Malware Research Group Rogue Software Infection Prevention test

I want to know where these tests are as well - Maybe SUPERAntiSpyware is SUPERAntiRootkit

 

You've highlighted a major flaw within many tests there.
For me the best products are the ones that offer the highest protection against the most malicious and damaging malware,not necessarily the highest overall detection rate. A product may score a 98% rate,but if the 2% it misses are extremely virulent threats then that product isn't any good to me.Another may miss a lot of minor stuff but block all the worst nasties so despite a seemingly poor rate of detection it may well offer better protection in the real world.

 

dude you said one golden truth, better detection is nothing, ultimate requirement by the end user is always what it detected and how it removes (completely or leave some trails), thats matter dude, i really accepting this line of yours (above quote lines).

 

I couldn't agree more with what you've just said
This test was misinterpreted, we tested with this methodology as we wanted it this way. The idea for this test came when we searched for one very nasty rogue which , at the time, was unavailable for download via URL, instead we found it on RS and it came with a crack..., point is that sometimes your best friend will suggest something which can turn out to be malicious (in this case a rogue).

Using large amounts of samples in tests, especially outdated ones, is becoming pointless as there are many reasons why some applications will not detect something when running an On-Demand scan, but will pick it up in real-time or will remove the threat from the infected system, both Malwarebytes and SuperAntispyware are capable of this.

In my opinion the two most important types of testing are:

1. Prevention - simply because if its not in, its not a threat.

2. Removal - if its in, I want to remove it successfully.

We are currently doing two tests with involve those to, most important, categories.

 

By “prevention,” do you mean “whole-product dynamic testing” as was recently implemented by AV-Comparatives, in which protection was the focus and “threats blocked” was the key outcome metric?

 

IMO, handy-dandy-andy's comments can be construed as a vain attempt to rationalize below-average performance by SAS on this particular test. However, I may be wrongly interpreting the motives.
~~~~~~~~~~~~~~

Prevention?

Removal?

I want security software that puts 99.999% of its efforts on Prevention. Nowadays we have SUPERB imaging software. Ergo, the best response to infection is to restore a clean image, NOT to wasting efforts on "Removal".

 

I'm sure everybody wants as near to 100% as possible. Problem is, with tens of thousands of Malware files released EVERY day, there is always going to be any number that won't be detected for days/weeks even months, sometimes never.

Concentrating on the worst offenders makes sense, as there are only 24 hours in a day, and then it's tomorrow again.

I can't imagine how continually frustrating it must be for all the vendors, i feel for them.

 

If you're referring to my post then yes you did misinterpret the intention behind it.

In fact I was acknowledging a very important point that SAS made that as primarily a complementary product they target their resources toward particularly troublesome malware that main AVs might be missing.It wasn't meant to be seen as an 'apologist for SAS' post at all.

IMO the true efficacy of a product can get clouded by a lot of tests that are all about 'the higher the % the better it is'.All malware is bad of course,but there are varying levels of maliciousness and my point was that the ability to block really damaging,system killing,stuff should be given higher priority when reviewing products rather than just looking at total numbers.Also the more widespread malware is of much higher relevance to the end user rather than an obscure trojan found on some Russian warez site that few will ever encounter and should be acknowledged as such in the ratings.

 

Agree with some above posts.

Honestly, PREVENTION VS DETECTION... Prevention will alway be better. Detection and removal can only detect and remove the bad guys it knows off...Detection is not enough to remove, nor to protect with no matter how many detection based technologies you use. It is NOT enough to say use 3 detection based products as layered security... You need that PREVENTION and CURE (Backup) In between.

People need a prevention based approach against malware, and detection second.

 

I completely agree. In fact, you can mount a saved image as a virtual volume and run an anti-malware scan on it before the restore operation, to ensure that the PC will be free of malware infections when that image is restored. It only takes about 10 minutes to do a restore of an operating system volume, so it’s all quite simple and trouble-free.

 

you mean an on-demand scan?

 

Yes. Of course, it’s possible that malware will be missed in an on-demand scan, but it nonetheless should enhance the user’s confidence that a saved image is free of malware before going through the effort of restoring the image.

Alternatively, a user could also restore the image to a virtual machine and inspect it for malware in that way, too (e.g., boot the VM using the Norton Bootable Recovery Tool disc in the case of Norton Internet Security). However, such a procedure is more time consuming.

 

Sorry, I dont trust opening PDFs from unknown URLs

 

I question the use of 'Rogue Software Infection Prevention'.
If you are stupid enough to download and install a rogue, you shouldn't expect software to prevent that or to remove the rogue !
Pointless IMO. No security software can be 100 % effective against these 'threaths'. With the exception of anti-executable software, rollback systems, SPR+LUA (?) and perhaps a few more.

If you want to protect someone else from these threaths, and that person cannot understand and handle the risk of downloading rogue software, anti-executable software, rollback systems, SRP+LUA (?) will be much more effective than the products mentioned in the tests. Although MBAM supposedly excels in removing rogue software, but I have never used it.

 

In my view it is regretable that those who do not have much expertise in the field of computers and/or computer security are considered stupid when they get infected.

I know people who have gotten infected, and recently one who got a rogue, that are not stupid. A lack of knowledge in a certain field does not equate to stupidity.

Regards,
Jerry

 

I agree with you, Jerry. The correct word is "ignorant", NOT "stupid."

 

Isolate the PDF viewer. In GeSWall I Trust.

 

I'm not trying to contradict you, but this rumor goes around the Internet whereby up to 50,000 new pieces of malware are churned out everyday on the web...
True or false, I personally believe that this number is at best FUD or at worst one will have to admit that there is a certain symbiotic relationship between malware writers and AV companies. I don't believe in vendors' frustration, on the contrary it is their bread and butter.

My other question is, 50,000 a day OK, but where are they? It is becoming more and more a conceptual war, and in the rare event your defenses might fail, Bellgamin is right, restoring an image takes about 10 minutes, no downtime looking for that elusive application that will clean up your machine.

 

I also think the number of malicious files released each day is overstated.
FUD indeed.
And I don't think the Anti-this and Anti-that companies are "continually frustrated".
Far from it.
It's all cha-ching for them.
On the other hand, a company that does poorly on a test and then claims it was because they focus on the "really nasty stuff", and the tests don't cover that... well,
I think that is a load of crap too.
You really have to pick your way carefully through the maze of experts and snakeoil salesmen, and select the product or products you feel most comfortable with.
A lot of times there isn't really a concrete, scientifically justifiable reason why you don't want a security software on your system, but you just have a bad feeling about the company.
In those cases, don't ever fail to listen to your own inner senses.
Trust yourself.
And your back up plan.

 

For argument’s sake, let’s assume that the number is overstated by a factor of 10. That implies that there are still about 5,000 new malware instances released into the wild each day. Either way, the real-world conclusion remains the same: you need a good anti-malware product protecting your PC.

Yes, comparatives should be an important consideration in choosing an anti-malware product -- but not the only criterion.

 

All right, 'stupid' is perhaps the wrong word.

Ignorant ? The computer is a device. If you use a device, shouldn't you know how to operate it ?

Having a computer connected to the internet without knowing how a computer works or how the internet works, is a bit like driving a car without a driver's license. Using a computer this way can be very dangerous.

 

I'd like to know how bluepoint stopped every rogue.

Over the past few days ive tested it against over 40 rogues and it stopped 3 from installing and running.


...?

 

Hi Fly,

Most use a computer as a tool. It is not necessary to know a lot of detailed information as to the inner workings, and I confess I know little. Yes we generally know how the internet works, and how to operate a computer. We also recognize that there are a lot of "baddies" out there.

Because I have been a member here for a long time I do know something about AV applications, and the need for layering, as my sig indicates. But almost everyone I know, when I ask them what AV they are using reply that they use whatever their provider gives them. That is usually McAfee, but not always. They do not have a clue about applications such as MBAM, or that their AV alone might not catch a rogue, for instance.
They are not worried, and not interested in whatever else is needed.

Most of them never get infected.
But they are not stupid or dumb. However, they are ignorant of computers and computer security.

One can drive a car without understanding how it works, but that does not make them dumb, just ignorant. If your car broke down could you know how to fix the computer?

I have in the past detected a degree on disdain for those not well versed in computers, and comments such as yours and others like, "Don't trust tests by others, but test it yourself." Such a statement indicates a lack of understanding about people, and their interest in computers. Also most of us do not have a clue as to how to conduct a test of anti malware and security applications.

I would have no idea how to test a firewall as Matousec has done. Yet I am advised to ignore those tests and do it myself. Such is not helpful.

So please understand that a very small percentage of users have your understanding of computers, and do not look with disdain upon them. Many know things that you don't. Each of us is ignorant in some areas.

Regards,
Jerry

 

How remarkable that BluePoint Security comes out on top after all this intensive testing and even receives an 'MRG Award'. Sveta, may I ask what exactly the involvement of Zorin Nexus Ltd. has been in these tests?

http://malwareresearchgroup.com/forum/viewtopic.php?t=303

https://www.wilderssecurity.com/showthread.php?t=260978&highlight=bluepoint security

 

I fail to see that anything is remarkable. Both MBAM and BPS blocked all the samples used - that is why we gave them an award - just like we gave awards to other products which passed our tests before.

Zorin Nexus is our Reseaarch Directors company. We put the copyright in its name as it is a registered company and can therefore be used to inforce the copyright more easily / take action against anyone who tries to publish the material without our consent. Zorin Nexus has no involvement in the tests - it is a business process outsourcing company focusing on training services.

And what is the point with you pasting the Russian Mafia topic form our site? It is a fact, few hackers have spoken about it... those activities have been also added to Wikipedia's page about Russian Mafia.