New MRG test results

MRG have released the results of the first day of their 'Online Banking / Browser Security' tests. The PDF can be downloaded from here:

http://malwareresearchgroup.com/?cat=3

I haven't had a chance to read it properly yet but there is a link to view each days results to see progress - or otherwise - of the different *participants*

 

It’s odd that MRG would test security suites from Kaspersky, Panda, etc. and not Symantec, given the huge footprint of Norton in the marketplace....

 

I think MRG is starting to get more reliable. Their methodology is clear and in my eyes well chosen.

I think it is surprising that Zemana and SpyShelter don't get green, also surprising is that VIPRE premium get's green.

I totally agree on the part about HIPS messages being quite useless, one of the reasons I don't like HIPS.
Also, why should you install a program which relies on your internet/pc behavior/knowledge to protect you against your own internet/pc behavior/knowgledge? In my situation the problem is not that I don't have the knowledge to answer a HIPS (even with the useless messages not making a single differentation between safe and unsafe), but if you have the knowledge/behavior HIPS are useless because you can see the possible consequences and the gather the required information to make a decision BEFORE you install something, or before you download something: BEFORE any HIPS could jump in.
So the future for antimalware is: whilelisting and blacklisting how it currently is, and for the grey files you need sandbox/virtualization/safe install (in terms of automatically reverting to pre-install situation as Kees suggested as future feature for Prevx 4, which Prevx seems to be working on) or an behavior- and/or reputation-based approach (which Norton seems to be choosing and Prevx 3) or a combination of both (Prevx 4). To be sure you could keep your identity protected by something like Trusteer/Safe Online.
So my conclusion is Prevx 4 (possibly with SafeOnline) will be awesome .

 

Symantec was tested and there seems to be an error in the results report, we are fixing it now.

In few hours time we will publish the results for the second day of testing.

I'm happy to answer any questions regarding this test

Regards,

Sveta

 

You can follow live results on our test page http://www.browsersecurityproject.malwareresearchgroup.com/

 

The test is not finished yet, no?
http://malwareresearchgroup.com/wp-...anking-Browser-Security-Project-June-2010.zip

 

The report currently available for download represents results of the fist day of testing, however this is an ongoing project test which emulates how Zero-Day Financial Malware behaves against Security applications in the wild. Testing will continue for twenty nine days and the report will be updated as soon as each round of testing is complete.

Regards,
Sveta

 

Very odd list of programs to test. There are some on there I never heard of, and then popular ones like Norton, Comodo, etc are not tested.

 

Norton was and will continue to be tested. There are no unknown programs in this test, some of them may be lesser known as they are not full featured Anti-Malware applications, but there is no doubt that they are all suited for this type of the test.

Regards,
Sveta

 

Will comodo be added to the test?

 

No, for the reasons we disclosed on our site, Comodo will not be included into any of our official tests any time soon.

Regards,
Sveta

 

Lol. After seeing they would include Bluepoint in this test I completely disregarded it.

 

I looked again, and still don't see Norton listed, or in the PDF. Seems odd to exclude them, when you include little known programs like:

1. Authentium SafeCentral
2. EMSI Software Mamutu 2.0.0.22
3. Global Information Technology Anti-Keylogger 9.2.1
5. QFX Software KeyScrambler Professional 2.6.0
6. Quaresso MyProtect
7. SentryBay Data Protection Suite 5.0.0.4493
9. SpyShelter SpyShelter 4.17
10. Trusteer Raport 1003.9
11. Trustware BufferZone Pro 3.31-46
12. White Sky IDVault Free Edition
13. Zemana AntiLogger 1.9.2.206
Acronis Internet Security Suite 2010
Agnitum Outpost Security Suite Pro 7.0.3373.514.1234
Bluepoint Security 1.0.30.99
Norman Secority Suite

I bet Norton and Comodo are better than most the suites/programs you tested.

 

Like I said before, the report will include Norton in the next release later on today.

Regards,
Sveta

 

Ok, I'll watch for it.

 

Aks why Comodo is not tested is Off topic?

 

Aren't we lucky for that!

 

I think MRG are committed to trying to be a serious testing house. Prevx recently remarked on Wilders, that they welcome them, and Prevx are no cowboys.

I don't mind seeing unfamilar products whatsoever. If we only see the same old, no matter how good they may be, how do we get to know about others, which might be equally as good, or better. So far in the tests, this has proven to be the case in some instances A few apps in there i wasn't aware of until today and excelled

From the Spyshelter screenies you posted, those alerts look like the ones i would want to manually deny/allow. And therefore don't see a problem with them.





You need to hide REMOVED,REMOVED and REMOVED better. Some you partially blacked out, but i was able to enhance the images and get the names Others are named in FULL view

It would be interesting to know how the apps are passing/failing the tests, but i guess that's a trade secret ? Anyway, thanks for the tests so far, looking forward to the rest

@codylucas16

Why ? they passed

 

Indeed!

 

Hello Sveta,

Are you taking into account in your testings that not all specific malicious actions could be redetected by just updating a database, some actions/AV apps might need a software updates? Are you expecting the antimalware developers would upgrade their code each month?

 

Security applications are created and are being improved all the time, same goes for malware.
If you are asking me if I think that security applications should be upgraded so that can protect from "threats" like the one we used in out test, the answer is yes.
We created a simulator which functions and behaves like real malware, but never forget that there are many real malware samples in the wild which are not being detected and they behave in the similar manner as our simulator does.

Regards,
Sveta