New leader at Matousec

Discussion in 'other firewalls' started by Dragons Forever, May 1, 2010.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    Dear pandlouk

    1) I am not a matousec fan.

    2)
    When I said Matousec leaktest I wanted to say Matousec test
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    The problem is that there is little to interpret from this tests, the test are mostly not linked to actual threads. Just measuring performance of tools against desk research work. Nothing against them they are just over-considered and certain companies are forced to comply for marketing reasons.

    This has a vicious effect were developers invest time and money for championing matousec leak tests instead of investing in championing with real outbreaks. :)

    I think I made my point, no need to insist to avoid this thread becoming once again a Matousec flaming excercise.
     
    Last edited: Jun 21, 2010
  3. guest

    guest Guest

    Then test ONLY the HIPS part of each secutity app agains real malware and let see how different is going to be from the matousec ranking. I can asure you that it will be very similar.
     
  4. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Not really, by design Matousec is testing security tools by levels (with prevalence of leaks in the first ones). This approach further distort the ranking and any possible inference of Matousec results into real protection of security tools. :)
     
  5. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Matousec tests also behavior blockers...
    I did a test last year with real malware and ThreatFire did better than CIS and a2 Anti-Malware/Mamutu better than Outpost.
    Go figure. :cautious:

    Keep on dreaming. :rolleyes:
    Matousec tests and results are irrelevant related to real malware.
    They are just there to lull nitwits into a false sense of security.

    Cheers
     
  6. guest

    guest Guest

    This is your opinion, always that I have tested mamutu, threatfire or D+, Threatfire has been the worst one (I made the test with 60 0-day samples).
    Threatfire has a little antimalware inside so if you did it with old malware your tests are completely irrelevant.

    Anyway let everybody laugh again, a BB like Threatfire better than a complete HIPS like D+ blocking real malware jajajaja

    I'm not dreaming but you are quite blind.
    The problem is that you are not able to understand that the test are make for testing HIPS.
    If you try to execute a malware with any decent HIPS, it will always ask you about if you want to execute the file, you can say no, and you are protected 100%.

    So explain me please how do you test a HIPS with real malware, do you allow the first execution? so do you assume that you are stupid enought to allow the malware to be executed, and clever enought to block the rest of the petitions?
    Thats a funny method :D
     
  7. ALookingInView

    ALookingInView Registered Member

    Joined:
    Sep 14, 2009
    Posts:
    365
    Unfortunately.
     
  8. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    Agreed. Can we please discuss technical aspects without resorting to and becoming personal about the subject
     
  9. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Well, exactly this funny method uses Matousec for all his tests.
    Therefore his results seem to be extremely questionable. :shifty:

    Cheers
     
  10. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    That's a point that I've brought up on numerous occasions.

    Testing a HIPS against malware is nothing like testing an AV,where you can strictly determine a pass or a fail.At best you can get some sort of idea how a HIPS might perform for an average user with an average set of circumstances.In reality though how good it is,is in no small part dependent upon how 'good' the user is at interpreting prompts and acting accordingly.

    The irony is that the advanced users for whom HIPS offers the best protection are probably the ones that don't really need it in the first place.
     
  11. ace55

    ace55 Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    91
    Either you configured CIS incorrectly or you answered prompts incorrectly. Claiming that a top-tier behavior blocker (a HIPS which answers alerts for you based on its own intelligence, and thus must answer some alerts incorrectly) provides stronger protection than a top tier HIPS (which, assuming a certain degree of user knowledge, allows for every prompt to be answered correctly) is ridiculous.


    Very true; Matousec does not make any attempt to consider user knowledge in his tests. He tests only the effectiveness of software assuming the user knows how to answer prompts correctly. If you lack the knowledge to answer prompts correctly, then Matousec's results do not apply to you as a user. Matousec rates the software on its own merits.

    Matousec also fails to mention that a properly configured LUA combined with an anti-executable will, to my knowledge, protect you against every remote exploit to date. HIPS are only really a benefit if you run untrusted code intentionally or want to learn more about the workings of Windows. Considering how easy it is to perform a trust assessment on an executable (check for digital signature, ask yourself if the signer is a legitimate corporation), the only benefit a HIPS provides if you do not fall into the above categories is the protection against an incorrect trust assessment. For example, you trust Energizer but somehow a piece of their software included a backdoor-- presumably due to a disgruntled employee or security breach. A HIPS would allow you to tightly control the actions taken by a particular piece of software, provided you took the time and answered the popups necessary to do so. In a sense, his tests provide incentive for companies to make their software overly complex and thus potentially significantly reduce their actual protection for the end user while only slightly increasing the theoretical protection they afford.
     
    Last edited: Jun 21, 2010
  12. sparviero

    sparviero Registered Member

    Joined:
    Apr 23, 2009
    Posts:
    88
    I never thought to react on this thread, but I see that Matousec is noob with advanced firewall !

    Why do I say ? I'm a Jetico firewall user, and see that Matousec continues to have problems using the Jetico firewall !

    Matousec say:
    This is not true! This can only mean that he does not understand how to use Jetico firewall, can not be competent to make similar conclusions!

    So, dear Matousec, if you read this thread I invite you here to explain to you how to use Jetico firewall – e.g. Indirect access to network alert!
    How to block all your 148 tests without need the system rebooted to be usable again and contemporary to be able to surf the web. In case of a malware
    attack the system usability does not change, just if you know how to use it !!

    I doubt that Matousec come here (ego and shame) to understand how to use advanced firewall - Jetico firewall in this case, however, I call any other user who is using Jetico to open a new thread and to explain how to use this mysterious Indirect access to network !

    For everyone else, my words can I confirm very easy, and I know that Matousec leaders list is very not competent !

    Have a nice day.
     
  13. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Both is simply wrong.
    I didn't configure anything, as I have tested with default settings and on every prompt after initial execution I hit block.

    Cheers
     
  14. ace55

    ace55 Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    91
    Theres your problem: CIS must be run in proactive configuration, not default configuration, to provide maximum protection. If you install just the firewall, selecting the bottommost option when you are presented with 3 protection levels will do this. If you install the av + firewall, you must right click on the CIS tray icon, click on Defense+ configuration and then click on Proactive Configuration.
     
  15. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Please stop your Comodo forums support jabber here. o_O

    I have tested all HIPS and behavior blockers with default settings with this test.
    It's not my problem if CIS is weak with default settings.

    Cheers
     
  16. guest

    guest Guest

    Nobody is doing "comodo support" here, the problem is that you are doing useless comparisons simply beacuse you ran a deficient tests. In fact you need to be a fanatic of TF to say that is better than D+ athought I remember you again that you are comparing different things.

    But anyway if you got a better result with Threatfire than with D+ by default for sure you did something wrong, like test old malware (1 or 2 days is enough to be consider old in this case) against Threatfire.
    Also I repeat you again that you are comparing a pure HIPS with a BB + antimalware, so again your results are useless.
     
    Last edited by a moderator: Jun 22, 2010
  17. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Basically you say that ThreatFire protects better against Malware (than D+) if the Malware is older than 1 or 2 days.
    Well, I agree with you.

    Cheers
     
  18. guest

    guest Guest

    You are wrong again, but dont worry I dont care.
     
  19. ASM

    ASM Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    164
    To me, he or they is/are more bias to one product... that is the end.
     
  20. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Not to bash but most people out there are stupid enough to click on almost anything they see on the web and If they want to see what a program does they WILL click allow on whatever HIPS software they could have installed, but if an AV blocks that program from ever downloading they would know that it is a BAD program, and that is something a HIPS cannot do. I know some folks that just to see some porn they will believe that they need this or that "codec" and if you put some HIPS on their PC's they WILL let it run no matter how many pop ups the HIPS throw at them, so YES, people are stupid and that's why most of us with common sense don't really believe in HIPS because we WON'T let anything run, therefore minimizing the need for a HIPS and that's why I believe that a good heuristic AV is more than a good HIPS with tons of pop ups that only annoy the user and will most definitively end up turning them of, like most people I know disable D+ on Comodo (for example).... so If Matusec says that ESET Smart Security is a BAD program because Matousec will ALLOW something that clearly Eset Smart Security is telling him NOT TO RUN and therefore allowing it to LEAK he is more stupid than you think, because if he had said NO, then he would find that ESS would have blocked anything in his little bag of cheap tricks.. (and I say ESS like I could say AVG or Vipre and some other programs out there that Matousec say are not good enough)

    At least that is MY opinion.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.