MRG Flash Tests 2011

Ah, that's great. So, what users have to take as a definitive answer when they choose security for their computers, if it's not about tests? Modern-looking UI? Marketing budget? Name of brand?

 

I wouldn't call that a naive question.
I'd call it a question that is impossible to answer.

 

A fantastic result.

 

Congratulations to Emsisoft AntiMalware and DefenseWall! These two programs have always done what they said they did and never cried foul. They are constantly updating and improving and it is showing!

 

My guess would be that Sveta would be happy to share the samples with anyone who contacted him, not the other way around.

 

See the third post down from Chris

http://forums.malwareresearchgroup.com/viewtopic.php?f=18&t=633

 

Hmmm... they have me on MSN messenger as well but I haven't received anything I'll email them again...

 

"of any one test" - I'm not trying to say detection tests aren't valid as that's obviously the most important metric

 

In fact, all the "detection tests" are not valid at all, usually, they are refereed to static ones. Only prevention, dynamic tests are valid. And MRG Flash Test is a dynamic test.

 

Chromebooks are looking better by the day

 

haha, oof.

 

Wow 100% for a signature based software . . . That was nice!

 

Is that without the behavioral blocker?

 

I think it includes the behavior blocker (It was that way in the older flash tests)

 

This is why I think they [MRG] should detail what settings/components they used within the products they test individually like this. It's no good just publishing results of passes/fails without knowing whether the product was tested at default or at higher settings, whether other techniques were allowed to run or whether the malware was scanned on execution or by passive right-click methods. Any or all of these could make a difference to test results.

 

Nope;
From MRG site, Flash test settings;
All security applications are installed with default settings and the most recent build and signatures used in each test.
So, the BB, 'File Guard' and 'Surf Protection' are all on besides the Ikarus and Emsi engines.

'The Security applications will have up to four chances of passing the test by achieving any one of the following:
1) Detecting the sample upon download
2) Detecting the sample downloaded to the desktop during an on demand scan
3) Detecting and blocking execution of the sample on the desktop
4) In the case of financial malware, preventing data breach by any active sample.' link

 

I wasn't referring to Emsisoft specifically; I meant in general, but thanks for the link. Even with products tested at defaults, we all know the default settings are not all the same in each program. One product may have one component off while another may have it turned on, for example.

 

I almost certain that Emsisoft never fail in any test i have seen in MGR o.o , besides Emsisoft use Signature and Cloud Database??

 

Actually the number is 4, which is still very good.
http://malwareresearchgroup.com/malware-tests/flash-test-results/

 

MRG used to list the component of the software (for example, generics, behavior blocker) responsible for catching the malware.
With the sample size getting larger, I doubt they will continue doing this.

 

Just a performance observation from a VIPRE AV (Sunbelt) user, based upon the current overall results for MRG Flash Test Project 2011...

VIPRE is currently outperforming:

Avira
Avast
AVG
BitDefender
Eset
F-Secure
G Data
Immunet
Kaspersky
McAfee
Microsoft
Norton
Panda
Prevx/Webroot
SUPERAntispyware

VIPRE is currently being outperformed by:

DefenseWall
Emsisoft
Malwarebytes
Zemana

 

Nice observation

 

Another observation: regarding the three single product tests so far, the 50 malware sets appear to be different in each case. Unless that is by design, I thought they would use the same set in each case so you'd have a fair comparison.

As it is, we don't know if FlyAgent, for example, is detected by Emsisoft or Webroot, but Defensewall passes against this backdoor. However, malware such as Hupigon is in all 3 sets.

 

A security solution needs to be efficient, regardless of the malware set. Users won't get to pick which infections they will get, so that their antimalware applications can catch them. It would be nice, wouldn't it?

The excuse some antimalware companies give that they can get X amount of samples that competitors don't catch isn't a valid one, IMHO. Precisely, because of what I mentioned above. The antimalware application will need to catch the piece of malware, regardless of which one it is or what day it is; if it's morning, noon or night... or dawn.