New MRG test results

Discussion in 'other anti-malware software' started by Dark Star 72, Jun 23, 2010.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    You can still see the details about what has been update in Control panel /windows updates

    You are missing the point, I already said like 4 (you should buy a new screen) times that if you are not even able to understand what is the shield dont use an HIPS.
    If you dont understand the promps from the HIPS dont use it.
    If you dont know that windows have updates dont use an HIPS
    If you a not an experienced use dont use an HIPS.

    But all this doesnt mean that you have to assume that nobody knows how to use it.
    If you dont know how to pilot a plane does not make the plane useless.

    If you are testing the speed of a car vs plane, because your dont know how to pilot does not mean that the car is faster than the plane or that the max speed of the plane is 0.
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Yes, for an average user Panda is better. It is safer, easy to park and cost less than the Ferrari both for buying it and mantaining it. The story just confirms the view that Ferrari is not a good car for normal user. This is why there are few owners of Ferrari around (price is obviously a key factor :cool: ).

    MRG test confirm that certain solutions do not provide the optimal protection needed for average users (the majority of customers that buy or install security solutions). After all these posts we can confirm with no doubts that it is a test that cannot suite your needs. LOL :D
     
    Last edited: Jun 25, 2010
  3. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    The blame for that lies with the vendors for marketing their products to every level of user.They should explain clearly that an MCITP level certification would be advisable to use their product.
     
  4. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    I would agree with you if security softwares would clearly warn the users about the risk involved in using their products. But this is not the case. For example, since you use Comodo (but it applies to ALL products), I just paste their product description:
    There is no mention on HIPS and the fact that this product can be used only if you understand HIPS. On the contrary it is described as easy to use and configure.
     
  5. guest

    guest Guest

    Since I installed CIS in my laptop I have had 3 popups from D+ after the first reboot. (remember that they added the sandbox and the whitelist, they are going to increase the whitle list with 6kk of files more). Not even after install some programs I have had a popup of D+.

    So yes, is easy to use and configure.

    But dont go offtopic.
     
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    But you get infected by a keylogger because HIPS do not give you (average user) a clear indication of the potential thread or does not block it automatically. Do you get the all point of this discussion? :)
     
  7. guest

    guest Guest

    No because the sandbox and the firewall would be protecting me, assuming that the AV is not able to detect it.
     
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    That was not unfortunately the case... as you have probably read during all these discussion. Moreover the point we are trying to highlight to you is not about isolation/sandbox or AV signature but HIPS :rolleyes:
     
  9. guest

    guest Guest

    Why? Every app that is not from a trusted site I run it in the sandbox first.
    Even if I dont run it in the sandbox and I accept all the alerts from D+ I will get a promt from the firewall.
    Are you telling me that an average user dont know how to answer a promt from the firewall?
     
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    I don't think anything, just looking to the facts and how HIPS can be an inefficient way of protecting average users. Not more not less.
     
  11. guest

    guest Guest

    Spyshelter Message;

    They passed me, They dont want more test with SpyShelter.
     
  12. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    I quit using HIPS due to the prompts; clear or not. We use a desktop pc and a laptop at my house and there are kids using both all the time. HIPS is impractical for us even if it is well designed.

    It would be beneficial and probably more comprehensive for MRG to include real banking malware along with there simulator like what Immunity did when testing SafeOnline.

    -info.prevx.com/download.asp?GRAB=IMMUNITY-

    Overall its good to see the test administrator active on this forum. :thumb:
     
    Last edited by a moderator: Jun 25, 2010
  13. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,252
    Location:
    New England
    The posting went off-topic again regarding issues with past tests. Some posts have been removed. Let's stay focused on this test, not the last one which we already discussed in detailed back in April.
     
  14. ALiasEX

    ALiasEX Registered Member

    Joined:
    Mar 30, 2010
    Posts:
    240
    Thank you Sveta and MRG for conducting these tests.

    :) I don't know why SONAR would start blocking it. There aren't any changes to the simulator, are there?
     
  15. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    771
    Following on ALiasEX post above I notice that Mamutu is now level 3 (green) after failing on the first day and that Prevx dropped to level 2 on the third day after level 3 on the first two days.
    Are there subtle changes to the way the simulator works on a day to day basis or is there another reason for the variations.

    PS: many thanks to LWM for trying to rescue my thread again
     
  16. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,975
    Location:
    Boston, MA
    The wonderful thing about behavior blockers. They learn about bad behavior. Eventually mamutu may have noticed that change in behavior was "bad" or changing.
    I believe that the malware samples do change slightly to simulate polymorphic malware that changes its code.
     
  17. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,592
    Location:
    Outer space
    You can read the PDF report for more info about that.
     
  18. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    771
    Have read it properly now since my post. Had been out all day and posted after a quick look at the results
     
  19. guest

    guest Guest

    Since many producs already detect the MRG tool as a threat what sense have continue testing this products if they are going to detect the MRG tool each time even before to make it work?
     
  20. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
  21. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    Its been taken care of. We had quite a few problems in the past 24h with bad posts on both forums and main site. Some people get emotional and express themselves in a way which is not appropriate.

    Regards,
    Sveta
     
  22. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    All vendors have to do to pass these tests is block, REMOVED, REMOVED and REMOVED based on file names.

    mrg.gif

    Maybe some already are using this method, rather than Real detections and/or Heuristically ?

    If i can grab the info, so can others.

    I alerted MRG to them allowing the above test file names to be shown via their screenies, TWICE in this thread in post 22 but NO response still ?

    We could say, a pass is a pass, but is it ? Depends, maybe !

    How do we know what method the vendors that are passing are using ?
     
    Last edited: Jun 25, 2010
  23. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
  24. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    It amazes me how upset people get when products they use don't do well in these tests. :cautious: They should instead be grateful that a weakness was exposed before malware exploited it.
     
  25. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    @Sveta MRG

    As YOU posted the screenies publically in your PDF showing the file names in FULL view for ALL to see, including vendors et al, i felt it was right to also do so, and point it out.

    What you could have done, and still do, is change the file names ASAP. Then the vendors would have no chance of detecting via file names alone. And then Properly blank out ALL fle names in ALL screenies.

    If i hadn't alerted you to this, you might have been none the wiser, and passed vendors who don't detect correctly. Now you can remove that vector :thumb:

    The file names are STILL visable in your PDF http://malwareresearchgroup.com/?page_id=2

    I wouldn't expect you to be exstatically happy about the revelations, you allowed to be shown First, but i would have thought you might be just a little grateful i had alerted you to all of this, so you can correct it asap.

    I want you to be successful, but making mistakes is often part of the journey. We ALL make them sometimes, that's how we learn. Don't blame the messenger ;)

    Regards
     
    Last edited: Jun 25, 2010
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.