New MRG test results

Discussion in 'other anti-malware software' started by Dark Star 72, Jun 23, 2010.

Thread Status:
Not open for further replies.
  1. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    MRG have released the results of the first day of their 'Online Banking / Browser Security' tests. The PDF can be downloaded from here:

    http://malwareresearchgroup.com/?cat=3

    I haven't had a chance to read it properly yet but there is a link to view each days results to see progress - or otherwise - of the different *participants*
     
  2. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    It’s odd that MRG would test security suites from Kaspersky, Panda, etc. and not Symantec, given the huge footprint of Norton in the marketplace....
     
  3. Matthijs5nl

    Matthijs5nl Guest

    I think MRG is starting to get more reliable. Their methodology is clear and in my eyes well chosen.

    I think it is surprising that Zemana and SpyShelter don't get green, also surprising is that VIPRE premium get's green.

    I totally agree on the part about HIPS messages being quite useless, one of the reasons I don't like HIPS.
    Also, why should you install a program which relies on your internet/pc behavior/knowledge to protect you against your own internet/pc behavior/knowgledge? In my situation the problem is not that I don't have the knowledge to answer a HIPS (even with the useless messages not making a single differentation between safe and unsafe), but if you have the knowledge/behavior HIPS are useless because you can see the possible consequences and the gather the required information to make a decision BEFORE you install something, or before you download something: BEFORE any HIPS could jump in.
    So the future for antimalware is: whilelisting and blacklisting how it currently is, and for the grey files you need sandbox/virtualization/safe install (in terms of automatically reverting to pre-install situation as Kees suggested as future feature for Prevx 4, which Prevx seems to be working on) or an behavior- and/or reputation-based approach (which Norton seems to be choosing and Prevx 3) or a combination of both (Prevx 4). To be sure you could keep your identity protected by something like Trusteer/Safe Online.
    So my conclusion is Prevx 4 (possibly with SafeOnline) will be awesome :D.
     
  4. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    207
    Symantec was tested and there seems to be an error in the results report, we are fixing it now.

    In few hours time we will publish the results for the second day of testing.

    I'm happy to answer any questions regarding this test:)

    Regards,

    Sveta
     
  5. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    207
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    One off-topic post removed. The subject of this thread is the specific tests noted in the first post, so let's stick with that topic.

    Sveta has offered to answer questions about that test, so, I suggest people take advantage of that opportunity.
     
  7. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,069
  8. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    207
    The report currently available for download represents results of the fist day of testing, however this is an ongoing project test which emulates how Zero-Day Financial Malware behaves against Security applications in the wild. Testing will continue for twenty nine days and the report will be updated as soon as each round of testing is complete.

    Regards,
    Sveta
     
  9. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559
    Very odd list of programs to test. There are some on there I never heard of, and then popular ones like Norton, Comodo, etc are not tested.
     
  10. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    207
    Norton was and will continue to be tested. There are no unknown programs in this test, some of them may be lesser known as they are not full featured Anti-Malware applications, but there is no doubt that they are all suited for this type of the test.

    Regards,
    Sveta
     
  11. Netherlands

    Netherlands Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    159
    Will comodo be added to the test?
     
  12. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    207
    No, for the reasons we disclosed on our site, Comodo will not be included into any of our official tests any time soon.

    Regards,
    Sveta
     
  13. codylucas16

    codylucas16 Registered Member

    Joined:
    Nov 17, 2009
    Posts:
    267
    Lol. After seeing they would include Bluepoint in this test I completely disregarded it.
     
  14. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559
    I looked again, and still don't see Norton listed, or in the PDF. Seems odd to exclude them, when you include little known programs like:

    1. Authentium SafeCentral
    2. EMSI Software Mamutu 2.0.0.22
    3. Global Information Technology Anti-Keylogger 9.2.1
    5. QFX Software KeyScrambler Professional 2.6.0
    6. Quaresso MyProtect
    7. SentryBay Data Protection Suite 5.0.0.4493
    9. SpyShelter SpyShelter 4.17
    10. Trusteer Raport 1003.9
    11. Trustware BufferZone Pro 3.31-46
    12. White Sky IDVault Free Edition
    13. Zemana AntiLogger 1.9.2.206
    Acronis Internet Security Suite 2010
    Agnitum Outpost Security Suite Pro 7.0.3373.514.1234
    Bluepoint Security 1.0.30.99
    Norman Secority Suite

    I bet Norton and Comodo are better than most the suites/programs you tested.
     
  15. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    207
    Like I said before, the report will include Norton in the next release later on today.

    Regards,
    Sveta
     
  16. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559
    Ok, I'll watch for it.
     
  17. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    7 off topic comments removed. Please discuss the thread subject
     
  18. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,069
    Aks why Comodo is not tested is Off topic? o_O
     
  19. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Once again, this thread is about the current test, not about the incident between MRG and Comodo that happened during the previous test.

    We had about 2 pages or more of posts about that here back in April when that issue was actually unfolding. See that discussion starting in the middle of this page on the last thread. Starting the same discussion again with with test, which doesn't even include Comodo this time, is pointless. (And the posts removed stated more than why Comodo wasn't being tested. They asked all the same questions again about the old dispute.)
     
  20. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    it is when turns into a subject of its own as it did :)
     
  21. LODBROK

    LODBROK Guest

    Aren't we lucky for that!
     
  22. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I think MRG are committed to trying to be a serious testing house. Prevx recently remarked on Wilders, that they welcome them, and Prevx are no cowboys.

    I don't mind seeing unfamilar products whatsoever. If we only see the same old, no matter how good they may be, how do we get to know about others, which might be equally as good, or better. So far in the tests, this has proven to be the case in some instances :p A few apps in there i wasn't aware of until today :thumb: and excelled :)

    From the Spyshelter screenies you posted, those alerts look like the ones i would want to manually deny/allow. And therefore don't see a problem with them.

    nk1.gif

    nr1.gif

    You need to hide REMOVED,REMOVED and REMOVED better. Some you partially blacked out, but i was able to enhance the images and get the names ;) Others are named in FULL view :eek:

    It would be interesting to know how the apps are passing/failing the tests, but i guess that's a trade secret ? Anyway, thanks for the tests so far, looking forward to the rest :thumb:

    @codylucas16

    Why ? they passed :D
     
    Last edited: Jun 25, 2010
  23. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559
    Indeed!
     
  24. Leach

    Leach Registered Member

    Joined:
    May 5, 2010
    Posts:
    84
    Hello Sveta,

    Are you taking into account in your testings that not all specific malicious actions could be redetected by just updating a database, some actions/AV apps might need a software updates? Are you expecting the antimalware developers would upgrade their code each month?
     
  25. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    207
    Security applications are created and are being improved all the time, same goes for malware.
    If you are asking me if I think that security applications should be upgraded so that can protect from "threats" like the one we used in out test, the answer is yes.
    We created a simulator which functions and behaves like real malware, but never forget that there are many real malware samples in the wild which are not being detected and they behave in the similar manner as our simulator does.

    Regards,
    Sveta
     
Loading...
Thread Status:
Not open for further replies.