MRG Tests 2013

BoerenkoolMetWorst · Feb 5, 2013

MRG is back for 2013

New in 2013

MRG Effitas is pleased to announce its schedule of public tests and projects for 2013.

The tests and projects are designed to assess the efficacy of various key security technologies and functionalities employed by a range of security applications. The methodologies used have been influenced by the work MRG Effitas has been doing with other testing labs, universities and other professional bodies and are designed to ensure assessment maps accurately to real world use cases for both home users and corporations.

The test / project schedule is as follows:

MRG Effitas Time to Detect and Remediate Assessment Project 2013.

The purpose of these tests is to measure the time taken for products to detect malware and then remediate.

Eight separate tests will be conducted during each month with each test using six or more zero hour financial malware samples from a live source.

Detection and remediation times will be measured separately, except where a product is designed not to alert on detection, but instead silently block or remediate.

Results are published at the end of each testing day. At the end of each quarter, results for the period will be collated in a report and successful products awarded MRG Effitas certifications according to their performance.

MRG Effitas Online Banking / Browser Security Assessment Project.

The purpose of this project is to assess the efficacy of a range of endpoint security solutions against a spectrum of relevant financial malware / crimeware threats.

Tests will include assessment of:

Detection / blocking / remediation of ITW financial malware such as Zeus, SpyEye, Shylock, Carberp etc.
Ability to block specific types of attack, measured by the use of bespoke crimeware simulators which use PoC attacks created by our engineers.
Ability to block attacks used by specific ITW malware – measured by the use of simulators created by reverse engineering the ITW financial malware samples, to ensure the simulator uses the same attack method of the real malware.

Testing will be conducted over a period of weeks and the results published as a detailed report each quarter.

As with the Time to Detect & Remediate tests, MRG Effitas certifications will be issued each quarter.

MRG Effitas Real Time Protection assessment Tests

These tests are variants of the Flash tests we ran during 2011 and 2012. The tests will be conducted quarterly using 500 mixed zero hour ITW malware samples.

Results will be published as a table and no certifications will be awarded for these tests.

In addition to these tests and projects, MRG Effitas will be publishing individual reports on the following:

Potentially Unwanted Applications
Ransomware
ITW Financial Malware
Phishing
Click to expand...

MRG Effitas Tests 2013 – List of Participants

List of vendors who’s products will be used in tests conducted by MRG Effitas in 2013

Avast
AVG
Avira
BitDefender
Emsisoft
Eset
GFI
Kaspersky
Malwarebytes
McAfee
Microsoft
Panda
Quarri
SoftSphere
SourceFire
SUPERAntispyware
SurfRight
Symantec
Trend Micro
TrustDefender
Trusteer
Webroot
Wontok
Zemana

This list is not final and we may include additional applications before the testing season begins.
Click to expand...

BoerenkoolMetWorst · Feb 5, 2013

Interesting..

Important Browser Security Announcement

MRG Effitas will shortly be publishing a report detailing a whole new category of malware which utilizes vulnerabilities in leading browsers on several operating systems including Windows, and Android.

Research in the lab by one of our associates has shown this new category of threat bypasses every browser security application tested to date enabling the attacker to capture user credentials entered in to banking sites, manipulate browser content (for example, alter the value displayed for a bank balance), steal cookies, run scripts etc.

We are continuing with the testing and MRG Effitas is already in process of contacting vendors and presenting them with this threat and all relevant information about it.

We at MRG Effitas are very concerned about this development and will do all in our power to help vendors address this issue as swiftly as possible.
Click to expand...

southcat · Feb 5, 2013

Nice to know.

SweX · Feb 5, 2013

Thanks for letting us know, looking forward to it. And hopefully they will be on schedule most of the time this year

The Hammer · Feb 5, 2013

Maybe some of the arguments regarding Trusteer can be resolved here.

Frank the Perv · Feb 5, 2013

BoerenkoolMetWorst said:

Interesting..
Click to expand...

Yes, very interesting.

I hope they test some of the 'non-standard' products that might respond to such a threat.

Noob · Feb 5, 2013

Looking forward for the tests.

Bodhitree · Feb 5, 2013

No bullguard in the test? What's this fail?

Syobon · Feb 6, 2013

Bodhitree said:

No bullguard in the test? What's this fail?
Click to expand...

No F-secure also, they filtered the BitDefender clones.

Brandonn2010 · Feb 6, 2013

No COMODO either, but I'm sure the test would be somehow biased against them, as that's the only way COMODO could do bad in a test

Also, never heard of Wontok or Quarri.

siketa · Feb 6, 2013

No Vipre, Immunet...

AnonOT · Feb 6, 2013

siketa said:

No Vipre, Immunet...
Click to expand...

GFI = Vipre
Sourcefire = Immunet (I think)

siketa · Feb 6, 2013

AnonOT said:

GFI = Vipre
Sourcefire = Immunet (I think)
Click to expand...

You're right.
Sorry, my bad....
I was looking for product not vendor names....

1000db · Feb 6, 2013

Brandonn2010 said:

...never heard of Wontok or Quarri.
Click to expand...

Quarri is a protected browser service. Look here. Its done very well in these tests before. Never heard of Wontok though.

chabbo · Feb 6, 2013

dr.web?

kingsoft!

CloneRanger · Feb 6, 2013

Re - Important Browser Security Announcement

I hope they consider testing things like for eg Xenotix Keylogger

https://www.wilderssecurity.com/showthread.php?t=340941

The Red Moon · Feb 8, 2013

Brandonn2010 said:

No COMODO either, but I'm sure the test would be somehow biased against them, as that's the only way COMODO could do bad in a test

Also, never heard of Wontok or Quarri.
Click to expand...

The MRG and comodo have not had the best of relationships in the past.

fax · Feb 8, 2013

Beethoven1770 said:

The MRG and comodo have not had the best of relationships in the past.
Click to expand...

As any other testing organisation that tested it and ended up with fair/below average results. Ask IBK and ISO 2Million certificate needed

Feandur · Feb 8, 2013

Sorry 1000db - but Quarri appears to require Java.
https://www.quarri.com/products/protect_on_q/specifications

That's a deal breaker for me.
https://www.wilderssecurity.com/showpost.php?p=2183814&postcount=13

-cheers,
feandur

The Red Moon · Feb 8, 2013

fax said:

As any other testing organisation that tested it and ended up with fair/below average results. Ask IBK and ISO 2Million certificate needed
Click to expand...

Not just fair results.
The MRG showed serious critical security flaws in the program and even uninstalled comodo in 1 of their videos.
Things have improved since then hopefully.

tgell · Feb 8, 2013

Feandur said:

Sorry 1000db - but Quarri appears to require Java.
https://www.quarri.com/products/protect_on_q/specifications

That's a deal breaker for me.
https://www.wilderssecurity.com/showpost.php?p=2183814&postcount=13

-cheers,
feandur
Click to expand...

Hello,
Quarri uses java for Firefox and ActiveX for IE.

nine9s · Feb 9, 2013

Does MRG Effitas do thorough tests or just day to day 0-day tests?

When I go to its site at http://www.mrg-effitas.com/ the only thing, as far as test results, that I can find are its "Flash Tests" http://www.mrg-effitas.com/current-tests/flash-test-results/

Are those the only tests it does, or does it just only make those flash tests public (have to buy the overall tests results)?

LoneWolf · Jun 1, 2013

First test results for 2013 are now published...........
Real Time Protection Test
MRG Effitas Project 33..........
http://www.mrg-effitas.com/current-tests/

nine9s · Jun 1, 2013

What are ITW threats?

LoneWolf · Jun 1, 2013

nine9s said:

What are ITW threats?
Click to expand...

In the wild.

Log in or Sign up

MRG Tests 2013

BoerenkoolMetWorst Registered Member

BoerenkoolMetWorst Registered Member

southcat Registered Member

SweX Registered Member

The Hammer Registered Member

Frank the Perv Banned

Noob Registered Member

Bodhitree Registered Member

Syobon Registered Member

Brandonn2010 Registered Member

siketa Registered Member

AnonOT Registered Member

siketa Registered Member

1000db Registered Member

chabbo Registered Member

CloneRanger Registered Member

The Red Moon Registered Member

fax Registered Member

Feandur Registered Member

The Red Moon Registered Member

tgell Registered Member

nine9s Registered Member

LoneWolf Registered Member

nine9s Registered Member

LoneWolf Registered Member

Log in or Sign up

MRG Tests 2013

BoerenkoolMetWorst Registered Member

BoerenkoolMetWorst Registered Member

southcat Registered Member

SweX Registered Member

The Hammer Registered Member

Frank the Perv Banned

Noob Registered Member

Bodhitree Registered Member

Syobon Registered Member

Brandonn2010 Registered Member

siketa Registered Member

AnonOT Registered Member

siketa Registered Member

1000db Registered Member

chabbo Registered Member

CloneRanger Registered Member

The Red Moon Registered Member

fax Registered Member

Feandur Registered Member

The Red Moon Registered Member

tgell Registered Member

nine9s Registered Member

LoneWolf Registered Member

nine9s Registered Member

LoneWolf Registered Member

Useful Searches