Trustport 2015 line released

Trustport appears to only license the signatures. That's also why TP is extremely light, while AVG is largely considered heavy and bloated. From what I can tell, and my communications with them, TP is a pure AV with a traditional HIPS. I agree though, it's alarming to see a lot of 'junk' going on with AV vendors.. Avira's unholy alliance with Mixpanel. Norton with Ask. Avast with their Coupon stuff. Etc... When will they learn? So far I can find nothing nefarious about Trustport, it appears to just be a pure AV+Hips like the old days. I will continue to test/probe it, but so far so good! I'm pretty picky about my AV's, I generally want zero or near-zero system impact, which means MOST products are automatically ruled out as potential products. I do not want 'annoyances', which means toolbar popups, offers, and other trash, which pulls a ton more off the list.

My thoughts about most products I recommend;

Trend - pretty light, but is known to spike CPU at odd times. Few annoyances. Solid protection.
Norton - light, strong insight/reputation/ips, but toolbar annoyances and poor signatures.
Forticlient - fairly light, but pure AV, nothing else unless it's linked with a Fortigate.
Trustport - zero-weight, traditional AV w/pure HIPS and secondary AV engine.

I'd recommend any of the 4 with few reservations to be honest. For MOST people - which require a good URL scanner along with their AV, I would go for Forticlient or Trend - both have amazing URL scanners. For people with an already effective URL scanner, or just looking for a traditional solution, I would go Trustport.

BTW got any links for those claims about Google and AVG? I can't find anything to substantiate them.

 

Hmmmm.... I'm not with this AV de jour.

From this review:
http://au.pcmag.com/antivirus-reviews-and/28162/review/trustport-antivirus-2015

You Can Do Better
TrustPort Antivirus 2015 earned a decent score in my hands-on malware blocking test, but the independent antivirus testing labs offer almost no information about this product. It doesn't include Web-based protection, and its behavior-based Application Inspector banned good and bad programs alike. You can do better.
​

From this review of Trustport 2015, which it earned a dismally low 2 of 5 stars:
http://www.pcmag.com/article2/0,2817,2476586,00.asp

• CONS Behavior-based detection flags more good programs than bad. Dismal spam filtering and phishing detection in testing. Rudimentary, ineffective parental control. Firewall bombards user with popup queries; user who just clicks OK will lose Internet access.
• BOTTOM LINE
  TrustPort Internet Security 2015 has hardly changed since the last version, which means it offers dismal spam and phishing protection, an ineffective parental control system, and a retro firewall that wildly spews popup queries.
  

Unless it has changed, this Czech software has limited customer service hours.

Technical support is available Monday through Friday from 8 a.m. to 4 p.m. Central Europe Time ​

I think this is a small company with an unrefined product. And... if I am correctly assessing it, they are lying about test results on their homepage.
http://www.trustport.com/en/news/tr...e-most-effective-methods-of-malware-detection

The May test conducted by AV-Comparatives focused on proactive detection capabilities of submitted software. This test used samples of malware collected during one week after the last update of the twenty examined antivirus products. TrustPort Antivirus detected 80% of worms, 71% of backdoors, and 55% of trojans. With the overall detection ratio of 63%, it surpassed all other products tested, and it once again received the prestigious AV-Comparatives Advanced+ award.​

That would be considered at least deceptive, but I would consider it lying to list this as if it were current. The page is copyrighted for 2015. As far as I can tell, they are referring to a 2011 test.

So ironically, Trustport is unTrustworthy.

I would pass on this one.


Your welcome,

-Frank

 

Good sleuth work Frank. Out of curiosity I also checked AV Comparatives and reached your conclusions as well. They actually lie repeatedly, as you said they participated last to the Retrospective test in August 2011, with 61.3 % detection (they claim 63%), they were in 5th position compared to the others (they claim to have surpassed all other products tested), and they were last in terms of FPs (over 15) reaching the level of "Advanced"(they claim "Advanced+").

Now if there is a current test that proves their claim valid, I will retract and apologize, but otherwise I would never trust such a company.
http://www.av-comparatives.org/wp-content/uploads/2012/04/avc_beh_201111_en.pdf

 

anyone test the internet security edition it seems to include lots of extras the av doesnt. just being curious if its as light or not. i just dont have the time for at least a few days or more to test anything else right now. have a huge workload this week. going to be some LOONG days. when i can ill report back.

also when does the lic start ticking after you buy one?

 

Good catch. Don't think you will be retracting nor apologizing... they appear to be straight out lying.

It appears they are lying about their Virus Bulletin test as well -- presenting it as if it were current information.

I'm going to guess that it's the same year they are referring to... that is 2011, but it could be 2009... It is 2011 that is the last year that Virus Bulletin shows testing for unTrustedPort for polymorphic viruses.

https://www.virusbtn.com/vb100/archive/vendor?id=42

Likewise the trojans score they quote as current would probably be from 2008, 2009, or 2010.

I once dated a Czech girl.... and she lied all the time too. And when she was caught lying, she had no shame about it. Some cultures view lying differently than others.

Their quote: TrustPort Antivirus thus overtook all competing products in reactive and proactive tests, including many renowned and established brands.

Corrected quote: unTrustworthyPort Antivirus cannot demonstrate that we are as good as any competing products, but we will present 5-7 year old test scores, represent them as "recent" and even lie about those.

As PCMag Australia stated about unTrustedPort, "You Can Do Better."

 

First, I believe this is a corporate product which would explain some features like web filtering missing. At least that is the category VB tested it in. They also certified it. Did pretty good in their RAP tests in 2014 for WIN 7 and 8.

https://www.virusbtn.com/vb100/archive/vendor?id=42

 

Good score. What I find interesting is people disparaging it are often quoting from between 3-8 years ago, ancient history in AV terms if Trend+Norton's dramatic 6 months changes are any indicator.

So far the product is perfect. Zero weight. Spartan interface, detailed advanced settings, and no added junk. Support has been VERY responsive, as quick as 15 minutes back on emails. License doesn't start until the first endpoint is registered with the CD Key. Interestingly, if you exceed the license all it does is decay the oldest installed endpoint first automatically unless you contact support to get a license reset. As for Frank's claims - sure looks like PCMag was testing a different version, or he lacked fundamental awareness of the differences between 'suites' and 'av'. No phishing? No spam blocking? No parental controls? YOU DON'T SAY! Maybe that's why vendors cram so much trash into their products, so newbs like Rubenking will score them high. I can't find one fault with it, frankly. With 2 good engines, and a very robust AppGuard-Like HIPS, and offering absolutely zero system impact, and a low cost, I think it's a keeper.

Check youtube review of Trustport by 'cyber review'. Interestingly, even Rubenking says Trustport outscored Bit Defender.. But again, he doesn't seem to understand he wasn't testing a 'suite'. Which of course, many of us don't want 'suites'. Poor Neil. How do you classify something unrefined that is able to take two AV engines from two fairly bloated products, toss them in a package with zero system weight, and then toss an app-guard like hips on top of it?

PS: I put a Trustport test machine on DMZ last night, and spent 2 hours hitting infected links on a few malware domain lists. Very impressive results for a pure AV+HIPS! The 2% that got past AVG+BitDefender were scooped up by the HIPS due to the hips segregating a system into protected/unprotected areas. I'd imagine stacked with even a mediocre URL scanner it's ridiculous. In the case of me running UTM's, or Mortal running AiProtection on ASUS, it's networking kevlar.

 

Hey, everything moves, changes, and evolves.

Mayahana and others here are very competent in their analysis of products. So no issue for them. They will not be taken by inferior products.

For me, this company seems shady, shifty and untrustworthy.

But like all companies, I'll watch them going forward and see what happens.

Maybe this product is a diamond in the rough... one starting to break out. We shall see.


-Frank

 

Sophos + Avira is on his gateway since he uses Sophos UTM.

========================================

BTW I read a report last year about vulnerabilities in AV engines. OEMed BitDefender engines shared many vulnerabilities while BD had much fewer, said the author of the report. As a result, I don't like products using a lot of OEMed engines.

 

Could you please post the link for this? I have suspected same for some time but could never find anything written about it. Would certainly "blow the socks off of" products like Zemana Antimalware and like products that use the OPSWAT interface.

I also suspect there is some type of tiered licensing in play. Products like Trustport, Emsisoft, and the like license the "real" Bitdefender engine and signatures whereas others only use third party signatures with their own engine. A very big difference.

 

Based on this: http://www.bitdefender.com/oem/sdk-integration.html , I would say that the third party version of the AV portion of Bitdefender is the same the one used in it's retail product. However, I can see how it's effectiveness would be enhanced by other features in the "real" Bitdefender product over that of the OEM AV. Also the reverse may be true; the OEM product could be superior to the retail Bitdefender product.

That is why AV labs exist; to do that type of comparative analysis.

 

It's actually a slide for a security talk: http://www.slideshare.net/JoxeanKoret/breaking-av-software-33153490

I re-read it just now, and found something I ignored or forgot previously.

First, the author used Linux with some additional work to audit many AV softwares which only provide Windows versions. But he did provide screenshots on Windows in ASLR section. Maybe he also did his work on Windows.

Second, on page 74, he mentioned that all the bugs in bd engine "don't affect exclusively BitDefender's products". I interpreted this as "bugs he found existed only in OEMed bd engines". Point it out if I'm wrong, since I'm not native English speaker.

Also, in page 104, do you know which are the two AVs that run file parsing in sandbox?

 

Exactly.

I've noticed over years... that products with the Bit engine rarely measure up to Bit in testing.

There are 24 products that reportedly use the Bit engine. (AV-C)

Only one often beats Bitdefender in testing, two sometimes beat Bitdefender, and of the many others, they only very occasionally beat Bitdefender... if and when they are tested against it.

 

Hmmm.... I dunno.

Off the top of my head, the AV's that I know of that use a sandbox are: Comodo, Avast Pro, 360, Kaspersky, and Norton.

It seems to be getting more popular, so there are probably more..

 

how do I sandbox in Norton Security? like if there's a suspicious file I got and want to run it sandboxed, how to do that?

 

What is so great about TrustPort? Isnt it just a generic dual engine antivirus?

IMO they are only three dual engine antivirus that deserve praise and consideration: F-Secure, Emsisoft and G-Data.

I will be watching this thread and TrustPort, maybe I could be wrong.

It is not possible, sandbox in Norton is "just" a component of SONAR, to isolate (test) possible malware files.

http://www.symantec.com/about/profile/star_technology.jsp

 

Having sandbox doesn't necessarily mean that it is provided to end user directly.

Maybe Norton uses it for smart analysis, or file content parsing.

And my question is not about the sandbox we're familiar with. The slide i posted mentions two AVs using emulater/vm/sandbox for file scanning. I wonder if it means sandboxing the AV engine.

Anyway, I don't like BD and its engine very much, although it always has high detection ratio.

Hopefully TrustPort has auditted their oem engines carefully since they seem to be the two with most bugs found by the author of the slide.

 

ESET NOD32 has been using advanced emulation/sandbox for years and Bitdefender has HiVE.

I think they are much more than two antivirus that uses this kind of technology ...

 

With all due respect to the analytic ability of my friend Mayahana... I see it exactly as you.

I think Trustport is weak. I think more testing will expose Trustport as weak.

And I see the exact three you do as the top 3 Bit engine users.... with Dirty Qihoo closing fast.

unTrustedPort being small and dishonest... I would not believe them if they told me the issues were fixed. Somebody would just have to test it..

 

In slide 15 and 16, he quotes a number of AV's that are "broke" i.e. that have vulnerabilities. Notable are Avast and Eset in the list.

Then in side 17:

Broken AV products...  The list is interminable... but, using this list http://www.av-comparatives.org/av-vendors/  ...anything using a 3rd party engine which is not Vipre, Norman, Cyren or Agnitum.  Examples: QiHoo 360, F-Secure, G-Data, eScan, Emsisoft, BullGuard, Immunet, etc...  + all the AV products using the AV engines mentioned in the previous slide.  + some rare AV products like BkAV.

Now give me a break. He just quoted the four worst AVs in the market. I say the person was smoking the wrong stuff when he gave this presentation ...........

-EDIT- Actually what this person is talking about in this presentation is how exploitable various AV products are. And I know Vipre which sucks at detection is indeed armor platted when it comes to tampering with it in any way. Does give food for thought about adding your AV service .exe to EMET's protection through however tough it might be to get it running right.

 

Pretty much. I think people are disparaging this without any real merit to their assertions. I haven't taken TP into the lab yet, but I did run some DMZ HP on it over the weekend, and it was most excellent.

One of the things that is quite powerful is the 'protected space' HIPS system. While this can be somewhat 'chatty' under some conditions, it provides a near absolute protection from malware infection - user dependency not withstanding. I probably wouldn't leave the HIPS on for most consumers, or I would dial it down substantially, but for someone with reasonable IT knowledge it's very capable to fully secure a system beyond what an antivirus alone can do. I do like how I can toss my 'own' folders into protected, or even restricted locations, further enhancing the sanctity of folders such as my personal documents. Don't overlook the fact that this would entirely prevent any Cryptolocker's from working.

Generic Dual Engine AV? Not really. It's bundled in the fastest, lightest package we've ever seen, and bundled with one of the best HIPS I have see in years while leaving the 'rubbish' out. Time will tell, I scooped up additional licenses for testing purposes. We will see how it goes but so far so good.

 

I concur with JR.

This thread is about unTrustedPort.

We can talk about trusted security software in other threads.


-Frank

 

Back to topic, does TP have its own engine? (something similar to "engine B" in other BD OEM vendors, e.g. G-Data, F-Secure...)

Since there's a giveaway activity, many people on the other forum have started to use it (none of them are CHIP readers though, lol). So far the detection ratio in virus sample forum looks good (as good as BD), and no negative reports about performance.

I'll also watch there.

 

I see three engines being updated. I am not at home right now, but they are named something like 'Xenon, Aeon, XYZ'.. I assume two of them are AVG+Bit Defender, and the third is whatever their in-house is, perhaps the HIPS.0

I've manually added Chrome into the HIPS, and locked down other aspects of my system using it - the process is fairly similar to AppGuard configuration. At some point I will share my custom rules in this thread.