MRG Effitas Online Banking Browser Security Assessment Project Q3 2013 – Q1 2014

Norton Internet Security 21 has been out for nearly a year and they list Norton Internet Security 20.5.0.28 (released around May 2014) in their Q2 -2014 test.

 

Well, the thing that bothers me about the MRG style of testing, is that they don´t explain how the malware is stopped. Are they stopped by signature or by HIPS? That would be interesting to know. For example, Wontok doesn´t use signatures AFAIK, so it´s relying completely on pro active defense methods. To me it ´s more impressive if these banking trojans are stopped by HIPS or so called "safe browsers".

 

Strangely enough, in both tests, the same version of WSA is used. When WSA previously failed banking tests, they improved the Identity Shield and released a new version. This leaves me curious to know if they really block the information-stealing behavior from the SpyEye in question, or only updated the cloud heuristics to block these SpyEye variations.

 

The free version is MyPOQ. I have used it and there is no lag. IE needs an Active X plugin and Firefox needs Java I believe. When logging in, you can decide which version to use. I have not used it in awhile but if I remember correctly, there are 3 levels of protection available. When launched you get a new browser with a border around the window.

https://www.quarri.com/products/mypoq/

 

So you can keep using your own browser like IE and Firefox? But even though their protection methods seem to be superior, I just don´t like this approach.

This is what annoys me also, I think MRG should clearly indicate how these attacks are stopped. I don´t care about signatures, I only care about the pro active defense part.

 

Well not in all situations the future is already here.



TH

 

Yes, you use your own browser.

 

Can you give some more info about Webroot´s Identity Shield? Perhaps you can shed some light on post #53?

https://www.wilderssecurity.com/thre...ct-q3-2013-q1-2014.365079/page-3#post-2394812

Well, if that´s the case, I really wonder what kind of technique it´s using to protect the browser? For example, Wontok and Bitdefender use their own "safe browser".

 

Sorry there isn't anything I can add, I can check but not sure I can comment?

Thanks,

Daniel

 

@Rasheed187 this is the info I got:

Thanks,

Daniel

 

@ Triple Helix

Thanks, but it´s still not really clear to me. From what I understand, the Identity Shield didn´t really block the SpyEye trojan, which is a bad thing. Apparently it´s caught by signature only. But I must say that the Identity Shield feature looks kinda cool, perhaps an idea to release it as a standalone product, like Prevx SafeOnline?

 

I can't see that happen as all the modules are part of the whole and Prevx SafeOnline was still the whole product so nothing new there IMO.

 

@ Triple Helix

The reason why I asked, is because I´m not into security suites. I´m also not into dedicated "safe browsers". I´ve also read bad stuff about Trusteer Rapport, and Zemana and SpyShelter are horrible when it comes to the GUI. So I´m still looking for a good solution.

 

WSA is not like any other typical suites at all maybe this version would suit you? http://www.webroot.com/us/en/home/p...m_expid=64405194-108.nF_ojJx_SQ6xoHz6p2xD5Q.1

TH

 

@ Triple Helix

Thanks, but no thanks. Like I said I´m not into security suites, and I did read about Webroot, trust me.

By the way, I´ve found another app dedicated to online banking security, it also seems to be using the "safe browser" method of protection, perhaps some of you can check it out.

http://www.k7computing.com/en/Product/k7-secureweb.php

 

I don't need some fancy feature or app for that, I just keep my PC malware free and connect to the bank via a secure connection that's all I need.

 

Chris from MRG has given an explanation on the Webroot forum:

https://community.webroot.com/t5/Community-Announcements/Nice-Report-Webroot/td-p/131554

 

@ BoerenkoolMetWorst

Thanks for the info, nice to know that Webroot fixed the problem.

But it would have been nice if MRG could have posted that over here, since the question was raised in this thread. Although I appreciate the MRG tests, it´s disappointing that they haven´t responded to my questions in this thread.

 

Quarri's armored browser is designed to be used on a potentially infected machine.

 

@ 1000db, I don´t get it, same goes for all other tools mentioned?

 

Not necessarily. Quarri's My Protect service is not a replacement for a locally installed security program. It's a service you could use on a public or shared use computer, to make a secure transaction without leaving traces. It has no ability to "detect" malicious files (or a simulator), it just blocks methods used by malware. I use it when I travel.

 

@ 1000db,

OK I see what you mean, however all other apps also claim that they can protect an already infected machine, that is what´s so cool about this type of technology.