MRG Effitas 360 Assessment & Certification - Q1 2016

Discussion in 'other anti-virus software' started by anon, May 8, 2016.

  1. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,101
    MRG Effitas 360 Assessment & Certification - Q1 2016
    May 6, 2016
    https://www.mrg-effitas.com/recent-projects/our-projects/

    Download Report
     
  2. Influenza

    Influenza Registered Member

    Joined:
    May 7, 2016
    Posts:
    28
    Hello,
    Looking at Avira and MBAM scores I'm afraid about the lack of efficacy of my current security setup.:'(
    I'm actually testing Emsisoft Internet Security but it's not tested by MRG ?
     
  3. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    243
    Location:
    Belgium
    Am I missing something or is there a mistake in the report?

    On page 4, the report says that SurfRight HitmanPro was certified. On page 12, it says that SurfRight HitmanPro passed Level 2 of the test.

    However, on page 13 it says that SurfRight HitmanPro failed the test !?

    EDIT: Corrected as of today
     
    Last edited: May 9, 2016
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    To me, another example of MRG's questionable testing methods. Appears to be a ransomware test disguised as a 360 test.

    For example, Webroot that only scored 90% for the in-the-wild and financial malware tests got certified.o_O Only the vendors that scored 100% on the ransomware test got certified.:cautious:

    I also agreed that it would have been great to see Emsisoft in the test since they claim to have top protection against ransomware. But I fully understand why they want nothing to do with MRG.
     
  5. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    243
    Location:
    Belgium
    No. RTFM. Particularly, page 3 paras. 3 & 4, and page 14 points 7 & 8.

    Only those security solutions that had cleaned all infections after 12 hours were certified.

    Personally, I rather feel that this kind of test is more realistic than many of the other tests.
     
    Last edited: May 9, 2016
  6. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Kaspersky is the real ninja :ninja:
     
  7. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,018
    :thumb:
     
  8. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Understanding Grade of Pass:

    Level 1
    =
    All threats detected on first exposure / system uncompromised.

    Level 2
    = All threats detected and neutralised / system remediated before or on the first user reboot


    Failed
    = Security product failed to detect all infections and remediate the system during the test
    procedure.


    No one got Level 1 but level 2 is what I would expect from Webroot SecureAnywhere!

    Level 2
    = All threats detected and neutralised / system remediated before or on the first user reboot


    ;)


     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    The problem I have with this is just how that is possible from the products that MRG claimed to do so. o_O

    Assuming that some of the products monitor registry startup key values, some malware might have been detected then. And that is a big "might."

    Also some of the products might perform sig. scans on critical system and user directories at boot time but those are usually limited in scope.

    Whitelisting would be a possibility but unless NIS changed recently, I know of no such default usage of it.

    And the scenarios go on ............................

    But the main issue is that the damage would have been done upon initial infection by a banking Trojan if the browser was injected, compromised, and banking activity engaged in prior to the subsequent boot and detection.
     
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    In WSA's case the Identity Shield would of Blocked it no matter what.
    Even though it wasn't Detected lets say, the ID Shield would still protect you from the financial malware. And in the Test the malware was gone and during that time the ID Shield was still protecting you from any personal data stealing techniques. http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C6_IDProtection/CH6a_ManagingID.htm
    Level 2
    = All threats detected and neutralised / system remediated before or on the first user reboot

    2016-05-09_17-34-47.png
     
  11. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    770
    Location:
    SW USA
    Considering HitmanPro 3.7 is an on-demand scanner, how can it be that it blocks anything, let alone ransomware where its block score is 100%? Unless it was HitmanPro.Alert tested. Which is a possibility considering MRG's history of sloppy write-ups.

    (It's been about a year since I used HMP and have no experience with the paid version. But according to the Web site it seems nothing "realtime" has been added.)
     
  12. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    True there is no real-time protection.
     
  13. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    243
    Location:
    Belgium
    I'd never heard the view that MRG has a "history of sloppy write-ups". If that were so, it would explain the glaring error that remained in their report for three days:
     
  14. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,085
    Avira is almost always in the top 3 of av-comparatives test
     
  15. Influenza

    Influenza Registered Member

    Joined:
    May 7, 2016
    Posts:
    28
    Thanks lordraiden,
    But, I'm not sure that Avira is very effective against ransomwares.
    I'm testing Emsisoft Internet Security but nothing about it on MRG .
     
  16. Spokesman

    Spokesman Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    383
    Location:
    Belgium
    Seems like avast did better than avira @ MRG Effitas :cool:
     
  17. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Pertaining to HitmanPro, there is a footnote on the last page of the report:

    i SurfRight HitmanPro was tested on-demand only and with startup scanning which is enabled by default
    I interpret this to mean MRG ran a manual scan with it initially.
     
  18. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,101
    PDF, page 8:
    o_O

    Avira IS Version 14 is too old.......
    Version 15 released more than a year ago =
     
  19. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    243
    Location:
    Belgium
    Interestingly, that note is not in the original report but was added subsequently. See Google Cached Page.
     
  20. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    770
    Location:
    SW USA
    Well, you heard it now. ;)

    I checked my archives and have 59 MRG PDFs going back to February 2010 and I've read each as they were released. Not having kept record of the corrected releases, I have no metrics on that. As a member of their now defunct forum and I often got some clarification there.

    Sloppy write ups is the only criticism I have of their reports. In this latest one, no explanation as to how an on-access "second opinion" scanner can block anything. I believe you can set a validated HMP install to scan on reboot for an MRG level 2 pass if successful. On page 14, item 14 says startup scanning is one of the technologies relied on. So, a ransomware whacked system was restarted and HMP fixed it? OK. Great. But the ransomware was never blocked as implied in the page 11 chart.

    Their tests are technically valid, informative, interesting and editorially legitimate. I look forward to their continued contributions to the community.
     
  21. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,032
    Location:
    Hengelo, The Netherlands
    Only HitmanPro was tested against ransomware samples.

    HitmanPro.Alert was NOT tested.
     
  22. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,085
    So this is why avira scored a bit low
     
  23. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
  24. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    This is an interesting read and the key points that WSA goes after to protect:
    http://www.darkreading.com/vulnerab...gen-endpoint-protection-unique/d/d-id/1325450

    Daniel :thumb:
     
Loading...