New MRG test results

This depends how you interpret the report.

RED should be pass because the HIPS intercep the operation, If the user is not clever enough to uderstand the promts from the HIPS, the Fail is for the user not the HIPS.

Who have installed a security program that is not able to understand? doesnt make any sense to reply yes if the HIPS is blocking it, but MRG assume that all the users are stupids, and they install software that they dont know how to use

Yes and Keyscrambler failed and is going to fail until the end since the MRG simulator capures the information when is being sent and not when is being written.

 

Yes, but the change has nothing to do with your test. AVG keep failing and Bluepoint pass the tests since day 1. Something is not clear to me. You say you always use the latest build for the products you tests but why then using KIS 2010 instead of KIS 2011?

 

Not quite, HIPS can and does in some cases give specific warnings and suggestions to block the simulator. If you look at the report, you will see that some HIPS applications passed the test as well as some Anti-Malware ones.

As for reading the pop ups, we offered a simple way to demonstrate why we do not accept every pop up as a certain pass.

Regards,
Sveta

 

So you are suppoting my point of view, if you dont understand that this behaviour can be dangerous dont use the HIPS When you are not understanding the prompts you click NO if the HIPS suggest NO and YES all the other times. So what happens if you are installing a trusted application and the HIPS suggest you to click NO, you will never be able to install it with this methodology that assumes that the user is stupid and is not able to make any choice. Does not make any sense, if the user dont understand the messages he will unistall the program.

 

Well one can disagree with the valuation, but testing software on useability does make sense

F.I. Spyshelter
Try this
a) Delete all rules of SpyShelter
b) Deselect allow signed programs
c) Start IE and select a favourite, fair chance you get a pop-up telling you IEframe is doing something dangereous.
d) I have no clue, so I Google on IEFrame malware, halfway i find an assuring find research called "Is IEfram a real computer threat?"from PC1 news
e) Never heard of PC1, but this is exactly what I want to know, so I start reading the article

f) What? Well that is a nice answer meaning I still have no clue (how many average PC users know how to check the MD5 signature)
g) please Lord Raiden come to the rescue and help me decide

 

Where is the file related to IEframe?
What app have you installed in the computer since the last time you opened IE?... the malware does not appear in your computer magically
You were installing a new software and you used a crack?, you clicked on a popup telling you that you have won 1 000 000$?, you donwloaded an software to see live porn free?

Or you where installing google toolbar, or a new app that interacts with IE, donwload manager...

 

Nope,

Only thing I did was making sure you got the 'raw' pop-ups of SS (deleting all rules and not auto allowing signed aps).


I logged on to my PC

I opened a fresh IE8 session

I clicked on my Favourites (Choose my bank site)

I got an IEframe pop-up

No porn sites or whatsever

 

You have to be sure that your computer is clean before install an HIPS (golden rule)

If I'm unsing my login details, I have not installed anything new related with IE since the last time I opened IE. You can be sure that I will block IEframe to control whatever in my broswer, and I will not use my login information until I am sure that my computer is clean.

And this one is very easy, if after open the IE a popup doest no appear and just when I go to paypal.com something tries to control my broswer you dont need much more information to suspect about something bad is happening.

 

The malware did not appear on my PC magically, because it was allready there and a ligitemate part of IE8

So why do you think it was malware? (I was only playing a script of an avearge user getting a confusing pop-up when nothing is wrong)

 

Only install an HIPS if you are sure that your computer is clean

So if my computer is clean and I didnt install anything and is the first time that I am opening IE with the HIPS I will allow it. You are confusing yourself and you are not giving enough details, you have to know what voluntary changes you have done in your computer

You said that when you go to your bank account the poups appears, and seems that now the popup appears just after open IE.

 

Yes, same experience I had in the past with HIPS based security and user support. At each Internet Explorer cumulative update the HIPS will pop-up asking to allow IEframe. The computer was clean but most users (tens of them) just blocked it and their menu (or/and the automatic fill-in) in IE were rendered useless.

Security tools have evolved to integrate mechanism for auto allow safe application, isolate unknown application and includes clearer HIPS messages. HIPS per se are unfortunately not effective for the majority of users out there.

 

Well if after install some updates for Internet Explorer I think that is quite normal that the HIPS alerts you about something changing in Internet Explorer. Is so hard to understand? is very easy to answer to this kind of popups.

 

Apparently not, normal users have OS updates just running in the background (default status). They do not even realise that an update has taken place.

 

Dont be ridiculous, IE will only change after restart the computer, not after install the updates.
You can change the settings of windows update, and at least in my computer when windows update is working a new icon and a globe poups appear.

If you can't understand that after install an update the HIPS will tell you that something have changed I wont recommend you to use an HIPS.

In the case of IEframe if is the first time that I open IE with the HIPS, I will allow it, taking into account that you have to install the HIPS in a clean computer.

An HIPS is for control and supervise the important changes in your computer, not to clean it.
An HIPS is not for everybody but at least if you are testing it do it OK

 

No, most common scenario is that updates are installed at shutdown and boot. Most users don't connect this with IE popping up. Its not just theory, its how it works in practise. You should know since you use windows 7. It is fully silent and install the updates at shutdown/boot unless you run the check manually.

Its not the user that have to change but the products that have to improve. HIPS for everage users are not effective. As simple as that and there are plenty of examples.

As already said, this can happen at any new update of IE.

BTW, I think we are going way off topic here... so moderator feel free to remove adjust my messages at your convinience

 

When you shutdown the computer you will see a BIG shield telling you that during the shutdown some updates are going to be installed, if you dont notice that you are blind.

But I already said that if for you is a problem answer this popup dont use and HIPS, the HIPS are not made for everyone, but this doesnt mean that you have to test an HIPS like if you were a noob that uses an HIPS the first time.

I have been using HIPS since the firsts antiexecutable apeared, more than 7 years so maybe I have some kind of experience that allow me to deal with the poups.

 

Yes, but a usability test should be labeled as usability test and a security test as security test.

In this case a test with a dubious testing software is mixed up with strange prompt wording requirements, a fail ticker and cockfights with various security vendors.
That's just a docusoap, sometimes a docudrama.
But not a test anyone should take notice of.

Cheers

 

Big shield? Not really. Take windows 7. Just a white written text with blue background (automatic update not triggered by a manual check). Users have already left the desk after they push the shutdown. I am afraid you assume everyone should be like you, but this is not the case. Testing is not meant to prove how effective the software is on you but on average users. At least to have some representativeness

 

I'm so sorry that you cant see well your screen you should buy a new one:

WinXP old theme
http://nai.itqb.unl.pt/services/software/Microsoft%20windows/windows-xp/shutdown-windows-1.jpg
WinXP new theme
http://chokneth.files.wordpress.com/2009/09/install-updates-and-shutdown.jpg
Win 7 / VIsta (I couldnt find the good one, but this one is valid.)
http://download.windowssecrets.com/images/wsn/W20090305-Win7-Shutdown.jpg

 

I'm going to tell a little history.
In the year 2120 just after the 5th World War a company called MRG found in the earth in an old garage 2 cars. At the begining they dont understand what this machines are.
The cars are:
Ferrari ENZO: https://secure.wikimedia.org/wikipedia/es/wiki/Ferrari_Enzo
Seat Panda: https://secure.wikimedia.org/wikipedia/es/wiki/SEAT_Panda

The Ferrari Enzo is a special edition with manual gears and the panda is the version with automatic gears.

MRG starts to investigate how to make the vehicules work, they do it quite well with the seat panda but with the Enzo they only know how to change until the first gear. (In the future all the spaceships are automatic)

So they decided to test both cars in a circuit.
Since the enzo can only use the first gear finally the panda wins the race.

The conclusion for MRG is that a Seat Panda is better than a Ferrari Enzo
The conclusion for us is that they didnt know how to use the Ferrari.

The same happens with the HIPS here, if you dont know how to use it well is better dont test it in the wrong way.
______________
Well I have to leave I am going to buy a Seat Panda and sell it for the price of an ENZO because I have valid proofs that Seat Panda is better than Ferrari Enzo.

 

Lets buy Seat

Can we install bluepoint as sandboxed via defensewall?
If we cant, why defensewall passed test?

 

As said Open IE, click favourites (my bank account) Why the This examplary innocent average user script shows it is easy to get confused, even after searching the Internet for more information.

The only time when you are absolutely sure that your system is clean is after initial inistall of the OS. After that it is the trust you have in your security aps. So when someone adds a new type of security application, it is likely he/she is not feeling sure about it. Uncertainty often leads to confusion. So an avearge user will be confused. As a matter of fact you even fell for it

 

As I already said:
Only install an HIPS if you are sure that your computer is clean, so you can track and supervise the important changes.
So base on this and assuming that is the first time that you open IE with the HIPS, you can easily answer YES to the popup, if this is confusing for you there is nothing that I can do.


If you are not sure that your computer is clean an HIPS is not going to help unless you are more than an average user.

If an average user get confused he shouldnt use an HIPS.

Why the hell the people would use a tool that they dont understand? would you pilot a plane without the knowledge?

And about the testing method read the example of the car: https://www.wilderssecurity.com/showpost.php?p=1701053&postcount=120 I made my point you can be agree or not.

In my opinion the HIPS passed all the tests but MRG should warn in the report that not everybody would know how to answer the popups.

 

Exactly the point as you can see the warning is minimal and with no details on what/how is fixed or modified. You think users are noticing the small shield in windows 7 or VISTA? I am afraid you see things normal user DO NOT see or care of (like HIPS warnings).

You are still missing the point, is not what YOU can see but what an average user can see and care of

 

@Sveta MRG

Hi, did you miss post 22 as you havn't replied yet ?