New MRG test results

In just tried AKLT.exe with Comodo sandbox. Comdo sandbox doesn,t stop any hook based keylogging, so the test result is real. Seems not a hole, they might have left it for the reasons of usability, just like SBIE.

 

i saw the video but comodo some times forgets stuff,i expirience this and alerts me when it didnt supposse to

 

Most probably Comodo doesn't need updating in order to block this simulation,remember it was left at default settings.In all likelihood it can be hardened against this by the use of custom rules and tweaking the security settings (interprocess memory access for example?).

I don't automatically dismiss tests such as this one though,since,at the least they point out possible weaknesses in the default config. which is afterall how the majority of users have it set up.I tend to welcome stuff like this since it raises awareness of possible exploitable issues.

 

yes and yes ofcourse by maxing it's settings up will make it strong and a posibility not only to passed any test but to block nasty malware from infestation good point buddy and this one goes for any programs(hips)

 

I don't think this video proves anything. You have to allow the test application to launch in order to perform the test. This is the same for all test applications.

Keep up the good work MRG and ignore all the negativity towards you and your testing methods.

 

like i always said you must allow the first pop up alert then deal with the rest of pop ups

 

Alert clearly said that because app is not signed, it is advised to run it in Sandbox !
Why was the Allow button clicked ?

And finally, before this kind of testing MRG should at the beginning of video go to the About and show the version that is being used.
After that quickly browse through Sandbox and D+ settings and also to show which configuration is used.

 

I see your point. If it had been run in the sandbox would the results have been different?

 

the first video, sandbox can down the acces right and the application call a .dll , all application run with dll .. comodo fail.

 

I don't have that simulator so I don't know , all I'm saying is ... if you test some suite, then listen to what it says when alert pops.
And alert was very clear with straight advice.

 

Same thing with first video.
In that video there was RED Alert about global hook and whoever recorded that video choose to click Allow

I mean, there is video response to both videos from Comodo moderator so all should be clear after watching it :

-http://www.youtube.com/watch?v=-iSfUorRiT0-

 

ofc, but if comodo sandbox is really working = no alert.
The sandbox need to be perfomed, its a bad manner from comodo, again ..
they can't admit a lose ..

 

Agreed, but what is the point of their test then ?
To show that there is alert in sandboxed app or to pass the test ?

 

Exactly, it didn't fail. Defense + is a HIPS program which requires user intervention. The user chose the wrong option. Comodo would fail this test if it actually had a behavior blocker which is what automates decisions for the user. Since there is no behavior blocker in comodo its unfair to say it failed because you would be testing something the product doesn't have in the 1st place.

And the HIPS prompt was in RED as to mean alert dangererous activity going on. Which logic will tell you to block it. If HIPS is too complicated for you to use don't install it.

Hence that MRG video unfairly tries to imply comodo failed. They should redo that test once comodo actually adds a behavior blocker into their suite. Then if it fails it would be justified.

 

For detect a keylogger with a hips, u need to be a lucky, because all application use sames call api , (dll) , its the job of antivirus and keystrocken (kapersky virtual keyboard and keyscrambler) and firewall its just my opinion
the hips can't detect unknow action, like a new method with somes new libraries, just a example its very limited.
Only Avg internet security is good for cleaning a computer, it clean the memory and files modification files per files, it can takes times, but the computer is clean. without anyalerts, one of the best behavioral analisys with mamutu.

 

Is it media player? is it keyboard enhancements? is it everyday application? if answer is no, block... it is very simple
BTW. it is behavior blocking, it blocks global hooks and CIS explain that fine "...exploited by malware programs for keylogging..."

 

the descriptions is bad .. it can remove/delete/compress/renames
and can't inject anydll, also all application use it, so block all application stay with notepad+internet explorer.

 

everyday application...

BTW. you will like to unknown app. remove/delete/compress/renames, or rather if tries to remove/delete/compress/renames your security app. says it will block keylogger?

 

agree

 

I haven't run Zemana for awhile... but I trust.

 

Rapport not Raport.

 

I wonder when this fight between Comodo and MRG will end!

Both parties have failed to realise that they are on the same side, that is, fighting to keep users' PC safe. The objective of Comodo should be to make security software to protect users while that of MRG should be to conduct VALID and RELIABLE tests on security software to ensure that they are able to protect as promised.

But here what we find is that Comodo will never accept that there may be a vulnerability with their software while MRG are using all sorts of ways to try to fail Comodo.

Guys stop this foolish behaviour now, you are wasting time without doing anything productive.

REMEMBER THAT THE BAD GUYS ARE THE MALWARE WRITERS AND DISTRIBUTORS!

Thanks

 

You're quite right of course.

I feel that a lot of the problems are due to the general gray area in determining a pass or fail with HIPS .Unlike an AV test,where a product will either detect or not detect a threat making it easy to evaluate,HIPS which are by their very nature largely user-driven ,will always spark much debate as to making a definitive determination.

 

Due to disagreements with Comodo previously, MRG decided not to include Comodo in their future tests. Now without having resolved the initial contention, MRG puts a video on Youtube showing that Comodo has failed.

They already had a lot of troubles with Comodo in the past, I do not understand why they persist in testing Comodo again and again. They had a list of companies to be included in their tests, so why did they not stick to that list. AV-C has a list of companies to be tested in a year, so it follows that list and if other companies wish to participate they will have to wait for the next year to be included.

PS if there is no guidelines in testing HIPS, then perhaps someone qualified in this field should open a new thread and lay down some important rules to follow so that we do not have to witness such cinema again.

 

We absolutely agree with the last few posts, and feel that some things were totally unnecessary.

We felt that there was a need to show our side of the story as some people (not talking about Wilders Security Forum members) were not willing to move on even if we decided to let the past remain in the past. There were a lot of unpleasant things going on behind the scenes and many things were said that were not true.

As for as MRG team, Comodo will no longer be a subject of our testing unless some rules are established, and if all parties agree on these rules.

As for HIPS testing, yes we do need to establish some rules and do that asap. That by all means will not be an easy task, but it is one that is in everybody's best interest.

I've said this many times before, we should all be on the same team. Nothing in life is certain and there will never be that magical 100%. We can all work together and try to improve overall internet security, and the only way we can do that is if we listen to each other, users, vendors and testing organizations alike.

Regards,
Sveta