MRG Flash Tests 2011

And you honestly think 23,000 tells you something about 0day performance? Unless those 23,000 under 24 hours old all that tells you is how well a vendor defines legacy samples which to me, is nothing more than marketing BS.

Personally I'd like to see a mix of both worlds as in 1000 samples a day where the MD5 did not exist before that day. That aggregated over time would likely change some minds.

 

At what point does the the BB jump into action? If the A2/Ikarus engine(s) see the potential threat first will the BB have time to intercept anything? It would be interesting to have Mamutu included in the new round of tests.

 

Wow! really? oh well...

yeah right...

Mamutu does not 'detect' malware per se, instead, it blocks malware after-execution based on behavioural patterns. So a comparison against signature detection would be pretty much unfair.

 

Yes, I asked Sveta a while ago to include Mamutu and Threatfire in the testing and he replied that they would like to add them soon but they're very busy.

 

That's my point. I believe that the real-time scanner (w/ sigs) makes the first interception, then the BB double checks afterward or checks is their isn't a signature. I could be wrong.

Why? AFAIK Defensewall has 0 sigs and according to Zemana's site they don't rely on sigs either (at least not in the traditional sense).


I guess this thread got me thinking about EAM's detections.


http://support.emsisoft.com/topic/3462-strange-detection/page__p__20003#entry20003

 

The abysmal results of PCtools AV + Spyware doctor are not influenced by Threatfire, the behavior blocker is off in default settings

Thanks, nice thread, didn't know about that.
Still, MRG does a on demand scan before executing the sample so this wouldn't negatively influence the results.

 

Yeah, it just got me thinking about when the BB activates.

 

Defensewall and Zemana doesn't detect malware either. In fact, MRG includes a HIPS, Behavior Blockers, Anti-Loggers section.

Mamutu shouldn't be added though, because Emsisoft Anti-Malware already includes it.

 

Safe'n'sec would be an interesting addition.

 

It seems that they stopped testing?

 

Yeah, I forgot about those. Sorry guys. Eitherway, why is it that they compare signature based products against BB, HIPS in the same test?

 

I think it's a test of how well security programs protect you from zero-day malware, regardless of what methods they use.

Maybe the threat should be moved to other anti-malware software section.

 

And you honestly think that we should believe MRG testing results rather than own experience with testing Vipre? In my personal experience, Vipre has excellent detection, but, even with malware that is easy to find on the Internet, Vipre is equally efficient as shown by the MRG testing results with 0-day malware !? It is not logical to me.

Seems that Vipre is top-notch against keyloggers, or 0-day generally but it is not so good against common malware as would be expected based on MRG results?

 

Flash Test 3/29/11
http://malwareresearchgroup.com/2011/03/mrg-flash-test-3292011/
Slight error with table, vendor "Passed" most likely "Immunet Protect Plus". (table fixed)
Vendor Coranti added.

 

Nice, they dumped PC Tools btw.

 

Once again, MBAM handles their business quite well,
and SAS doesn't.

 

SAS is taking a beatin ... but look at Sunbelt they are working very well on VIPRE

 

Not sure what you mean here as all malware was once 0-day?

 

I think he pretended to say that Vipre is good detecting 0 day malware but not as good with common malware ''malware that is detected by various AV's''. That's what I think he said

 

DW blocked them all

 

Can someone provide the link to the overall product comparison, showing results of all 9 (I think) tests?

 

Not sure if this is what you are referring to or not:

http://malwareresearchgroup.com/malware-tests/flash-test-results/

 

I wondered where they have been...spring break must be over!

 

I see that a few products that were in a deficit position have now pulled even.

 

Well done emsisoft, and also congrats to avira

Mbam and deswall is awoesome