New MRG test results

@Sveta MRG
Do you need the permission of a vendor in order to test a product?

 

No, but usually vendors request for their programs to be included into testing.

Regards,
Sveta

 

Thanks Sveta for the testing

I'm in complete agreement with the way your scoring these tests as a simple, braindead response from an anti-executable is not much help to the average user. Keep up the good work because i feel the biggest threat out there is the personal info theft through browser redirection/keylogging, etc.

 

Can you provide a link to this on your site as I can't seem to find it and I would like to know why they are not being included?

 

Thanks for your answer, Sveta

Could you please concretize the next:
"Vendors who have a support contract with MRG will be given feedback, along with a technical overview of the simulator..."? Would that "technical overview" mean the vendors who payed will gain advantage?
If you don't mind, please, what do you personally think of Matousec's tests he made for some security products MRG is testing now?
Thank you.

 

Not to take from any response Sveta may provide but did you check the thread link LWM provided in post 19?

 

Missed that somehow. Thanks...I'll check it out.

 

Hi Sveta MRG! Nice simulator. Seems it installs a driver to capture the data. Wish to have a copy of it to play.

Can you add ThreatFire, Sandboxie and GesWall in testing.

BTW I want to ask a specific question. KeyScrambler was a TOTAL FAIL. Was it verified? I mean KeyScrambler is supposed to allow the key strokes to be captured by the simulator but the captured key strokes will be wrong, so a stoled password will not be real. In my testing it passed even driver based key logging while rapport failed in that.

Thanks

 

About SpyShelter results;

 

Hi aigle,

Yes, it was a fail as the simulator was able to send valid data to the test site here , pay attention to this part "login_email=keyscramblerfail@email.com, login_password=password".

We are looking into adding few more programs to this test, we got quite a few requests in the past 24h.

Regards,
Sveta

 

That is not correct, we had this issue with one vendor before.

Here is what I suggest would be the best way to demonstrate how SpyShelter failed.
Lets take one legitimate application and our simulator and run a test, then take screen caps and blur the names. We can ask everybody to take a look and try to figure out which one is the simulator and which one is a legitimate application.

Regards,
Sveta

 

Can you test LastPass ( http://lastpass.com/ )
Sandboxie
And the other software that I told you by PM xD
Please

 

I have always liked the work MRG does and the actual reality of its accuracy. I hope they include the paid version of Immunet Protect in the future.

 

@Sveta;

 

Hi Guest,

We have detailed in the report that we use control applications to determine if an application under test can differentiate between the malicious behaviour of our simulator and the non malicious control applications.
In order to pass the test, applications must display alerts that are different for the simulator compared to the control applications. SpyShelter displayed the same alerts for the simulator as the control applications, this is why it failed.

SpyShelter alerted that all the control applications were dangerous and that we should block them.
Other applications under test displayed alerts that were different for the simulator than for the control applications.

I find it interesting that you are posting the content of emails sent to MRG by SpyShelter. Only MRG and SpyShelter have these emails and MRG did not make the post!

Regards,
Sveta

 

@Sveta

Can you answer this :

Are you telling that the malware was specially designed to decripts the keystrokes and the malware was able to capture the REAL keystrokes?

 

Well we will not disclose any details about how the simulator works as that would damage the validity of the project, but we can confirm it was not designed to bypass KeyScrambler specifically - but, yes, it captures the plaintext entered in to a KeyScrambler protected browser and sends this to our site - as you will see if you look at the results page

Regards,
Sveta

 

So your program is not capturing the keystrokes it's capturing the information sent by the broswer hijacking services.exe or the broswer.
The only conclusion is that you are doing the same mistake that Matousec do, test software not desinged for this purpose.
Now is easy to predict how are going to be the results of this test.
The products that already have 2 black dots are going to have balck dots until the end.

The test are done with REAL malware?

 

SS passed this info to me. Because i asked them their view about test. Their answer is not secret and it hasnt got personal message.

you can arrange vendors' responses page (like matousec), this will be fair;
http://www.matousec.com/projects/proactive-security-challenge/results.php

Personally;
Every HIPS user know what is "set global hook"?
It is clear, bluepoint is well know application, just press allow, unknow.exe potantially dangerous just press denny.
Some HIPS has large whitelist, some other not.
SS hasnt got large whitelist this is not secret but continuously improving.
OA,Comodo and some others have.
But we can find 1.000.000.000.000.... new non-malicious software, not whitelisted yet by OA or others
This is well known problem for proactive software. It is not new.
Every security vendors prefer their whitelist technology. For example digital signatures.
Zemana, OA select automatically auto allow for digitally signatured software.
SS use internal whitelist with ds engine. Why? Because there are digitally signed malware. (there are many post about them on wilders)
I dont like your decision about SS, i dont find it fair. My personel ideas. If you care

 

Agreed! - Not impressed with spyshelter and will remain "OFF" my system. Wasn't impressed to begin with when they were strictly payware and on their website said "free download".

Very deceptive!

 

There is a free version of SS in their website

 

.....

 

Then spyshelter should have a "big warning" across the top of their site saying " do not use this program unless you are an experienced HIPS user"

 

Is there a problem between you and SpyShelter? Looks like you attacked it.
We talking about testing methodolody, can you understand it? This is not "SS is very bad, lets we kill their developer" topic


Comodo has this "big warning"?
Online Armor?
Malware Defender?
And other all HIPS software?


Spyshelter has free version, get it, it is not payware.
http://www.spyshelter.com/download.html

 

And if you are not "experienced HIPS user" you can read software help.