Discussion in 'other anti-malware software' started by malexous, Nov 3, 2015.
Nothing new from the 2nd quarter test besides the use of reflective i.e. memory based dll injection in the Simulator test.
Unless a vendor received 100% in all tests, they weren't certified. I really don't understand why vendors participate in this test.
I don't think that those who failed even asked to be tested in the first place.
Maybe that's a good thing since there's no "sponsored" bias in the works.
I cannot comment on "bias", but of course there have to be business relations with at least some of the tested companies.
As you might know I got my avitar from MRG
I would rather see an in the wild section with common intrusion techniques used by prevailing exploitkits (since top 20 of exploits kits are source of 99% percent of the intrusions). This still leaves unknown zero-day protection capabilities open and unanswered.
IMO it is silly to call something real life whensynthetic tests use a browser which is not the most used browser. The argument it is to difficult to craft a Chrome test is just prooving my devils's advocate theory (look, but don't touch, touch but don't taste, taste but don;t swallow).
Devil's advocate theory projected to white hat testers and insiders (understanding basics of programming):
a) understands an exploit he/she thinks he/she can replicate an exploit
b) can replicate an exploit in a synthetic test, he/she thinks can use an exploit in a real life situation
c) can use a vulnability in a non-patched real life situation can craft an exploit in a future situation
Bottem line: show me the money, disclose a new Chrome exploit
@FleischmannTV Oh, sure. Like, say, Emsisoft...
@Windows_Security Ah, yes.. those alleged (by MRG) "straw man" arguments were so faux pas.
Then I wonder why SpyShelter is never tested.
As far as I am aware of, vendors ask and therefore pay to participate in the tests. For example, Emsisoft used to be tested and then parted ways with MRG a while back.
So Emsisoft asked to participate in the exploit prevention test? I sincerely doubt that.
They used to participate in both the 360 and Online Banking tests. Below are the links:
Separate names with a comma.