MRG Effitas 360 Assessment & Certification - Q1 2016 May 6, 2016 https://www.mrg-effitas.com/recent-projects/our-projects/ Download Report
Hello, Looking at Avira and MBAM scores I'm afraid about the lack of efficacy of my current security setup. I'm actually testing Emsisoft Internet Security but it's not tested by MRG ?
Am I missing something or is there a mistake in the report? On page 4, the report says that SurfRight HitmanPro was certified. On page 12, it says that SurfRight HitmanPro passed Level 2 of the test. However, on page 13 it says that SurfRight HitmanPro failed the test !? EDIT: Corrected as of today
To me, another example of MRG's questionable testing methods. Appears to be a ransomware test disguised as a 360 test. For example, Webroot that only scored 90% for the in-the-wild and financial malware tests got certified. Only the vendors that scored 100% on the ransomware test got certified. I also agreed that it would have been great to see Emsisoft in the test since they claim to have top protection against ransomware. But I fully understand why they want nothing to do with MRG.
No. RTFM. Particularly, page 3 paras. 3 & 4, and page 14 points 7 & 8. Only those security solutions that had cleaned all infections after 12 hours were certified. Personally, I rather feel that this kind of test is more realistic than many of the other tests.
Understanding Grade of Pass: Level 1 = All threats detected on first exposure / system uncompromised. Level 2 = All threats detected and neutralised / system remediated before or on the first user reboot Failed = Security product failed to detect all infections and remediate the system during the test procedure. No one got Level 1 but level 2 is what I would expect from Webroot SecureAnywhere! Level 2 = All threats detected and neutralised / system remediated before or on the first user reboot
The problem I have with this is just how that is possible from the products that MRG claimed to do so. Assuming that some of the products monitor registry startup key values, some malware might have been detected then. And that is a big "might." Also some of the products might perform sig. scans on critical system and user directories at boot time but those are usually limited in scope. Whitelisting would be a possibility but unless NIS changed recently, I know of no such default usage of it. And the scenarios go on ............................ But the main issue is that the damage would have been done upon initial infection by a banking Trojan if the browser was injected, compromised, and banking activity engaged in prior to the subsequent boot and detection.
In WSA's case the Identity Shield would of Blocked it no matter what. Even though it wasn't Detected lets say, the ID Shield would still protect you from the financial malware. And in the Test the malware was gone and during that time the ID Shield was still protecting you from any personal data stealing techniques. http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C6_IDProtection/CH6a_ManagingID.htm Level 2 = All threats detected and neutralised / system remediated before or on the first user reboot
Considering HitmanPro 3.7 is an on-demand scanner, how can it be that it blocks anything, let alone ransomware where its block score is 100%? Unless it was HitmanPro.Alert tested. Which is a possibility considering MRG's history of sloppy write-ups. (It's been about a year since I used HMP and have no experience with the paid version. But according to the Web site it seems nothing "realtime" has been added.)
I'd never heard the view that MRG has a "history of sloppy write-ups". If that were so, it would explain the glaring error that remained in their report for three days:
Thanks guest, But, I'm not sure that Avira is very effective against ransomwares. I'm testing Emsisoft Internet Security but nothing about it on MRG .
Pertaining to HitmanPro, there is a footnote on the last page of the report: i SurfRight HitmanPro was tested on-demand only and with startup scanning which is enabled by default I interpret this to mean MRG ran a manual scan with it initially.
Interestingly, that note is not in the original report but was added subsequently. See Google Cached Page.
Well, you heard it now. I checked my archives and have 59 MRG PDFs going back to February 2010 and I've read each as they were released. Not having kept record of the corrected releases, I have no metrics on that. As a member of their now defunct forum and I often got some clarification there. Sloppy write ups is the only criticism I have of their reports. In this latest one, no explanation as to how an on-access "second opinion" scanner can block anything. I believe you can set a validated HMP install to scan on reboot for an MRG level 2 pass if successful. On page 14, item 14 says startup scanning is one of the technologies relied on. So, a ransomware whacked system was restarted and HMP fixed it? OK. Great. But the ransomware was never blocked as implied in the page 11 chart. Their tests are technically valid, informative, interesting and editorially legitimate. I look forward to their continued contributions to the community.
And the version of Webroot SecureAnywhere with IdentityShield 9.0.7.46 was in December 2015 http://www5.nohold.net/Webroot/ukp.aspx?pid=10&app=vw&vw=1&login=1&json=1&solutionid=1131& alott of changes since then and all versions have Identity Shield.
This is an interesting read and the key points that WSA goes after to protect: http://www.darkreading.com/vulnerab...gen-endpoint-protection-unique/d/d-id/1325450 Daniel