MRG Effitas 360 Degree Assessment & Certification Q4 2016

Discussion in 'other anti-virus software' started by itman, Feb 20, 2017.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    https://www.mrg-effitas.com/wp-content/uploads/2017/02/MRG-Effitas-360-Assessment-Q4-2016_wm.pdf

    As usual, Windows Defender and Malwarebytes at the bottom of the heap.
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    This test also adds % detected via behavior analysis with Symantec scoring a whopping 15.56% for 360 malware and 26.47% for financial malware; telltale sign Symantec switching over to new machine learning algorithms.

    Also appears signature/HIPS detection still quite effective.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,592
    Location:
    The Netherlands
    LOL, like I said it's very dangerous to promote Win Defender like certain people do on this forum. And I suppose the new MBAM v3 would perform slightly better because it features an anti-ransomware component.
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    Not if its based on MBAR.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,592
    Location:
    The Netherlands
    Good point, it didn't perform too well in most tests, I can't remember if people have already tested the new MBAM against ransomware. But it should perform well against exploits since it's based on MBAE. BTW, this test wasn't about exploits right? I suppose they simulated a scenario where people will download and run malicious apps that are hosted on certain websites.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    Yes. Malware sample itself would have had to employ an exploit against a Win 10 or browser vulnerability. Report mentions use of 31 samples in the "Other" category w/o mentioning what they were.
     
  7. guest

    guest Guest

    Interesting result of Avast v12 (currently v17) specially taking into account that now it has AVG behaviour blocker and user base.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,008
    Location:
    Among the gum trees
    All I get is a "Page Not Found" from that URL.
     
  9. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    Me too.
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,412
    Location:
    Slovenia
    Yep, me too:

    upload_2017-2-20_21-14-37.png
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,412
    Location:
    Slovenia
    New link: https://www.mrg-effitas.com/wp-content/uploads/2017/02/MRG-Effitas-360-Assessment-Q4-2016.pdf
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,412
    Location:
    Slovenia
    Kaspersky nailed another one :thumb:
     
  13. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    "You can bring a horse to water, but you can't make it drink.":rolleyes:
     
  14. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,788
    Another test on the same day (2017/02/17):
    https://www.mrg-effitas.com/recent-projects/our-projects/
     
  15. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    Yeah. Two On-Line Banking Q4 2016 Tests. Can't figure out what is different between the two.

    -EDIT- As far as I am concerned if the browser crashed during a botnet test, it is a pass grade. The only product to fully fail both botnet tests? You guessed it .......... Windows Defender.
     
    Last edited: Feb 20, 2017
  16. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Kaspersky, always Kasperky at the top.
     
  17. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Yawn - another test with parts of the native security disabled during test.
    Testing online security and then test with zero-day capable URL-filter disabled. :rolleyes: (Report 1,2 & 3)
    Testing browser security and then having to use IE for years in a row on Win10 instead of Edge :rolleyes: (Report 2 & 3)
     
  18. guest

    guest Guest

    URL filtering doesn't add protection, at least a lot, if an AV company knows that an URL is bad is because is able to detect the malware hosted on it and usually these URLs are uses as honeypots to get new malware samples
     
  19. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    @guest :
    Every single AV company will disagree with you on that.
    And it appears that NSS Labs also disagrees with you : http://www.securityweek.com/microsoft-edge-tops-browser-protection-tests
     
  20. guest

    guest Guest

    Sorry but your link doesn't say anything different, phishing is not malware, and taking into account the current configuration of the modern browsers is almost impossible to be a victim of phishing, you have to be blind, so no mater what protection you have.

    And if you are talking about websites with malware not phishing, the NSS labs test doesn't provide any valid input since it doesn't compare with AV, or show the real gap.

    https://www.google.es/search?q=chro...&ie=UTF-8#safe=off&q=chrome unencrypted sites

    https://www.thesslstore.com/blog/firefox-chrome-warning-about-insecure-login-pages/

    What do you want to be fair? to test each product with the different browsers? or to test each product with it owns web filtering in use?
     
    Last edited by a moderator: Feb 20, 2017
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    I just went though the 360 report again. No where did I see any statement that URL filtering was disabled for any tested security product. In fact, MRG stated all security apps were installed and run at default settings. That would mean that any URL filtering would be enabled if set on by default which I assume is the case for most.
     
  22. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525

    @guest :
    Please reread link again.
    The NSS Labs report holds 220,918 socially engineered malware results AND 78,921 phishing results.
    It's not only about phishing.
    And they very clearly post block rates for both socially engineered malware results and for phishing results.

    Since they test third party vendors with all modules active, then of course the native security should have all modules active.
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    Also please stay on topic. We are discussing the MRG tests; not the NSS Labs tests.
     
  24. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,412
    Location:
    Slovenia
    Didn't see that in this report. Nowhere it says that there was native security disabled or URL filter disabled. Also Edge was used for testing and not IE as you claim (more info in Appendix 1).
     
  25. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    Three reports.
    MRG Effitas Online Banking Certification Q4 2016 - two reports.
    MRG Effitas 360 Assessment & Certification Q4 2016 - one report.
    In two reports they used IE as I mentioned further up.
    All testing institutions disables SmartScreen during testing since they can't get to samples otherwise.
    Everyone that has used Windows 8.0, Windows 8.1 or Windows 10, knows what happens when you attempt to download a unknown/zero-day - in IE/Edge you get a big warning against it. With Chrome/Firefox you get the same big warning when you try run it after download.
    The usual explanation from testing institutions are along the lines that SmartScreen are not WD, and they just test WD. In my book it's nonsense. Test Windows as a whole, since that is what a end user see. There's nothing "real world" about disabling parts of OS. SmartScreen has a system wide and a browser specific portion, both should be active in testing in order to be "real world".
    Testing online security and then test with zero-day capable URL-filter disabled is ridiculous, when this has been official since 2015 : https://blogs.windows.com/msedgedev...en-drive-by-improvements/#VFHQbDvxrlxvf3wM.97
    Testing browser security and then having to use IE for years in a row on Win10 instead of Edge is ridiculous, when this has been official since 2015 : https://blogs.windows.com/msedgedev...ge-module-code-integrity/#GRMFhVwMmcQu8hpI.97
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.