Matousec: Proactive Security Challenge 64 (bits)

Discussion in 'other security issues & news' started by guest, Dec 11, 2011.

Thread Status:
Not open for further replies.
  1. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Re: Proactive security challange 64 bit

    True! :D
    Miss that but oh well.
     
  2. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Re: Proactive security challange 64 bit

    You don't have to pay Matousec for testing. You only have to pay if you want to be tested more often than once every 6 months or if you want to be tested on all levels no matter whether or not you fail one of the previous ones.

    The reason Matousec doesn't test Online Armor is a different one and has been explained in great detail here:
    https://www.wilderssecurity.com/showthread.php?t=281529&highlight=matousec
     
  3. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Re: Proactive security challange 64 bit

    People complaining about Matousec usually fail to see what is really interesting about Matousec. Here is what is really interesting: the software - the suite of tests that Matousec makes. These tests software are open source: http://www.matousec.com/projects/security-software-testing-suite-64/.

    And here is what generates controversy: companies can't publish their product's results using the free and open source Matousec's suite of tests, unless Matousec allows them to do so. So, they have to pay for Matousec to test it for them if they want the results published for everyone to see. Or they may receive a free test from Matousec every 6 months. And here is why they are legally enforced to obey this - from Matousec's suite of tests license:

    http://www.matousec.com/downloads/

    My question to devs of security software: is this suite of tests from Matousec (the open source software) important for you? I mean, is it helping you improve your products in some technical way not directly related to marketing/financial gains?
     
    Last edited: Dec 9, 2012
  4. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Re: Proactive security challange 64 bit

    Actually, I have more questions. Can you devs even use this open source suite of tests to do internal tests on your products for free? After reading the license again, I'm a bit confused about the part talking about "extensive or mass software testing".

    All in all, I just want to know if this open source suite of tests made by Matousec really has a relevant technical value and impact.
     
  5. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    You clearly didn't read what I wrote. We didn't go away from the test. We were disqualified. Disqualified as in: Matousec doesn't want to test Online Armor.

    In regards to popularity: Online Armor is a lot more popular than it used to be if I compare the amount of active licenses a few years ago when we purchased it and now.
     
  6. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    It's the part of original statement of Matousec at those time

     
  7. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    Matousec Proactive Security Challenge and HIPS

    Matousec Proactive Security Challenge mainly involves testing classical HIPS. I use the term classical HIPS here loosely as a means to differentiate it between a myriad of HIPS definition by different folks.

    Classical HIPS themselves have been a debate in terms of it's effectiveness with split camps having different opinions. If you're a proponent of classical HIPS or is simply interested in such, the testing suite is one valid method as far as testing classical HIPS is concerned.

    Point to take note: The testing also includes behavior control after execution. It doesn't take into account other factors such as:

    a) the reliability of security decisions made by users through HIPS prompts (assume user knows what to allow/deny),
    b) other forms of protection means such as default-deny policies, rights restriction through IL and UAC, sandboxes, detection through heuristics or blacklisting, etc

    Matousec Proactive Security Challenge and Firewalls

    Matousec Proactive Security Challenge also does leak tests which attempt to send data outbound; mostly through the use of hijacked communication of apps that are already allowed outbound access. See here for what I mean:

    At Least This Snake Oil Is Free:
    http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx

    Although I'd say the protection needed to prevent leaking mostly comes from HIPS; since there's a relation to outbound firewall control, there's the debate of whether it can be called a firewall test. I'd leave it to you to decide.

    Matousec Proactive Security Challenge and Controversies

    Controversies surrounding Matousec mainly arise from

    a) choice of programs tested (which includes programs without HIPS)
    b) their testing levels licensing policy
    c) the results shown based on that policy and choice of programs
     
  8. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Because of the issue with Tall Emu...
    Online Armor is Not as popular as it used to be at Wilders.

    Do you include the Emsisoft Internet Security Pack,
    which offers the AntiMalware scanner,
    when you measure the Online Armor popularity?

    Not many ones are using the Free version of Online Armor.
    At least, not many users as the ones in the past.
     
  9. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Correct. So how exactly is that our fault and how exactly did we go away from Matousec?

    Standalone firewalls in general are not as popular. Just compare the amount of supported firewall solutions 5 or 10 years ago and now or look at the traffic in the firewall forum here at Wilders compared to a few years ago. So what exactly is your point? Normal users prefer full blown suites over multiple single and disconnected products, even if each product on its own is more effective than the component in a suite, and more advanced and security conscious users like the Wilders audience moved to virtualization and sandboxing solutions.

    Just comparing the amount of active licenses of Online Armor being used. This does include licenses sold as part of the pack. Quite frankly that is the only number any company cares about, because those are the ones paying the bills.

    And you got that number from where exactly? Your own imagination? Have you counted all users? Sorry, you are speculating and can't prove any of it. You are just expressing your own very subjective and highly limited observations, which is fine. Just don't state them as objective truth.
     
  10. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    It's very unfair to expect people to give a reasonable opinion on that matter. We have no access to all the e-mails you and Matousec exchanged. BTW, can't you answer my previous questions, please? I'm truly curious.
     
  11. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    How is it unfair to expect people to back their claims up?
     
  12. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    How can they back their claims up without the full exchange of e-mails between you and Matousec?

    But this is a so boring discussion.., answer my previous questions about SSTS64 please - it's what this thread is about, after all. :)
     
  13. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Obviously they think they have enough information to make these claims in the first place.
     
  14. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    I wouldn't bet on that.

    I'll try again, what is your opinion (as a dev) on the SSTS64? :D
     
  15. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Don't you think that if I wanted to comment on your questions, I would have by now? Bottom line is: I am not a lawyer. So I can't comment on your licensing questions. I could comment on the technical side of things, but my views are rather unconventional and even if I say that those are my personal thoughts only and don't necessarily reflect the view of the company I work for people will spin it that way. I would create a private account so people wouldn't instantly start a public Emsisoft boycott whenever they don't like my opinion, but that isn't allowed. So I choose not to comment on controversial topics. If you are interested in my personal opinion you can ask me privately.
     
  16. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Yes you can answer me privately too! Sorry i forgot to add that.

    Yes I'm interested in the technical side. Can you answer me by PM?
     
  17. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Isn't it easy to understand that when Emsisoft buys a piece of intellectual property/Online Armor from Tall Emu, Emsisoft doesn't automatically also acquires all of Tall Emu's financial obligations/contracts?
    If I'd buy your notebook/PC, I'm not automatically responsible for your PC service contract payments.
    What's not to understand?
     
  18. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    What are these financial obligations/contracts you are talking about?

    Without disclosure I think it's pretty hard to understand.
     
  19. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    The thread already linked to by Fabian Wosar, offers the details link.
    I find it disingenuous to blame company B (Emsisoft) for Matousec' own inability to settle a contract made with company A (Tall Emu).
    Like I wrote, if I bought your PC/notebook, I'd be pretty annoyed if the PC service contract company you had a contract with, would start blaming me publicly because it had an argument with you over your PC service contract.

    edit:typo
     
    Last edited: Dec 10, 2012
  20. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    I see no disclosure in that thread, dude. Details?? What details?? Details would be providing the full contracts and obligations, with all its terms and conditions and all that stuff.
     
  21. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Perhaps you're asking a bit much. Dude? Now I understand though, you want full legal disclosure on this forum, all legal contracts, obligations and annotations etc, for everyone to be seen and judged. Not gonna happen me think.
    Some folks are barking up the wrong tree though. Matousec had a contract with Tall Emu.
    The continued demands (here) towards Emsisoft for explanations are bordering on the ridiculous.
     
    Last edited: Dec 10, 2012
  22. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    You answered me by stating:
    In other words:
    Online Armor as a standalone product (= Free or Premium Firewall) is Not as popular as it used to be before.
    Now, if you you are using the Internet Security Pack product (= Firewall + AntiMalware)
    to convince me that the Online Armor Firewall users have increased, that's misleading.

    Do Not compare the standalone OA Firewall (= the Free and Premium editions)
    with
    the Firewall+AntiMalware (=Internet Security Pack edition).

    I talked about the OA Firewall
    -as a standalone product: Free & Premium-
    not being as popular as it used to be.

    I hope it is clear by now...
    You are the one who can offer numbers; not me.
    For one more time, I only wrote that the Online Armor Firewall (as a standalone product: Free & Premium editions)
    is Not as popular as it used to be at Wilders.

    -How many are the Online Armor users of the FREE product, now?

    -How many are the Online Armor users of the Premium product, now?

    Can you offer figures showing a constant Increase in Users
    since Emsisoft got the Online Armor Firewall (= the Free and Paid editions) from Tall Emu?

    About the Matousec Dispute:

    -Why Emsisoft cannot pay Matousec what Tall Emu owes Matousec and give an end to that Dispute?
    -Is the respective amount so prohibitive that Emsisoft cannot cover it?
    -Did Matousec refused that amount to be paid by Emsisoft?
     
    Last edited: Dec 10, 2012
  23. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Actually, it's not. For two very simple reasons:

    The Internet Security Pack has been around long before we acquired Online Armor. That means even the numbers of active licenses back in Tall Emu days are including those sold as part of the pack.

    It is not a suite. It is a package deal. Why should Online Armor Premium licenses be discarded just because the user decided he wants to use two products instead of just one? Fiscally, that makes no sense at all.

    Bottom line is: You are unwilling to accept that the observation you based your opinion on doesn't hold any water but instead of just admitting that you are wrong you just desperately try to alter the circumstances and ground rules until it fits your distorted view of things. Cognitive dissonance is a bitch, isn't it.

    There is no differentiation between Online Armor Premium being sold as part of the pack or as a single product, as technically they are exactly the same. We don't differentiate them in any of the license systems either. So even if I wanted to, I wouldn't be able to give you numbers without the pack sales. That being said, pack sales are included in the Tall Emu numbers as well.

    We don't track those numbers, as they are irrelevant. I am pretty sure Free users don't want to be tracked either. We only know the overall activation counts which are quite useless, as it obviously increased by a few millions over the last few years. They don't give any indication about how many active licenses there are. The best thing you can do is to compare the number of activated free licenses of the last official Tall Emu Online Armor Free release and the number of activated Online Armor 6.0 Free versions, as we do save the version that was activated. Both numbers are roughly the same which accounting for the overall decline of standalone firewall popularity would most likely translate into an increase of market share.

    You don't honestly believe any company will give you any number of sales, unless it is legally obligated to, right?

    There has been a constant increase of active Online Armor Premium licenses from Tall Emu days to now, counting both single product sales as well as sales as part of the pack (which already was around for quite a long time back in the Tall Emu days).

    Because we would make ourselves susceptible to blackmail. The only correct way to resolve this situation is for Matousec to sue Tall Emu, which they won't do. Instead they decided to hold Online Armor as well as test results that were already paid for "hostage", asking us to pay up if we want Online Armor listed on their page again. We won't do that. If you can't see why we won't do that and insist that it is indeed our fault for not paying up, there is no point in continuing this conversation, as there is obviously too big of a moral and ethical discrepancy between both of us.
     
    Last edited: Dec 10, 2012
  24. Wild Hunter

    Wild Hunter Former Poster

    Joined:
    Oct 13, 2012
    Posts:
    1,375
    Fabian Wosar - Thank you very much for your PM, dude (haha.. this reminds me that Baserk hates the word "dude", apparently). A very enlightening PM.

    Now... can any other security software developer PM me (or post, doesn't matter for me) your (technical, preferably) views on SSTS64 as well?? I'm really deeply interested. The more technical opinions from those that actually make security software for Windows, the better for me. It will help in making me a more happy and more knowledgeable person. :) Please help. Thanks.
     
    Last edited: Dec 10, 2012
  25. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Hey!!!
    Show a little respect to an Emsisoft buyer,
    before using Bad language and Personal Attacks!

    The usage of Online Armor,
    as a standalone product (i.e. Free and Premium Firewall ),
    has been decreased
    following the decrease in the usage of software Firewalls in general!

    For obvious reasons, you will never admit that...

    Over & Out!
     
    Last edited: Dec 11, 2012
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.