MRG ongoing tests

Thanks. Would you have a link, please?

 

SUPERAntispyware failed and failed and failed ...

Norton seems to be the king while Avast's behaviour blocker didn't stop most of the infections ...

 

Sorry but I tend NOT to retain links to rants & ~ Snipped as per TOS ~ contests having little or no substance.

 

I'm not sure if it could or not be considered abandonware yet, there's a Beta version that was released few weeks ago and TF's forum has recovered it's activity.
I'm really not sure if this flash tests are made with out-of-the-box settings, but I am convinced that TF would do better if set on lvl 5...

 

SpyShelter will not be tested simply because they requested to be excluded for our tests.


Regards,
Sveta

 

Not "simply because" -- as you very well know!

Spyshelter demanded exclusion for VERY good reasons, IMO, having nothing whatsoever to do with the high quality of Spyshelter.

 

what were the reasons?

 

Some one over on the MRG forum posted up about that and MRG said all the apps are running with "default" settings. So, yeah, out-of-the-box.

I know for MBAM, Shuriken is disabled by default.

And as I remember for Vipre Premium HIPS is off, Handling for Unknown Programs is "Allow" and IDS settings are on the permissive side. And I might be wrong, but I think the Handling of Suspicious Programs "Prompt" setting is disabled, too.

Can't comment on anything else (except AVG AV has no behavior blocker) and Emsisoft AM has all protection enabled by default.

 

Thank you.

Shuriken heuristics are enabled by default.

You are right, all these are default settings.

 

I just installed MBAM 1.46 on a clean image of WinXP and I stand corrected. Shuriken is enabled by default. My recollection of it being disabled is probably of 1.45 when the setting first appeared in the GUI - I distinctly remember after the March update from 1.44 seeing it and enabling the check mark. Although as it was later brought to light the heuristics weren't active until the rules.dat file that began with database 4390 in August.

 

Are these tests on-demand or dynamic?

Thanks

 

Yes, this whole project is dynamic.

Regards,
Sveta

 

cool comodo did very good man

 

DefenseWall HIPS is doing very well

 

PE Guard doing very well also.

 

Yeah, I can't wait for it to be signed for x64. Then I'll have a chance to test it. If good, it'll add a great layer to security.

 

Two recent tests by them.

1- Stuxnet worm

2- Facebook security

http://malwareresearchgroup.com/2010/09/detection-of-the-stuxnet-worm-2/
http://malwareresearchgroup.com/2010/09/mrg-facebook-security-test/

Seem interesting indeed.

Just wonder how stuxnet worm was executed, via .lnk vulnerability froma flash disk( as it is supposed to execute in real world situations) or via some other way like command line etc...

 

When it comes to Stuxnet test, infection vector was USB - true to the original infection vector.

The Facebook test is a project, the phase one of the test is completed but there are two more phases to go. We will keep everybody posted about this and announce the date of publishing when all aspects of this project are completed.

Regards,
Sveta

 

Thanks for the replies.

Sveta! Were Neo,s SafeKeys ever tested by MRG. I am confused as I remember it being tested once with a keylogger/ trojan( in flash tests probably) but I can,t find it on ur web site. May be I am mistaken.

 

Nope, it wasn't used in this project as of yet.


Regards,
Sveta

 

Thanks

 

Can't see Zemana's result for Netins trojan (10/11/10)

 

I'm sorry about this question... kinda stupid... but I can't seem to find the answer. Why Norton's results are almost always in color orange? See, all the others say either Passed or Failed, but Norton's say Passed

 

You can't see it because it's not there. I'm having the same problem seeing the 250 pound block of gold in my living room.

 

LMFAO...