MRG Flash Tests 2011

Would be interesting to see how some simple OS hardening, like a limited user account with software restriction policies, will perform in these tests...

Edit: just did that request to their contact e-mail.

 

They are referring to the rootkit named Tibia.

 

Just received a positive answer from Sveta Miladinov

The reason i pointed in the e-mail i sent was to know how effectively the correct use of some simple OS hardening prevents infections, before adding another layer of defense (a anti-malware application).

"Hi Alex,

This sounds like a good idea indeed. I am sure we can come up with a test scenario for this


Best Regards,


Sveta Miladinov
Founder & CEO,
MRG Effitas/Effitas Group"

 

Security software vendors disapproval on the way out?

-edit-

So, this brings back what I mentioned sometime ago - Sandboxie should be a candidate.

 

LOL Sandboxie would fail or pass all tests, if they run the malware inside the sandbox then it's 100% (I guess so , unless theres a vulnerability we don't know of) and if they run it outside then it's 0%?

The OS hardening part is really interesting!! Bring it MRG!!

 

The point is: System hardening is not at the reach of the average user. The same way that Sandboxie hardening won't be either. So, if one qualifies for the test, why shouldn't the other?

That's precisely the point. I got a pretty good feeling that either system hardening or Sandboxie would be both great, and better than the tested antimalware tools.

And, as someone already mentioned quite a few posts back, it's not like the average user cares about these tests. So, why not show to the advanced users, in general, what Sandboxie can accomplish.

If a test is downloading a piece of malware, and the the browser is running inside Sandboxie (obviously), and if there are start/run access restrictions, for example, no other process but the browser's own can run. End of story.

The only difference between system hardening (standard user account, SRP, AppLocker) and Sandboxie, is that one is system wide and the user per application. All you got to do is sandbox the critical applications, properly configure the sandboxes and it's done deal.

 

But the thing is that i'm almost certain that SandBoxie would get 100%
OS hardening on the other side can have mixed results unless they use SRP which disables everything executing.

 

Depends on the configuration. But yes, it would likely get 100%.

As for SRP/OS-stuff. IDK about that. i mean, you can block literally everything on the system of course and be safe but that's hardly compatible.

 

There has been a new testing specification change. http://malwareresearchgroup.com/

 

No Emsisoft?

 

Very "nice"

Few days later

 

THIS!!!

 

What made EmsiSoft to withdraw?

 

Perhaps it was the testing change.

 

Should I trust Malware Research group or not?
Check this out:
http://www.youtube.com/watch?v=uEMp9TVxdCA

Than I found this:
http://www.youtube.com/watch?v=AviNeuGna1s
http://www.youtube.com/watch?v=-iSfUorRiT0

I'm really confused, who should I trust?
It seems to me I can't trust to anybody...
Can anyone give me any advice at all?
And I'm not a Comodo user, but DefenseWall user, but if this is true, it means all the tests provided by MRG are useless and should not be trusted?
How do you know you can trust to any computer testers?
Thanks to all.

 

i never trust them. it is easy to put 2-3 malwares that you are sure the apps will fail... don't rely on testing organizations, they are just informative. test your security software yourself.

 

Hello there,
keep in mind that there is a vested interest among security applications writers and critics to keep things on the anxiety level. Even if a machine gets infected it is really not end of the world as long as you have some backup strategy, at least for your private data. My systems are well protected and my choices don't change every other day, but if I were infected all of sudden my imaging software within 30 minutes max would return everything back to normal. I wish something similar would be available when we are very ill.

 

If the infection is a trojan with a keylogger payload, what then?

 

Nothing, he just looses all his lifetime savings after he did some E-Banking while he was being keylogged

 

Emsisoft is back, they probably forgot to put it in the list.

 

LOL yeah it is on the list now
Is there a release date for these tests?

 

You said that if you were infected all of sudden your imaging software within 30 minutes max would return everything back to normal. How did you do that?

 

I guess if he finds out he is infected, he just reverts back to a previous image

 

can't wait to see new test results

 

'If' is conditional by definition, meaning the trojan has to be executed, it will have to bypass Avira, MBAM, find its way out of Sandboxie and ultimately get out unnoticed by look'n'Stop. Not a chance on my computer. Besides I don't use Windows anymore for online purchases.