MRG Effitas Antilogger & Browser Security Test

http://malwareresearchgroup.com/2011/08/19/mrg-effitas-altilogger-browser-security-test/

I vote for Spyshelter. It's the only significant one missing from the list I believe?

 

Re: MRG Effitas Altilogger & Browser Security Test

 

Re: MRG Effitas Altilogger & Browser Security Test

GeSWall?

 

Re: MRG Effitas Altilogger & Browser Security Test

I vote for Geswall and Comodo Internet Security...

 

Re: MRG Effitas Altilogger & Browser Security Test

no more peg2 test

 

Re: MRG Effitas Altilogger & Browser Security Test

Another vote for GeSWall. I am glad they are starting to include these types of programs.

 

Re: MRG Effitas Altilogger & Browser Security Test

I don't think CIS or Peg2 would be classified as specific anti-loggers or browser security products. Maybe, but I wouldn't have thought so. Online Armor might qualify. I'd also like to see Authentium Safecentral tested.

 

Re: MRG Effitas Altilogger & Browser Security Test

Test SpyShelter. Also would like to see Avast SafeZone tested.

 

Re: MRG Effitas Altilogger & Browser Security Test

+1 For Spyshelter and Avast's SafeZone.

 

Re: MRG Effitas Altilogger & Browser Security Test

geswall
Comodo defence plus

 

Re: MRG Effitas Altilogger & Browser Security Test

GesWall

 

Re: MRG Effitas Altilogger & Browser Security Test

Considering the thread here....
http://forum.avast.com/index.php?PHPSESSID=e92b0p7naequivkgova8tro607&topic=82291.0
it seems avast sandbox and safezone currently has quite a big problem

 

MRG Effitas Altilogger & Browser Security Test

I fully agree with you!

Where is SpyShelter ?

 

Re: MRG Effitas Altilogger & Browser Security Test

Is not a matter of MRG if you want to see SpyShelter on this test send an email to the dev info[at]spyshelter.com
The last time due to some problems the SS dev requested to be removed from any MRG test.

 

Re: MRG Effitas Altilogger & Browser Security Test

Hopefully Sveta will let us know whether SS is one of the options for testing, or whether SS are still refusing to be tested, for whatever reason.

 

Re: MRG Effitas Altilogger & Browser Security Test

SS is one of the options but SS has to request it, I know this by Sveta

 

Re: MRG Effitas Altilogger & Browser Security Test

Yes, we are happy to include SS into this test, but we would like to discuss the methodology with their developing team first, this is to avoid any possible "misunderstandings" later on.


Regards,
Sveta

 

Re: MRG Effitas Altilogger & Browser Security Test

Thanks for that link. If there are current alleged problems then that's all the more reason to have SafeZone tested by an independent source IMO.

 

TODAY!

 

Spyshelter.

 

Re: MRG Effitas Altilogger & Browser Security Test

Yeap they don't want to be tested since they failed the last banking keylogging test back in Oct of 2010 I think.

Mainly because the HIPS prompts were too cryptic and there was no difference between them and a legitimate program install.

Just read the MRG prior banking browser test where SS fails and the reason given why...I tottaly understand MRG reasons. I mean you get a popup asking to allow for global hooks but the same popup occurs when installing legitimate program so how is one to know which one is bad? As far as you know you might be installing legitimate software that has been poisoned and now you will be allowing all popups thinking it's good ware meanwhile inadvertently installing malware. A HIPS distinction must be made.

P.S.
OA++ also failed that test because of that.

 

All classic HIPS would fail a test with that methodology. However, since then, Online Armor (included in OA++) has improved a lot and been updated to version 5. It now states which actions are usually malicious and which are not.

 

Yeap, and their test was of 4, so I would love to see that test again with 5.

 

I wish that atleast they can change their test results interpretation.

- 2 marks for Pass with clear cut pop up alert about malware
- 1 mark for Pass with ambiguous pop up alert( op up alert regarding interception of malicious behavior but same alert also comes for legit applications as well)
- 0 mark for no pop up alert or un-related pop up alert

This way people will know about classical HIPS whether they atleast intercepted the malicious behavior or not.

@ sveta! what do you think about this?
Thanks

 

How can a software pass if it only says the tested malware is trying to do SOMETHING, but not whether it's good or bad? I bet most of the vendors could accomplish noisy applications. The challenge is in security software distinguishing between good and bad. A pop-up with no information whether it's good or bad should therefore result in a failure.