MRG - new test results

I agree with you a was just taking the joke alittle further! I fixed my original post sort of

TH

 

I guess to pass this test you have to make your standard pop up warning sound a little more menacing.

 

Like this: If you bypass this warning your system will be hosed! Is that about right?

TH

 

Now is the time to reveal our new OA popups:

tada!!!!

View attachment 217510

 

So I learned real fast that you must google the flagged file/process/service/registry item, etc....what you dont know. Then you will have learned something to boot.

I also noticed that there are 4 or so lists/databases, that come up in google again and again, when you google these. Perhaps you could put a link in your popup message that searches those databases and brings them up in your browser automatically. Or just links to one, or something. Like bleepingcomputer is one, I believe.

 

If that is already been implemented in some products then pardon me, I am just a noob.

 

Well,

Testing standards transparency helps to understand the scores. Same as with business audits, when you do not tell before auditing what the reference standards are to meet, you will get a lot of discussion when presenting the audit/benchmark.

Regards Kees

 

Mike, i think that i will infect my system myself to see again this cute notification

 

If these tests are targetted at non-technical users,as seems to be the implication,then perhaps they'd be better served if it was explained to them that while 'Product A' failed 'Test A' with it's default settings it can be configured to block said threat.That would lend them merit as an educational resource at least.

 

That's a good idea - especially if told how to do it.

 

Hi, I have looked at some of the comments here and think there are a number of distinct issues. Firstly, the Comodo results and the rumours and accusations surrounding this.

Comodo failed as when originally tested the only alert CIS gave was that the simulator required elevated privileges. This is NOT an adequate warning.
CIS gave no other alerts and the simulator was able to compromise the system and capture all the user data entered in to the test site.
We liaised with Comodo and ran numerous tests for them with CIs in various configurations. We ran so many tests that in the end, they detected the simulator with the AV component of CIS.

We ran tests for them, ignoring the AV detection and our simulator was able to bypass CIS even when run in the sandbox.

We have all the chat logs for the discussions we had with Comodo and these prove they admit we bypassed CIS – even when isolated in the sandbox.
If you are at all interested in seeing the truth of the matter you can see some of the chat log in Chris’ post here:

http://forums.malwareresearchgroup.com/viewtopic.php?f=29&t=390&p=1408#p1408

In terms of us providing detailed results for each application tested, we will be doing this shortly.

This is a “project” and not a one off snapshot test. The results published are a baseline, testing starts on Monday and will be repeated every day. Details of alerts etc for each application will be provided in daily results and we will liaise directly with vendors.

Regards,
Sveta

 

Hi Sveta,

Great to see that you are on a learning curve at MRG

Can you please just answer one question with a streight honest yes or no ?

Comodo claim you (MalwareResearchGroup.com) changed the testing citeria wording( Clause.8 ) after running the tests.Is this correct or is Melih(Comodo) lying ?

http://forums.comodo.com/news-annou...test-merged-t55743.0.html;msg392718#msg392718

 

Regards,
Sveta

 

No disrespect to Comodo users, and helpers, but Melih is under the impression he has a red cape attached to his back.

Get over it, you win some you lose some.

Comodo rep: "I still say Sveta, terming a product failure on the basis of alert interpretation is not great idea".

I disagree. Not every user out in 'internet world' has the brains to interpret alerts correctly. Using prevx for example, alerts are as clear as day whether you're an advanced user or a novice. If you're marketing your program to all users, alerts should be able to be deciphered/understood by all users.

 

I'm willing to change to Outpost RC when it comes out. I love the COMODO Firewall and D+, but I have lost respect for them...

 

Yes, exactly. Alerts need to be clear so that all users are able to understand them.

I don't pay much attention at what Melih is doing or saying, I've seen it many times before

 

Sveta, I cannot believe the way he his speaking...

COMODO is gone from my PC. And I certainly feel like leaving a piece of my mind with Melih.

 

Ahh well,

Anyone feeling hurt when addressed by Melih should watch his movies/blog.

They are a cross-over of mister bean and charlie chaplins modern times and really funny and entertaining.

Helps to put things into perspective.

Unless you are afraid that the empire will strike back

 

You can always trust Kees to lighten the moment LOL!

 

Saw the thread over on the Comodo forum but things like IM's between two parties should be kept in private and not posted all over a message board for people to read just to prove a point but considering the source it's not suprising, definitely not a professional way of discussing the matter at hand, just my opinion.

 

Agree. But when one party publishes a damaging part, I think it implicitly gives the other party permission to publish too.

 

Mike

You are correct but two wrongs dont make a right. Anyway, that thread has went way down hill, it's useless at this point, just a bunch of bickering back and forth.

 

Didn't see your post, was at work and quickly glanced at the comodo posts. Good point.

 

Wouldn't it be nice if both sides would learn from this instance and state publicly how they are going to improve. I am not following this close, but something similar to:

MRG - We feel that the warning message needs to show the possible threat clearly so that the average user would not continue, etc... Add any educational information they could add to help Comodo and the readers

Comodo - We feel that our software is working as intended and did pass the test. We are taking MRG's feedback and will adjust the warning or whatever other solution is appropriate. Educate their customers about how the warnings work and how to set up the system so they will be safe.

This seems so petty on both sides, considering they both want the public to respect them.

Chuck

 

good advise che