New MRG test results

threatfire and PR Guard both fail this test

 

You better find something else to try Timmie's sounds good about now Extra Large Double Cream!

TH

 

you know what i am mad now i am going to drink coffee at timies untill i get really drunk

 

Lol can't believe Zemana is so good in this test
How do Zemana protects on already infected systems if it doesn't scans?

 

@jmonge and Triple Helix

You mean PEGuard methinks

 

yes thanks ranger for the correction

 

Hi,

In our unofficial part of the test we are testing quite a few applications. First round will include GeSWall, ThreatFire and PE Guard.
These applications are being tested using various settings, so if you see their name on the test site, that does not necessarily mean that the program in question failed the test.

Unofficial test results coming soon

Regards,
Sveta

 

Hi,

Zemana has SSL protection technology - and this is enabled as a default setting. Zemana detects the action of the simulator and displays a clear warning via its HIPS function - but will also prevent data theft, even if you allow the action because of the SSL protection technology.

Regards,
Sveta

 

thanks alot Sveta for your value tests and time thanks again man

 

@Sveta where are the recent results?

TH

 

http://malwareresearchgroup.com = So ?

 

Day 20 results published.

Regards,
Sveta

 

thanks Sveta

 

waiting for geswall results!

 

Day 24 results published.

In the latest report we have included the results for ThreatFire, GeSWall and PE Guard.

Regards,
Sveta

 

where are the results for PE Guard as i dont find it?

 

Check the bottom of the report

Regards,
Sveta

 

thanks sveta

 

Hi,

For the last few days of this project, we will be taking more requests from you. If you wish us to test additional applications (that are suitable for this test), feel free to let us know. Also you may request particular settings ect.

Regards,
Sveta

 

It would be interesting to see if the simulator can also capture data from a sandboxed browser, Sandboxie would be a good choice for that. Also, quite some of the security suites have some kind of "safe run" or sandbox for browsers, testing those would also give us some indication about which also have good protection from the outside, not just the inside(malware and drive-by downloads etc.)

 

Please test the latest Appguard version and the beta with MemoryGuard.

 

I'd like to see Immunet 2.0 in the test.

 

Unfortunately, MemoryGuard is not supported on WinXP. We're researching the practicality of implementing it there but this may never bear fruit.

So, the only differences between the new AppGuard for XP (next month) and the current production version is that rundll32.exe, cmd.exe, and regsrv.exe (I'm not certain about the exact executable name) are to be guarded by default, and more types of scripts in user-space are suppressed.

AppGuard is primarily a preventative tool. Once AppGuard has been intentionally disabled to allow the simulator to run from user-space, AppGuard would not prevent it from stealing data.

There are other mechanisms in our trusted enclaves framework that can address this in whole or in part in the future. However, in the interests of a user-friendly consumer experience, we have already begun reserving some capabilities for the enterprise versions. On Vista and 7, versus XP, we have options such as MemoryGuard and others that can do more to counter pre-existing malicious executables.

Cheers,

Eirik

 

Can you explain how the DefenceWall Passed and GesWall failed the test?

Did geswall allow the data to be captured ans sent over internet?

 

Hi Aigle.

In terms of an explanation, until we liaise with the vendors and discuss the action of the simulator with them, we really don’t have any clear technical detail for you.

You should consider that both GesWall and PrefenseWall fail the pre-infected system test and both pass if the simulator is run as un trusted / isolated.

We are contacting all the vendors over the next couple of days and hope to be able to provide some more detail for you soon.

In answer to your question – for the test where the infection is downloaded and executed on a system protected by the security application, GesWall failed to alert on the action of the simulator and consequently, it was able to capture data and send it to us.

Regards,
Sveta