Anti-malware.ru June 2012 IDS/IPS test

Gold Award to Kaspersky (1st) and Norton (2nd).

Google translation to English:

http://translate.googleusercontent....S_2012&usg=ALkJrhi-lwSY-tTuwPEVMQMjZTrUg7UOug

 

Hi

In almost all .ru Lab test place Kaspersky 1st place.
Coincidence?

 

Maybe all samples were collected in Russia
thanks for the link. I am more interested in the upcoming Retrospective test by AV-C

 

Then Dr. Web should be #2 at least.

 

...and Outpost should be in the top 3 instead of the bottom 5.

 

Another ho hum security testing organization that ain't worth a crap for anyone. IMHO

TH

 

+1

McAfee...

 

hi
Quite agree with the Prevx helper.
why the choice of an old and statistically uncommon OS, Unpatched OS but updated products, non stealth port scan, non based pentesting methods and techniques, approximative vision of some terminolgy, not equal product list, suspect ethical and independence way, limited different tests that does not circumscribe the full potential of each product and limit the legitimacy of the funny awards...
As usual of course, criticism is easy, but testing is difficult.

I remember a stress test of Prevx by Matasano or Immunitysec wich was much more interesting than this one.
By experience, i am convinced that comparative testing is in an absolute way a dead end.

rgds

 

Well it is #3, and why would they accept to be tested only here out of all places? Emisoft 52%? No way, I think the Russian old boys network sticks here unashamedly.

 

Is this the most absurd test ever? If you run Windows unpatched then you're very unlikely to be running any firewall/IDS/IPS anyway, because you're that stupid. Unbelievable.

 

I withdraw my criticism as I was reading an older test:
http://translate.google.com/transla...ww.anti-malware.ru/test_personal_IDS_IPS_2012

I still find odd the results of G DATA and BitDefender which usually score very high in just about any test.

 

Not at all, if you want to test the capabilities of the products. If you tested vulnerabilities with an OS where those vulnerabilities have been patched, they would all score the same because the exploits would be blocked on an OS level.

And believe it or not, many average users do not update their system or programs.

 

The test is simply rubbish.

 

My point is that the test has near zero practical use. With anti-virus tests you can at least (rightly or wrongly) make a buying decision from the test. What would somebody with an unpatched XP3 system do who stumbled across this test? Run Windows Update or go out and buy Kaspersky instead?

 

This is a very good test!

 

guys if the judgement your are giving is based on facts you have please let us know the facts but if this is only your opinion well it lets anyone choose if the test is to be trusted or not
cheers Gery

 

Seems like a reasonably trustworthy test to me. I know of no other organization that publicizes test results from network attacks/IPS/IDS so you can't really say it's rubbish because products that normally score good now don't or the other way around. New 'real world' testing methods from respected testing organizations for malware also use unpatched and outdated software, I haven't seen them criticized about that either. Plus, from what I see with people I know, the statement that users who run unpatched windows versions are unlikely to run any firewall/IDS software is incorrect, as I see many with Windows update turned of because they use a pirated windows and are afraid it will stop working after an update, but they still run up to date security software. Of course IDS/IPS is only a small part of a product and since a lot of people are behind NAT/SPI routers the results of test like these will influence the decision to use some security software much less than test results from anti-malware tests, but some people are a lot on public WiFi with their notebooks, so for them it's more relevant.

 

Wait what?
So they are telling me a regular AV Suite beats dedicated HIPS in a HIPS test?
Okay . . .

 

Yes, because the test is about external network attacks. It's not a HIPS test.

 

So almost 30% of attacks bypassed Comodo set to max? (that would be Defence+ set to paranoid). To me, that's hard to believe.

 

Wouldn't Defence+ protect against internal attacks? This is an external attack test.

 

Remote code execution should be prevented by Defence+. DoS attacks probably not. So as I understand they either crashed system with some DoS attacks or they found holes in Comodo's Defence+ set to max.

 

Last year they did a test against internal attacks:

http://translate.googleusercontent....n_2011&usg=ALkJrhhXpqbTNrMOFi6WltugrNU8ZWuXRA

Comodo and Defensewall topped that.

 

OK. Thank you for link.

 

Tests by anti-malware.ru have always been done using simulators and unrealistic scenarios. To top it off towards the end of the page you see this:

Comments Partners Anti-Malware.ru
Oleg Adrianov, Manager of Product Certification "Kaspersky Lab"

So Kaspersky is an Anti-Malware.ru "partner"? I wonder what the terms of this partnership are.