Matousec`s Tests (2011-06-20)

http://www.matousec.com/projects/proactive-security-challenge/results.php

Best regards,

Flaubert

 

He could have updated also the test of Outpost using the version 7.5

 

Interesting
Seems that Matousec isn't as active as before

 

pc tools internet security did very good.. anyone using it? please share ur experience..

 

Tried it 2010, it was the heaviest suite I had every used

But if you don't mind waiting 1-2 seconds for every task you want to perform, then you can try it out

 

lol no go for me then.. Thanks

 

I must say I really have no idea of how to interpret this test. It makes it look like Comodo, Outpost, and Kaspersky are the greatest suites ever and the likes of Norton and ESET suck tremendously.

 

Feels good to be using Comodo I guess lol


edit: Avast! did surprisingly poorly. Their report even notes that they only passed because of an alert but the alert was too vague.

 

They have probably been working on those test for some time. I would say Outpost 7.5 was not available during the time of testing.

 

I find it interesting that Avira And Avast!, two of the top recommended AV suites, are given such low results.

Makes me question the validity of the tests done by either Matousec or the av-comparatives site.

 

It amazes me that so many people take these tests seriously. Remember, you have to pay to be certified by them.

 

What's your point? I don't know Matousec's reputationi. But they give individual reports showing that some of their test malware bypasses the products.

 

Unless the product tested has a HIPS then that product is going to have poor results everytime. Its not just a firewall test. Its more about testing the HIPS capability of a product than a traditional firewall or AV. Eset should start testing much better once ESS V5 is released since they have finally developed their own HIPS.

 

I too was shocked to see ESET score so low.
I have never been a fan of Norton however, they used to be really bad and bloated but from recent reviews it seems like Norton have improved quite a bit.

 

@cutting
Basically. That's why, I assume, Comodo did so well. Automatically sandboxing ALL unknown files/ programs is definitely going to boost its score. And then there's the firewall too.

 

Most firewalls that dont incorporate a HIPS, well, thats a working HIPS, are no better then the windows firewall you already have, with a few tweaks.

 

After matousec started to test products with the max security settings instead of default the results became very hard to interpret. To interpret them you need to know how many people run product with the highest security settings (actually, everybody knows that it almost nobody, which renders results to be almost useless).

 

At least you know what a product is able to do, maybe is useful for those who enjoy popups

HIPS=popups if you like HIPS you will be interested in this test. If you are using a HIPS with low or standard settings you are not controlling many things, so the HIPS layer is not important to you.
Anyway some products has considerable wishlist that avoid many popups.

 

I don't think you'd feel better being infected, knowing that with the max settings you would not be

 

So where is the problem? use one of the 100% score products with the max settings if you want to control everything.

 

Problem is I don't want to control everything, I want that it was both, usable and secure. But instead of and/and I'm proposed or/or.

Another question is, if default mode is not secure, what is it intended for? (marketing aside).

 

I agree.

I even contacted the folks at Matousec to verify that my own settings for PrivateFirewall were the same as theirs used for testing the product.

I'd rather deal with a few days of pop-ups than the alternative.

And though PFW is not at the top of the test (at 91%), I like the fact that it's not a huge suite of features which I am forced to either accept or disable. I find it to be a fairly intuitive and user friendly security app that works well with the others in my layered approach.

 

The default is to protect against the most important ones or the most used by malware, I'm sure that some of the exploits are not even used by malware nowadays.

For example spyshelter is an HIPS designed to protect against malware not to control the system, if you find a malware able to bypass it you send it to the developers and they fix it in a couple of days, and the HIPS has less rules than the famous ones but still the malware is not able to bypass it. Also most of the actions controlled by HIPS are not dangerous alone for example a malware need to make 3 modifications in the system to work, if the HIPS is able to block at least one of them, you are safe, with some junk in the computer but safe.

Matousec test the product against 146 "exploits"

If you want protection against all of them you get a popup against all of them, 146 popups, there is not any intelligence in an HIPS, you get a popup for every action controlled.
If with any HIPS, oa, private firewall, COMODO D+ or any other you get less popups is because of the whitelist, or the "installer modes".

If you want less popups you can configure the Comodo HIPS manually or using a preset.

Comodo has a huge whitelist, in the proactive (a profile better than the default one) mode you will not see more than a couple of popups a week.
http://help.comodo.com/topic-72-1-142-341-Manage-My-Configurations.html#COMODO_-_Proactive_Security

You can also use the paranoid mode if you want more control and a few more popups http://help.comodo.com/topic-72-1-155-1115-General-Settings.html

My personal experience with OA default and Comodo in Proactive mode is that Comodo has a biggest whitelist and produces less popups.

 

Perhaps not to you but it works for me.

To each his own. I'm not trying to convince anyone that my way is the right way.

I ordinarily don't get a lot of pop-ups after a few days unless I've made some changes or significant updates to apps on my system.

I'm okay with the pop-ups. I'm not okay with the alternative nor am I comfortable giving over too much control to whitelists whether from Online Armor, PFW, Comodo or any other reputable security vendor. I like to know what is running and/or connecting out whether it's one of the "good guys" with a certificate or not.

 

I use Comodo defense. After a day or two you don't get many popups at all.