MRG Flash Tests 2011

Hi SweX,

Currently we are doing one massive test which is talking a lot of our time, but we should be done with it next week and then we really plan to increase the number of tests per week.
Like all the users, we are also hoping to see better results, but sometimes its good, sometimes its bad, its the nature of the "game" that we are all participating in.

Regards,
Sveta

 

This "massive test" sounds very interesting i'm really looking forward to it.
And it's nice to hear that you are planning to increase the amount of tests per week.

Thanks a lot Sveta

 

But what part of conventional testing tells you this? Where is the data about which threats were confirmed to have a live source VS a legacy infection?

Why would you care if something is detected yet there are no circumstances in which you will be infected by it?

The problem is that there are massive amounts of cloaked/negated data in conventional testing that is in a very real way more relevant than the posted results.

 

Awesome

 

Then what's the point in endless tests like these .Apart from creating fear in the ability of a users AV ,and the desire to change to the current AV of the hour?.Unless perhaps that is the point?

 

There's often some consistency in results. And AV's that do more than heuristics and blacklisting will typically be at the top.

 

The following talk pretty much underlines malware evolution and what the battlelines are today.

This has to be one of the best talks of the year about malware.

Both educational with some humour to boot

 

Thanks for the link.

 

Interesting video especially the old stuff.I wonder if Mikko knows hes currently third from bottom in the current flash tests?.Ahh well there's always tomorrow ,or maybe the next minute or so

 

Gave the video a watch. Definitely worth it.

 

I guess you guys missed this thread that I posted here on Wilders on July 30 https://www.wilderssecurity.com/showthread.php?t=304457

 

I guess so. Can't be on Wilders all the time =p

 

Mikko's videos have always been interesting and this was no exception.

 

Can you give us its name?

 

I see that Emsisoft has done very well on these tests with only 4 fails, second to only Malwarebytes 3 fails.

From having followed this forum for a while now I get the impression that although some use Mamutu, I rarely see any talk about Emsisoft Anti-Malware. I am wondering why this is.

I have been using the 30 day trial of Emsisoft Anti-Malware for about a week now along with On-Line Armor. I am surprised to see how light Emsisoft Anti Malware feels. It's like nothing is there. It feels lighter than both Kaspersky 2012 and NIS 2011 and boot ups are very quick despite having the boot scan enabled.

 

would really like to see those testings happening live though or recordings will do just fine IMO..all we do is take the companies word for it..

 

I have no problem taking the company's word for it.
I guess we all have to decide who we trust and when we trust.

 

I trust my own tests. Everything else I take with a grain of salt.

 

If I wanted to put a very fine point on it, I would draw a distinction between taking a company's word for something and trusting them.
After all, if it's just a test, then there isn't too much riding on it, in terms of putting trust in the wrong place.
Shrug. At least I know what I mean.

 

i wasnt trying to defend any other kind of test, i was referring more to the part where you said "'after it no longer matters' DB bloat." I probably should've quoted that part more directly.

 

Relax, here is some data http://marketshare.hitslink.com/browser-market-share.aspx?qprid=2 All these people running outdated browsers and unpatched software are likely to be hit by old exploits/virii

Your are an insider and problably read a lot infection analysis reports of AV-vendors/security agencies, you have to agree that those reports often mention "In *** quarter *** we saw a revival of ***name of threat ***"

So it is not an over the top remark that firzen made

 

You are not understanding what legacy means. Legacy means that there is nothing you can do with any computer in the world what will get you infected with an infection. This happens when a live source either goes dead for good or the payload changes in a way the the previous detection now fails. As an insider I do understand that this happens now many times a day and for some droppers they do change every download so using samples from months ago in general is completely meaningless.

 

lol lies,damn lies and statistics

Ok then surely you realize a lot of malware has a shelf life right ?

Example a singular WMF exploit file distributed 2 years and 1 month ago....what good is it today when the hardcoded download URL has been nuked 2 years previously..It cant call down its malicious payload(Trojan) no more.

Same for any trojan downloader where the call down URL is offline permenently or any backdoors where the hardcoded C&C has been nuked.

Exploit files just like trojan code itself so it needs constant updating to evade detection and achieve their intended purpose to take ownership of as many computers as possible.

The modern tools of the trade for todays cyber criminals(exploit kits) are not calling down Brain.A or Blaster worm or even sub-sevens

TDL's,Zeus,Spyeyes,FakeAlerts/FraudTools are the order of today most pushed trojans.

Dated exploits will be used as long as there is a market for them(unpatched machines/vulnerable software proliferation) just dont presume since its an old known exploit that it is in fact old code inside(=old malicious payload) or that dated exploits files can still retrieve a malicious payload today.

 

I talk a lot about it

 

What about old virii from different sources, or virii using website vulnabilities to spread around, or do it yourself virii made with exploit packs of low skilled home brewers. Are these non-existant?

Are all other AV vendors out of their minds to include old fingerprints and try to improve generic family pattern recognition?

Regards Kees