MRG Effitas Online Banking Browser Security Assessment Project Q2 2013

http://www.mrg-effitas.com/current-tests/

 

Thanks!

 

Most informative! Thanks for the share.

 

There were a few that I expected at the top of the list and they are there.

But, what's with F-Secure? Surprising.

 

Their protection has been very poor in all of the Banking Tests carried out so far and unlike other vendors, such as Webroot, they are not showing any improvement in this area.

Compared to the rest of the IS suit, their banking protection appears to be a weak feature.

 

f-secure like gdata only shines at file detection tests!

 

I am glad to see Quarri My Protect on Q get good marks, especially being free.

 

Nice to see this was an x64 test.

Make sure you read the notes at the end of the report. The major ones are:

1. Defensewall was testing using x86 OS.

2. If an AV app has a secured browser option, the tests were performed using that option. Included in that category would be Kapersky, BitDefender, etc.

To bad MRG didn't test the stand-alone version of Bitdefender SafePay .

Emsisoft AM 8.0 passes again.

Also test appears a bit limited compared to past MRG tests. Looks like Zeus and limited SSL exploits. I didn't see any mention of other financial trojans like SpyEye, etc.

 

Nice test, pity they didn't test HMP.Alert though.
Webroot scores better again and Zemana passes as well(seeing as they had troubles with 64 bit.)

 

I think the SafePay program bundled with BDIS is the same 'stand-alone' version as you can buy separately if you wish, no? Looks like two separate programs on my system. Are they different in some way?

 

The stand-alone version will do a quick scan on start-up for resident financial malware. Also I believe the WIFI protection is different between the two. Finally the integrated version will auto detect(at least supposed to) financial web sites.

 

Thanks...good to know.

 

FortiClient not tested.... Disappointed.

 

ESET did not do well. I hope that ESET fixes what is causing the Fails.

 

Another good showing from Avast!

 

Yup. A lot of wilders use ESET in this forum. Almost 15%... https://www.wilderssecurity.com/showthread.php?t=350017

 

I would be surprised if they are even aware of this test. They could improve in their Zeus detection as well.
Knowing this limitation of Eset, I always ran Zemana along with it.

 

Yes ESET currently doesn't have a dedicated module for this job, but my gut feeling tells me that they are working on it.

But I am disappointed on the vendors that actually have a feature inplace to block stuff like this, but yet they don't. Maybe because it is a "simulator" so it doesn't react as it should, or maybe not

 

There are indeed two versions, bundled in three ways! So there is the Safe Pay stand-alone, available in two versions - FREE and PREMIUM. The only difference being that FREE does not have 'hot spot' WiFi protection (VPN), PREMIUM includes hot spot WiFi VPN functionality.

The SafePay program which comes 'bundled' with BDIS is the 'Premium' version, ie it includes the hot spot WiFi protection. Presumably if you already have BDIS resident on your system you don't need a separate scan running every time Safe Pay opens.

http://www.bitdefender.co.uk/solutions/safepay.html

So i guess the results of the MRG banking protection test will stand for either the free or premium versions of BD Safe Pay? If you happen to be using FREE version in a 'hot spot' without vpn or resident AV then i guess you are at some additional risk, but all the other functions aimed at preventing data extraction by the specifc Zeus variants and simulators would still work as per the test, as those protection modules are identical in any version of BDSP.?

I'll get my coat..........

 

Well, my main complaint is, that this time they didn´t really explain how all these anti malware apps stopped (or detected) these Zeus trojans/simulators?

Was it by signature, heuristics or by HIPS? That would have been interesting.

I wouldn´t be surprised if it detected them all.

I suppose that SpyShelter would have probably also passed the test, since it´s not that different from Zemana.

 

ESET has always performed horribly in this area and didn't improve a single notch for years, I've been very patient and reading this now I'm very disappointed.

I've been with ESET since more than 8 years but now I'm seriously considering ditching them in favor of one of the more capable vendors, it's a pity.

 

To be fair, you can count with one hand the AVs that don't suck at anything.

BTW, good job Emsi.

 

yes, adding forticlient would be nice

rapport is doing great as always

 

Good job to EAM!

 

Is Bit Defender the only one that secures when using an unsecured WiFi?
Jerry