New MRG test results

There are other programs in spyshelter's targeted area that can inteligently alert the user. The fact of the matter is spyshelter cannot.

 

All of the test subjects provide browser security and thus it is included in this "BROWSER SECURITY TEST"
All test subjects whether they offer complete protection or not will be tested with different methods until the the last day of testing.


What's the need of REAL Malware in these tests?
I guess the programs are tested using MRG's simulator.

 

Which programs?
OA? It has OASIS and DS check, Comodo has internal white list and DS check,
Zonealarm, Agnitum, Malware Defender?

it is allways limited.

HIPS's main idea is important and simple. You can not add all non-malicious software your whitelist database. It is impossible.

We discussed HIPS and proactive software technology 1.000.000 times on this forum.

Zemana using DS and internal whitelist technology.
When Digitally signatured commerical keylogger passed ther antilogger, they added some feature their app for this situation. Theoretically any digitally signatured unknown malware can bypass it.

This is from Peter2150 for OA ;
https://www.wilderssecurity.com/showpost.php?p=1665634&postcount=12

And others;
https://www.wilderssecurity.com/showthread.php?t=273508&highlight=digitally signed malware

I used OA, Comodo and many other security software, If you are using proactive software, false positive is inevitable.
Everybody know
Comodo IS automatically sandboxed many well-known application
We can not run many well-known application with geswall or other policy based sandbox

 

This is like matousec testing a pure firewall against HIPS tests...
You are wrong keyscrambler do no offers broswer protections it just encript the keystrokes so another software cant steal the passwords on real time. Any other thing that you want to test on keyscrambler is going to FAIL because the product is not designed for that, like a lot of products being tested.

I am going to test Skype against malware just to see if Skype is able to block and remove the malware...

Also the methodology is ridiculous if you have installed a HIPS in your computer is because you are able to understand what means each popup and asnwer it correctly, if you dont understand how the HIPS work you will not install it in your computer.

 

Skype will come up clean.

 

Nice test, always love to see results

 

Thats is what it fails to, the hook of the 'simulator' just bypass keyscrambler and the credential are read in clear

Its has been seen with the previous generation of PREVX, 80% of users just ignored the warning and allow the malware to install. That is why PREVX left the pure HIPS approach long time ago... in this respect the testing approach seems correct.

Like Matousec this test is based on just a simulator not real malware. Would be curious to know which widespread malware uses this specific technique/hooking to keylog otherwise it becomes another desk research analysis with no concrete application in real life.

 

The simulator dont bypass keyscrambler because keyscrambler is not designed for that.
If you test the simulator against windows media player is absurd to say that the simulator bypass windows media player, the same applies to keyscrambler an many other software been tested.

The testing aproach is correct because prevx left the pure HIPS a long time ago jajajjaa the entire world is always around prevx.
And what happens the the hips protects you from someting the prevx doesnt? the entire world is wrong?

 

To me the issue is pretty straightforward... Keyscrabler is designed to "Defeats known and unknown keyloggers without needing constant signature updates".

For this specific case it can be unfortunately bypassed by the keylogger in the simulator.

Prevx ehum what? LOL... No comment.

 

A little correction, as I made the same mistake before.... OA does not auto allow all digitally signed files, but only those that Tallemu choose to.

 

"KeyScrambler Logo KeyScrambler encrypts your keystrokes deep in the kernel, giving keyloggers "scrambled," meaningless keys to record."

Get the username and password doesnt mean always that you need to use a keylogguer, do you understand this?
There are other ways, you can capture the packets sent by the broswer pe.

But the problem is not only KeyScrambler is every AV in this test, since they are not dealing with real malware they are useless and they are going to fail in every test.
This test has the same defects than MATOUSEC tests.

 

is it new? Because i remember some digitally signed malware bypssed it with this situation

 

We share a single opinion.^^

MRG (and PCSL) use this half-baked 'wording of the prompt counts' methodology and the results are obviously only helpful for AV-is-all-I-know guys.
A HIPS or whatever must simply prompt like an AV - is the dogma.
Different classes of security software offer different prompts. That's it.

The root for completely missing the point with their tests is most likely the 'VX collector turned into security software tester' thing.
And testing is only the cash cow and AMTSO the key to more money. If some tested vendor pays the fee...

Cheers

 

The simulator capture the data as it is been typed in... this what I mean.
Then the data is sent encrypted to paypal, once is pushed out it cannot be intercepted since it is encrypted.

Isn't keyscrambler designed to protect from this? If not, sounds to me a completely useless tool since most malware capture the data this way.

 

You meant wrong, do you understand that there is more than 1 way to steal a password?

You can capture the data when is beeing written, when is being sent, when is already typed in the broswer...

 

huh? here's the Categories and Applications Protected by KeyScrambler
browsers are on the top list of protected application.
http://www.qfxsoftware.com/ks-windows/which-keyscrambler.htm

I know and you also know that keyscrambler only encrypts keystrokes.... so why don't we just disregard any other testing that are not in the scope of keyscrambler?

MRG are just doing its job. you're just overreacting.

 

Doing that you are only showing how ignorant are you, so dont make the ridiculous yourself.

and? all the AV's protects you against malware able to steal your data and every AV have failed in this test and all of them are going to fail until the end.

I am not going to spend my time explaining you everything again go back and read it again.

 

We are talking about logging credential while they are written in the browser. There is not much room for interpretation. Keyscrambler fails to block the simulator that read the data in clear (not before, not after but while you write it)

It seems not so difficult to understand

 

Could you tell me where you read that? (the sentence in bold)

 

That is the only way to do it.

Ok, now I understand.... you simply have not understood what was explained to you. This is not what it does. It is not possible to capture the information because is sent encrypted - SSL (paypal)

Do you follow?
May be someone else can explain you.. have to leave!
The simulator use a hook that is not covered by keyscrambler and is able to read the information in clear.

 

I dont know in which world do you live, read this: http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=214501930

You can still read/steal the information when is already written in the broswer, you didnt understand that, true?

keyscrambler encripts the keystrokes at kernel level, so I hardly doubt that the malware is able to decript on real time.

 

No it isn't. You're right and your point stands, I sent that malware to Tallemu myself. Personally, I disable the whitelist and OASIS.

Just wanted to correct that post.

 

If that's the case then Keyscrambler has been sidestepped rather than compromised,it's a subtle distinction but an important one.

 

The day Keyscrambler posts a big warning on its website saying their software will only protect against a limited attack vector for stealing your passwords, then they have the right to complain about being included in this test. The fact is they market themselves to the average user as a comprehensive solution for protecting sensitive data such as passwords. Hence they are fair game for this test. All that is happening here is that Keyscrambler is being shown to be of limited protection and they will probably fail every test. That is no reason to complain about them being included in the test.

 

The above has nothing to do with what I am trying to explain. In fact, the article refers to a known example of man-in-the-middle that need certain conditions to be met to be successfull.... amongst others "...Web URL begins with HTTP rather than HTTPS, none of the test victims noticed. ". Only then they will grab the data

We are are talking about keylogging at the time of writing... no man in the middle... just a hook that keyscrambler does not monitor... its not a tragedy, its not the only one.... may be before or later you will get it.... I am trying hard... not very successfully.. LOL