MRG Flash Tests 2011

Sure, but it's not a (traditional) sig if you know what I mean.

 

Thanks for the reply.

 

Re: MRG and kudos to Eset

Eset has passed the last three tests (three keyloggers). Alert the media.
http://malwareresearchgroup.com/category/malwareproducttesting/

 

Hmm, Avast failed the last 8 tests It's good that AutoSandbox is coming to help improve protection against zero-day malware.

 

1st failure for EAM in Flash tests.

http://malwareresearchgroup.com/2011/02/mrg-flash-test-2052011/

 

Avira failed all those test too.


Prevx and MBAM seems like the only ones that provide very good protection in this test and since you can't test ride Prevx:

Does anyone experienced MBAM Full conflicts with either Avira (free) or Online Armor ?

 

norton clearing all,,, a relief

 

Woooah, first time EAM misses one

 

If you count the last 8 test since I posted, Avira passed 1, but it's Avira Premium, so you cant' be sure Free would have passed it too.
Defensewall and Zemana Anti-logger also pass a lot of tests.

MBAM full works alongside most security products, there are a few for which special settings are required, but Avira and OA are not among them:
http://forums.malwarebytes.org/index.php?showtopic=10138

I used MBAM full myself alongside Avast and Nod32 without problems. You might want to exclude each product to prevent one from doublescanning the other's files.

 

same as Vipre

 

MBAM is a wonderful program either full time or On demand. The only thing that I haven't used on it is the IP blocking. I'm very happy with either clearCloud or Norton DNS.

 

IMO, MBAM's web protection is more comprehensive since it blocks at IP level while DNS services are limited to block only at URL level.

 

DNS service is blocking at the IP level as well. Since DNS is merely a name of a certain IP address. DNS was created so folks wouldn't have to remember a long and confusing IP address. Whats the difference if Norton DNS blocks you from going to a certain IP address and MBAM blocks the same IP address.

 

What about Norton and VIPRE? Or Norton and especially Emsisoft Anti-Malware, if you are considering from 2010 onwards.

 

This is what I'm trying to explain: http://forums.clearclouddns.com/messageview.aspx?catid=234&threadid=6777&enterthread=y
http://forums.malwarebytes.org/index.php?s=&showtopic=10138&view=findpost&p=162100

 

This is what I'm saying....
"How does it work?

DNS (Domain Name Service) is like a phonebook. Each time your computer visits a web site, it needs to get the IP address of the site – computers only connect to IP addresses, not human-friendly names. When Norton DNS is used, it delivers these IP addresses very fast, plus it does a quick check on each site to make sure that it isn't bad. If it is, you are protected from the site but you will get detailed information on why we think that the site is bad. This information comes from our Safe Web database. You can search any site at safeweb.norton.com. Norton Safe Web processes billions of requests each day to deliver ratings for users when they are searching on the Internet."

So you see it doesn't really matter if your blocking the IP address or the DNS request. Either software is blocking the address whether it be an ip address or domain name.

 

never tried vipre but it seems good and light from what people say ...

 

No, it's not. What you're saying is partially correct, if you go to evilwebsite.com, your browser will do a request to norton DNS, N-dns recognizes it as bad and doesn't give the correct IP so you don't visit the bad site. With MBAM you do the same dns request, you get the correct IP, MBAM sees the connection to bad IP and blocks it. If you look at it like that it's indeed the same, because the bad site is blocked with both methods. However, Norton DNS doesn't block IP's directly, it denies the DNS request. So if you go directly to the bad IP, no DNS request is made and you can visit the site. Or if you're infected with a keylogger or botnet software and it tries to connect back to the origin/command & control server to report keystrokes or send spam etc. then Norton DNS can do nothing about it, while MBAM can because it blocks at IP level. I think that is what AtomOmega is trying to say.

 

I guess the prime question then would be which service has the larger database and/or the quickest response to new malware sites.

 

Well, I suppose I should state that For Me, Prevex and MBAM ....
I'm subscribed to MRG RSS feed and from what i remember Norton, Vipre and EAM failed at some point in 2011 test. I didn't double check it though.

I've tested Norton and EAM and they both are good AVs. They just don't suite me well and i like Avira much, so that leaves Prevex and MBAM. Sorry for bad wording in previous post.

IP blocking and DNS blocking could work together without problem IMO. As someone stated before, there could be situation when malware(keylogger, malware downloader etc.) phones home using only IP or when block list of IP addresses block something not block yet by DNS service. It could be especially important when dealing w/ zero-day malware, so it could be a good idea to have one or both

 

Neither Norton nor VIPRE failed in 2011.

 

Yeah, that's what I'm talking about. Sorry to all for the hijack.

 

DefenseWall and Zemana failing today's (2/7/11) test. EAM back on track.
Norton and VIPRE still at 100% for 2011.
http://malwareresearchgroup.com/2011/02/mrg-flash-test-2072011/

 

I got the sample. DefenseWall didn't fail, infection of the system was prevented.

 

Yes, we should point out that this sample does not infect the system in a traditional way, instead it locks it.

Regards,
Sveta