Malwaretestlab 9 Killdisk Virus vs 25 Security Software

Yep. The results are somewhat too extreme. All or nothing is a sign of all the 9 tests to be much the same. (Sigh) this is very difficult task to run the professional tests.

 

Different security levels are a BS. Security cannot have different levels, the only two possible cases are "secure" and "not secure". 90% of the users run security in default setup, and default resuts are what this security is really worth of (for 90% of the users).

 

Sorry for awakening this thread, but I couldn't find any information related to that. It's about Windows SteadyState.

How was it tested? Did you install it, enabled disk protection and then tested it? Have you applied Windows SteadyState restriction policies?

I ask this, because it seems it failed every test. I'm wondering if configured to restrict certain actions, if it would still have the same results?

 

Nice to see Threatfire does what I expected.

 

All software tested with default settings. (only comodo and outpost tested with default and changing settings)

http://malwaretestlab.com/more.aspx?entry=24 [Page:8]

 

Thank you. I missed that part.

Please, don't see this as criticism or anything like that but, why didn't you test every application with both default and tweaked settings? Sure, it would take a lot more time to perform the tests, still it would give a better idea of what some of the applications are capable of. I think Windows SteadyState would display different results, if it was tweaked.

I mean, by default settings I mean you're talking about installing it and only enabling disk protection, right? (Sorry, but I still don't quite understand what the default settings are for Windows SteadyState, in your own conception.)

For me, default settings would be to install it, enable disk protection, add user acccounts and allow or deny certain actions. Then, if the Administrator/User in charge of the system wishes so, then tweak it even more to restrict even more what can be done to the system, in the first place.

I believe that's the true power of Windows SteadyState (disk protection + restrictions).

Perhaps the fact that Windows SteadyState offers the possibility to apply restrictions, makes it not be as powerful as it should, by only enabling disk protection.

It sure should offer better protection only with disk protection enabled, but maybe it was developed with disk protection + restrictions in mind. No idea.

 

i wuldve liked to see how NIS 2010 beta wuld have done

 

AVG Identity Protection fails in every test I could remember, that's disappointing

 

It's not disappointing. AVG IDP doesn't resemble to any of the other tested applications.

Why?

AVG IDP is not a rollback. AVG IDP is not a sandbox. AVG IDP is not a HIPS. AVG IDP is not like Threat Fire or Mamutu. AVG IDP is a smart behavior blocker.

Unlike Mamutu and Threat Fire, AVG IDP won't flag most of the actions. Mamutu or Threat Fire will flag more or less according to their settings. With AVG IDP you will have a smart/pure behavior analyzer. It monitors every process and checks their behaviors against a list of behaviors. If that behavior follows the pattern of known malicious behavior, then AVG IDP will flag that process.

While certain malware causes damage by introducing a new behavior, it is also true that most will follow already know behaviors. This is where AVG IDP makes a difference.

It, also, reports very few false positives, for it checks against a database of known and digitally signed applications (I'm sure it is check for other "DNA" as well.).

AVG IDP is not to be used as a stand alone anti-malware application. It is meant to be used along side an anti-virus.

Sure, AVG could just make it work like Mamutu or Threat Fire, hence making it more intrusive. Personally, I like it this way.

The trick resumes to what you use in conjunction, I guess.

 

this is basically a test of HIPS rather than that of a signature based av.

 

NIS 2010 isnt only signature based, thats why im curious...

 

I believe ThreatFire is also a smart/pure behavioural analyzer, from my experience alerts are very rare.

 

Even after several months, or even years of use, users with common-sense won't see any alerts from ThreatFire.

 

To be honest, I never really gave ThreatFire much attention, but for what I could see back then, it would ask if I wanted to allow XYZ action from doing XYZ action, for example when installing some application. I believe I had the default settings (level 3, if I am not mistaken).

Now, AVG IDP won't ask you anything. It will monitor every process for known malicious behavior, and will flag if something matches that behavior.

Of course, as I previously said, it could alert for something but only being a false positive, but it also comes preselected to automatically send to AVG any detection. I know it happened with anti-rootkit GMER. But, no longer. I guess it was whitelisted.
But, false positives are very few.

Mamutu same deal as ThreatFire. The higher the level of protection, the higher the interaction with user will be.

I'm only talking about default settings and higher settings, without any tweaking. I can't really say what would be the amount of alerts if those two applications are tweaked enough.

Now, with AVG IDP there are no settings tweaking (unless creating exclusions) to give fewer or more alerts. It will only alert if a monitored process has the behavior of an already known malicious behavior, even if a new malware.

 

I agree, that's the difference

 

I have read a lot now about what AVG IDP should, could, would, if and when.
Any real life examples for your theories?

Cheers

 

Theories? Everything I mentioned, I mentioned by saying what that application is all about.

I couldn't care less if AVG IDP does or not protect against what it says it protects against. The same way I don't care if Mamutu/ThreatFire protects or not.

I don't use such tools. Nor do I advise them to anyone, precisely because I don't use them or test anything against them. So, I don't care, at all.

If you want proofs that it does or not protect its users, then I'd suggest you to get in touch with AVG, and ask them for real proof. Or test it for yourself. Personally, I got no interest in it. I admit that I prefer its way of working, though. Why? It won't bugger the user with alerts he/she won't know what to answer. (OMG... Firefox is trying to intercept my keystrokes... Should I allow it? That sort of reaction, which only causes confusion.)

All I ever said was to clarify the three products AVG IDP, ThreatFire and Mamutu. AVG IDP doesn't resemble to those two. So, any testing where these three applications enter, AVG IDP will always loose. Why? For the reasons I mentioned in other posts. It will need to have in its database information about behaviors. If such behaviors haven't been seen before, then it won't protect you. That's why it would be stupid to solely rely on AVG IDP, or ThreatFire or Mamutu.

Anyway, AVG IDP is Sana's application, which before being bought by AVG, was licensed to Symantec, and they released it as Norton Antibot. PCMag made a good review of it. I'm sure it has improved since then, specially the database of known malicious behavior.

 

Looks like the site is down. Anyone know where else the results are posted?