MRG - new test results

Discussion in 'other anti-malware software' started by Dark Star 72, Apr 27, 2010.

Thread Status:
Not open for further replies.
  1. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,037
    Location:
    Ontario, Canada
    I agree with you a was just taking the joke alittle further! ;) I fixed my original post sort of :argh:

    TH
     
    Last edited: Apr 29, 2010
  2. EscapeVelocity

    EscapeVelocity Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    368
    I guess to pass this test you have to make your standard pop up warning sound a little more menacing.
     
  3. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,037
    Location:
    Ontario, Canada
    Like this: If you bypass this warning your system will be hosed! Is that about right?

    TH
     
  4. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Now is the time to reveal our new OA popups:

    tada!!!!

    View attachment 217510
     
  5. EscapeVelocity

    EscapeVelocity Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    368
    So I learned real fast that you must google the flagged file/process/service/registry item, etc....what you dont know. Then you will have learned something to boot.

    I also noticed that there are 4 or so lists/databases, that come up in google again and again, when you google these. Perhaps you could put a link in your popup message that searches those databases and brings them up in your browser automatically. Or just links to one, or something. Like bleepingcomputer is one, I believe.
     
  6. EscapeVelocity

    EscapeVelocity Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    368
    If that is already been implemented in some products then pardon me, I am just a noob.
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Well,

    Testing standards transparency helps to understand the scores. Same as with business audits, when you do not tell before auditing what the reference standards are to meet, you will get a lot of discussion when presenting the audit/benchmark.

    Regards Kees
     
  8. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    :D Mike, i think that i will infect my system myself to see again this cute notification
     
  9. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    If these tests are targetted at non-technical users,as seems to be the implication,then perhaps they'd be better served if it was explained to them that while 'Product A' failed 'Test A' with it's default settings it can be configured to block said threat.That would lend them merit as an educational resource at least.
     
  10. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    That's a good idea - especially if told how to do it.
     
  11. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    Hi, I have looked at some of the comments here and think there are a number of distinct issues. Firstly, the Comodo results and the rumours and accusations surrounding this.

    Comodo failed as when originally tested the only alert CIS gave was that the simulator required elevated privileges. This is NOT an adequate warning.
    CIS gave no other alerts and the simulator was able to compromise the system and capture all the user data entered in to the test site.
    We liaised with Comodo and ran numerous tests for them with CIs in various configurations. We ran so many tests that in the end, they detected the simulator with the AV component of CIS.

    We ran tests for them, ignoring the AV detection and our simulator was able to bypass CIS even when run in the sandbox.

    We have all the chat logs for the discussions we had with Comodo and these prove they admit we bypassed CIS – even when isolated in the sandbox.
    If you are at all interested in seeing the truth of the matter you can see some of the chat log in Chris’ post here:

    http://forums.malwareresearchgroup.com/viewtopic.php?f=29&t=390&p=1408#p1408

    In terms of us providing detailed results for each application tested, we will be doing this shortly.

    This is a “project” and not a one off snapshot test. The results published are a baseline, testing starts on Monday and will be repeated every day. Details of alerts etc for each application will be provided in daily results and we will liaise directly with vendors.

    Regards,
    Sveta
     
  12. Dr who

    Dr who Registered Member

    Joined:
    Jun 6, 2009
    Posts:
    46
    Hi Sveta,

    Great to see that you are on a learning curve at MRG:thumb:

    Can you please just answer one question with a streight honest yes or no ?

    Comodo claim you (MalwareResearchGroup.com) changed the testing citeria wording( Clause.8 ) after running the tests.Is this correct or is Melih(Comodo) lying ?

    http://forums.comodo.com/news-annou...test-merged-t55743.0.html;msg392718#msg392718

     
  13. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    Regards,
    Sveta
     
  14. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    No disrespect to Comodo users, and helpers, but Melih is under the impression he has a red cape attached to his back.

    Get over it, you win some you lose some.

    Comodo rep: "I still say Sveta, terming a product failure on the basis of alert interpretation is not great idea".

    I disagree. Not every user out in 'internet world' has the brains to interpret alerts correctly. Using prevx for example, alerts are as clear as day whether you're an advanced user or a novice. If you're marketing your program to all users, alerts should be able to be deciphered/understood by all users.
     
    Last edited: Apr 29, 2010
  15. Cvette

    Cvette Registered Member

    Joined:
    Apr 16, 2010
    Posts:
    373
    Location:
    South Carolina, USA
    I'm willing to change to Outpost RC when it comes out. I love the COMODO Firewall and D+, but I have lost respect for them... :(
     
  16. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    Yes, exactly. Alerts need to be clear so that all users are able to understand them.

    I don't pay much attention at what Melih is doing or saying, I've seen it many times before:doubt:
     
  17. Cvette

    Cvette Registered Member

    Joined:
    Apr 16, 2010
    Posts:
    373
    Location:
    South Carolina, USA
    Sveta, I cannot believe the way he his speaking...

    :mad: COMODO is gone from my PC. And I certainly feel like leaving a piece of my mind with Melih.
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Ahh well,

    Anyone feeling hurt when addressed by Melih should watch his movies/blog.

    They are a cross-over of mister bean and charlie chaplins modern times and really funny and entertaining.

    Helps to put things into perspective.

    Unless you are afraid that the empire will strike back
     
  19. Cvette

    Cvette Registered Member

    Joined:
    Apr 16, 2010
    Posts:
    373
    Location:
    South Carolina, USA
    You can always trust Kees to lighten the moment :argh: LOL!
     
  20. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    Saw the thread over on the Comodo forum but things like IM's between two parties should be kept in private and not posted all over a message board for people to read just to prove a point but considering the source it's not suprising, definitely not a professional way of discussing the matter at hand, just my opinion.
     
  21. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Agree. But when one party publishes a damaging part, I think it implicitly gives the other party permission to publish too.
     
  22. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    Mike

    You are correct but two wrongs dont make a right. Anyway, that thread has went way down hill, it's useless at this point, just a bunch of bickering back and forth.
     
  23. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Didn't see your post, was at work and quickly glanced at the comodo posts. Good point.
     
  24. chennemann

    chennemann Registered Member

    Joined:
    Jun 2, 2008
    Posts:
    8
    Wouldn't it be nice if both sides would learn from this instance and state publicly how they are going to improve. I am not following this close, but something similar to:

    MRG - We feel that the warning message needs to show the possible threat clearly so that the average user would not continue, etc... Add any educational information they could add to help Comodo and the readers

    Comodo - We feel that our software is working as intended and did pass the test. We are taking MRG's feedback and will adjust the warning or whatever other solution is appropriate. Educate their customers about how the warnings work and how to set up the system so they will be safe.

    This seems so petty on both sides, considering they both want the public to respect them.

    Chuck
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    good advise che;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.