the simulator can also capture data from a sandboxed browser, Sandboxie would be a good choice for that. Also, quite some of the security suites have some kind of "safe run" or sandbox for browsers, testing those would also give us some indication about which also have good protection from the outside, not just the inside(malware and drive-by downloads etc.)

[1000db]

Quote:

Originally Posted by Sveta MRG

Hi,

For the last few days of this project, we will be taking more requests from you. If you wish us to test additional applications (that are suitable for this test), feel free to let us know. Also you may request particular settings ect.

Regards,
Sveta

Please test the latest Appguard version and the beta with MemoryGuard.

[shadek]

I'd like to see Immunet 2.0 in the test.

[Eirik]

Quote:

Originally Posted by 1000db

Please test the latest Appguard version and the beta with MemoryGuard.

Unfortunately, MemoryGuard is not supported on WinXP. We're researching the practicality of implementing it there but this may never bear fruit.

So, the only differences between the new AppGuard for XP (next month) and the current production version is that rundll32.exe, cmd.exe, and regsrv.exe (I'm not certain about the exact executable name) are to be guarded by default, and more types of scripts in user-space are suppressed.

AppGuard is primarily a preventative tool. Once AppGuard has been intentionally disabled to allow the simulator to run from user-space, AppGuard would not prevent it from stealing data.

There are other mechanisms in our trusted enclaves framework that can address this in whole or in part in the future. However, in the interests of a user-friendly consumer experience, we have already begun reserving some capabilities for the enterprise versions. On Vista and 7, versus XP, we have options such as MemoryGuard and others that can do more to counter pre-existing malicious executables.

Cheers,

Eirik

[aigle]

Quote:

Originally Posted by Sveta MRG

Hi,

For the last few days of this project, we will be taking more requests from you. If you wish us to test additional applications (that are suitable for this test), feel free to let us know. Also you may request particular settings ect.

Regards,
Sveta

Can you explain how the DefenceWall Passed and GesWall failed the test?

Did geswall allow the data to be captured ans sent over internet?

[Sveta MRG]

Quote:

Originally Posted by aigle

Can you explain how the DefenceWall Passed and GesWall failed the test?

Did geswall allow the data to be captured ans sent over internet?

Hi Aigle.

In terms of an explanation, until we liaise with the vendors and discuss the action of the simulator with them, we really don’t have any clear technical detail for you.

You should consider that both GesWall and PrefenseWall fail the pre-infected system test and both pass if the simulator is run as un trusted / isolated.

We are contacting all the vendors over the next couple of days and hope to be able to provide some more detail for you soon.

In answer to your question – for the test where the infection is downloaded and executed on a system protected by the security application, GesWall failed to alert on the action of the simulator and consequently, it was able to capture data and send it to us.

Regards,
Sveta