New MRG test results

Discussion in 'other anti-malware software' started by Dark Star 72, Jun 23, 2010.

Thread Status:
Not open for further replies.
  1. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    yes, it simply does not cover that specific 'open door'. Compromised or sidestepped the end result is the same: The user data has been compromised.
     
  2. guest

    guest Guest

    Keyscrambler does not monitor anything.

    Still you didnt tell me how do you know that the test capure the keys while you are writing.
    Second time that I aks you do that.
    Where have you read this? you have super powers or something? how do you have access to this information from MRG if this information have never been release.

    I'm still waiting that somebody from MRG tell us more or less how it works.
     
  3. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    When it should capture then? After? By a magic screenshot and then optical reading? too complicated. Fully Breaking the SSL certificate after the sending? Not possible.

    As Sveta said it capture the plain text. How would you capture the plaintext otherwise?

    Of course MRG is not going to tell you which way they bypass it, they just get the data BEFORE keyscrambler can encrypt it. Then I don't know if keyscrabler still encrypt it after or if it is just bypassed completely (= no keyboard aware anymore) :)
     
    Last edited: Jun 24, 2010
  4. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    Sveta: Well we will not disclose any details about how the simulator works as that would damage the validity of the project

    But...

    Sveta: "Vendors who have a support contract with MRG will be given feedback, along with a technical overview of the simulator."
     
  5. guest

    guest Guest

    Off topic deprecating remark removed

    A malware can hijack the process of the broswer or services.exe and steal the information, but you are a security expert with the only truth so you I guess that you already knew that.

    This could explain why some of the software tested that only provides isolation for the broswer, and no specific technology against keylogguers, have passed the test.

    Probably the "keylogguer" made by MRG is only able to get the information from the broswer and is not able to capture the keystrokes if you write something in notepad.
     
    Last edited by a moderator: Jun 24, 2010
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Aie aie... we are still far away...

    Whatever process is running it is able to read the TYPED keys before keyscrambler. You seem not understanding the basics of keylogging. All goes back to read the INPUT. Ways of reading the INPUT can vary!!

    No need to take it personal, nor offending posters makes your argument more robust. Depracable attitude :(

    This is explained by different protection mechanims. Keyscrambler does NOT need to block the output since it encrypts the INPUT rendering it useless (when it works). While other software acts differently.
     
    Last edited: Jun 24, 2010
  7. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    Hi Konata Izumi,

    There is no contradiction. I stated we would not release details on how the simulator works as it will make the project invalid.

    To make things clear to everybody I will now quote what was said in the report about this:

    We clearly state we will not provide information during this testing phase and also state we will only give details / access at the end of the testing phase.

    Regards,
    Sveta
     
  8. guest

    guest Guest

    Could you tell us at least if the information is recorded while is being type of after?
     
  9. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    As I have said, we cant disclose any information whilst the project is running.

    Regards,
    Sveta
     
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Well, the information requested will be pretty useless to any security expert. There are tens of possibilities on how to keylogging even knowing that the keylog is done at writing or not at writing.

    I guess you want to create some suspense... LOL :D
     
  11. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Thanks for this test MRG, very helpful.
     
    Last edited: Jun 24, 2010
  12. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    We are about to start the third day of testing, you can follow live results on the test site here

    If you see the applications name in the format "[NAME]fail@email.com" with the password"password", it means the simulator has bypassed that particular application and captured the data entered in to the browser on the paypal site, bypassed any firewall and sent the data to us.

    Regards,
    Sveta
     
  13. guest

    guest Guest

    Seeing the format of the report and that all the pure antikeylogguers are failing and the sandbox and isolation programs are passing the test is obvious that the MRG tool intercept the information in the broswer hijacking the process and not while the user write the information.

    Methodology penalize the hips (assume that the user dont understand the messages from the HIPS) they are not going to score well here.
    All the AV's are going to get a 0% of score because they are not testing malware. (We can call this Matousec methodology ;))
    All the pure antikeylogguers will get a 0% (Matousec methodology)
    The programs with sandbox or isolation protection will probably get a score close two 100%

    The good news are that some companies will pay money to MRG for the testing details in order improve the products or add broswer protection. (Matousec method)
     
    Last edited by a moderator: Jun 24, 2010
  14. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    @Sveta MRG:
    Do you confirm this?
     
  15. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    No, I wouldn't agree with you. If I'm not mistaking Zemana is a HIPS program too and it passes the test, so it is not impossible for HIPS applications to pass this test.
    This simulator is specifically designed to be easily detected by heuristics so standard Anti-Malware applications with heuristics have a chance of detecting it.

    Regards,
    Sveta
     
  16. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    So what methodology do you propose then? One that is in common use by malware, which results in a clear failure by much of the software that claims to provide protection of your confidential data? Or another which tests isolated technical protection scenarios, which works against malware of yester-year, but fails against todays real-world malware?

    I've heard all this before in a similar industry where the criminals had moved on to new bypass techniques and the manufacturers of the old solutions claimed that the new tests were unfair because they were bound to fail - their product 'wasn't designed to protect against that sort of attack' and the test methodology penalized them. Well, at the end of the day they lost the argument. The old single-vector protection products fell by the wayside, the new multi-vector protection products won the day because they addressed the real-world attacks and protected the consumers.
     
  17. guest

    guest Guest

    Zemana has SSL and HTTPS protection, is not only an HIPS, and its well known that the antilogguer abilities of Zemana are weaker than SpyShelter per expample, and SS is failing and Zemana pasing the tests...
    Well you are more informed than me, let see what happens with the AV's
     
  18. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,531
    Location:
    British Columbia
    Thanks again

    Looks like Spyshelter and Keyscrambler "failed again"
     
  19. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    Yes they failed again. I can now confirm that Symantec Norton 360 has passed the test on Day 3.

    Regards,
    Sveta
     
  20. guest

    guest Guest

    This is funny :) It will fail all days with this testing methodology, there is not suprise.
    They dont want to join MRG's test anymore.
     
  21. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    There are 27 days of testing left, perhaps the vendor will release an update during this time and improve the program:)

    Regards,
    Sveta
     
  22. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    We can see the failures here. How we can see the PASS results?
     
  23. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    Passes are not displayed on the site as the Program which passed the test has blocked the simulator from sending the data to the test site. The passes are displayed in the report which is updated every day and available on our website.

    Regards,
    Sveta
     
  24. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Unless cloud based or signature based, forget about it. Serious companies need the time to re-write code routines and run battery tests. You can't expect a rapid release just because your 'simulator' bypass their protection, moreover you will only release details of the tests at their completion. How would you expect a fix for products that are not using 'cloud' intelligence? A crystal ball approach? :D
     
  25. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    Of course;)

    But if new releases are published, we will update the programs in the test like we already did when AVG and BluePoint Security released their new builds.

    Regards,
    Sveta
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.