MRG Effitas Antilogger & Browser Security Test

Hi, you are right in a awy but this is your view ofcourse and not every one will agree with this when you discuss/ test classical HIPS like MD, CIS, OA etc. If you have used a classical HIPS in the past you can understand it very well.

I propsed it so that every one will know whether a HIPS infact created a pop up alert of malicious activity or not. Also I hope by this way there might be less objections on MRG testing methodology. Actually only a small percentage of users use classical HIPS and they might not care the marks given to the HIPS, all that they care whether the HIPS they are using intercepted the malicious behavior or not.

Ofcourse any one can disagree with my view.

 

With your suggested methodology, more vendors would probably participate in the conducted tests. That's what's so good about it! Albeit I must question the relevance of letting classical HIPS pass the test as they just give pop-ups and ordinary users might just as well click 'deny' or 'allow' for all we know!

 

HIPS are not for ordinary users , ordinary users can click any thing

 

Honestly in many of these tests non-typical security software should be considered as well as tested. This can help HIPS and anti-executables become more widely known. I understand that MRG is looking for dedicated anti-kl apps but really non-typical apps should be included as a separate group. Because programs such as Malware Defender and AppGuard (just a couple examples) are not marketed as anti-keylogger programs they might indeed perform better than dedicated programs. Besides if you only compare similarly marketed programs you will only find out which one of those programs performs best; you still wouldn't know which type of security technology protects best against keylogging. The latter seems to me to be more important especially when online financial transactions are concerned.

 

they using WGA logo :>
http://malwareresearchgroup.com/wp-content/uploads/2011/08/MRG-Effitas.png

 

Results have been published: http://malwareresearchgroup.com/malware-tests/

 

very interesting results
GESwall and SpyShelter added to the test and GESwall passes, not SS

 

Thanks.

 

Wow. DefenseWall is truly amazing. I wish there was a x64-compatible version. Never thought SpyShelter or Prevx would fail.

 

DefenSeWall

 

Assuming user responds correctly. Same story with Zemana.

 

The inclusion of alert screenshots in their report would have gone a long way in presenting what they interpret as a "valid user input request."

Maybe they can post up the screenshots in their forum thread??

Having used Zemana for over two years, their alerts are quite detailed and relevant. I'd like to see how the others compare.

 

AND GeSWall AND Zemana.

 

There have been other browser tests where Zemana automatically blocks an action without user response required. User input gives user one more place to go wrong. By the way, I am a Zemana user.

 

Very nice test and great effort.

Thanks MRG.

I wish they can add a lot of screenshots showing us more details and all pop up alerts by security applications being tested. That will make it more spicy.

 

KeyScrambler failed.
I emailed results to Qian Wang, but I'm sure he knows from MRG participation.
Thank you for the test!

 

zemana passed good job

prevx SOL failed

 

Obviously KS fails, to make KS able to block this they will need to write a totally new software since KS is not intended to block this kind of Antiloggers
Trusteer Rapport, is the only one you can trust for free on x64 also is the most advanced and configurable browser protection.

 

Why is the software tested against malware it is not made to block?

 

Because in the KS website the say that they protect against all baking malware while this is not true so Sveta enjoy testing it and seeing it fail
http://www.qfxsoftware.com/press/security-alert.htm they even mention Zeus xD
I think that the other advertisement has been removed from the website

keyscrambler represents probably the best Antilogger protection "on real time" that you can find on the market, but this banking malware is not "on real time"

"On real time"= captures the keystrokes on real time (while is being typed)

 

raiden how do you add sites manually in trusteer rapport? dont seem to find it

 

I don¡t have it now but as far as I can remember you can make a config for https sites and http sites, I really don't remember if you can set an specific configuration for a website. But I remember that it was the most configurable so there should be a way to do it

http://consumers.trusteer.com/learn-about-rapport-0#chapter_which_websites

 

Interesting.
How is this banking malware not real-time capture?
If the answer is obvious, sorry, I overlooked it.
Thanks for the explanations.

 

Bare in mind that the test was conducted on a 32-bit system. Trusteer Rapport may have passed the latest test from MRG, but that does not mean it's as efficient on x64 as it's a completely different architecture.

 

I'm not an expert but basically this malware is able to "capture the packets" sent by the browser, so when you click "send" the malware is able to intercept the information and steal it. So the info is not steal when you write it.

You are right, at least is one of the few that has never been bypassed in a MRG banking test, lets hope that the x64 version is as good as the 32bit xD Trustter rapport is sponsored and paid by many banks so I think they are quite serious about their product and I think that the x64 version is as good as the 32 bit.

I hope we can see x64 banking tests soon.