MRG Effitas Online Banking Certification Q3 2015

Discussion in 'other anti-malware software' started by malexous, Nov 3, 2015.

  1. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    828
    Location:
    Ireland
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Nothing new from the 2nd quarter test besides the use of reflective i.e. memory based dll injection in the Simulator test.

    Unless a vendor received 100% in all tests, they weren't certified. I really don't understand why vendors participate in this test.
     
  3. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    I don't think that those who failed even asked to be tested in the first place.
     
  4. Lagavulin16

    Lagavulin16 Registered Member

    Joined:
    Nov 26, 2014
    Posts:
    83
    Location:
    Emerald City
    Maybe that's a good thing since there's no "sponsored" bias in the works.
     
  5. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    I cannot comment on "bias", but of course there have to be business relations with at least some of the tested companies.
     
  6. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,067
    Location:
    Netherlands
    As you might know I got my avitar from MRG :argh:

    I would rather see an in the wild section with common intrusion techniques used by prevailing exploitkits (since top 20 of exploits kits are source of 99% percent of the intrusions). This still leaves unknown zero-day protection capabilities open and unanswered.

    IMO it is silly to call something real life whensynthetic tests use a browser which is not the most used browser. The argument it is to difficult to craft a Chrome test is just prooving my devils's advocate theory (look, but don't touch, touch but don't taste, taste but don;t swallow).

    Devil's advocate theory projected to white hat testers and insiders (understanding basics of programming):
    a) understands an exploit he/she thinks he/she can replicate an exploit
    b) can replicate an exploit in a synthetic test, he/she thinks can use an exploit in a real life situation
    c) can use a vulnability in a non-patched real life situation can craft an exploit in a future situation

    Bottem line: show me the money, disclose a new Chrome exploit :blink:

    Regards Kees
     
    Last edited: Nov 7, 2015
  7. Lagavulin16

    Lagavulin16 Registered Member

    Joined:
    Nov 26, 2014
    Posts:
    83
    Location:
    Emerald City
    Last edited: Nov 7, 2015
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Then I wonder why SpyShelter is never tested.
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    As far as I am aware of, vendors ask and therefore pay to participate in the tests. For example, Emsisoft used to be tested and then parted ways with MRG a while back.
     
  10. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    So Emsisoft asked to participate in the exploit prevention test? I sincerely doubt that.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
Loading...