New MRG test results

Looks like PrevX SafeOnline ruleeeees!

 

No, comments temporarily disabled due to most of them being blocked as spam (by youtube).

Regards,
Sveta

 

Thanks for avoid my questions, I already got my answers of the defects in the test and the lies.

But this is the main one:
Since you aswered wrong the red alert of D+ (you could block it) allowing an untrusted application (when a reliable site hosts malware I will consider your tool trusted, but by now is consider untrusted.) you are not proving anything just a wrong methodology.

Now is more clear than ever that Comodo was right about this issue. MRG even changed the methodology in the report (in comodo forums the have the both versions of the document)

 

[at] MRG

Due to disagreements with Comodo, you decided not to include Comodo in your future tests. Then all of a sudden, you make a video bashing a poster and allowing red alerts from Comodo to try to show that Comodo cannot pass this test.

Come on, be more professional! Have you ever seen AV Comparatives display a similar behaviour than yours?

 

The simulator was executed (installed) in the Sandbox, therefore any of its actions should have been blocked, they were not. After execution in the sandbox Comodo states the system is safe. It is not.

If the simulator is executed out of the sandbox, the only alert Comodo displays is the initial one about it being unsigned – it will display NO alerts after this and the simulator will then capture data entered in to banking sites in IE and then send this data out of the system – with NO alert from Comodo.
The reason we made this video is because it is unreasonable for people to make posts, stating how the simulator works and, specifically, stating how it works with Comodo – when they have no knowledge of it whatsoever and everything they say is pure conjecture.

This project is about more than SpyShelter or KeyScrambler, it is to demonstrate the need for dedicated browser security applications or for this functionality to be included in Internet Security suites. We are also assessing how quickly Anti-Malware applications can respond to a new threat.

Finally, I must point out that the control application Corbitek (and others) creates exactly the same alert with Comodo as the simulator – eg, it being unsigned.

Regards,
Sveta

 

As there appears to be confusion amongst some people regarding the methodology etc used in the test, i hope this will help to clarify the situation.

Let's get right down to it !

1 - Why/how are some apps passing ?

2 - Why/how are some apps failing ?

Image taken from MRG's PDF, "with permission" from Sveta MRG, where it CLEARLY states the following.



http://malwareresearchgroup.com/wp-...nking-Browser-Security-Project-June-20104.zip

 

The lastest version of Comodo does not allow a sanboxed application to access to internet, the old ones yes.
Why are you testing old software without the latest bug corrections...

Demostrate that keyscrambler.... do you really need to test keyscrambler in order to know if is going to fail or not? I thought that you where a security expert or at least that do you knew how to read

From the keyscrambler web site, this is the main slogan:
KeyScrambler Logo KeyScrambler encrypts your keystrokes deep in the kernel, giving keyloggers "scrambled," meaningless keys to record.

Keyscrambler claims that protects your against real time keyloggers, your tool captures the information when the information is being sent.

 

From the video it appears that Comodo Sandbox did not stop the hook and so it failed. However the hook was intercepted by Defence Plus and I guess if denied, CFP HIPS will pass the test.

I am pretty sure the failure of KeySrambler is valid also. Wish they can put a video for it too.

 

Yes you can test windows media player against the tool and will be a valid failure also, without any sense but valid. (Read the post above you if you didnt)

The MRG tool is not a Keylogguer, a Keylogguer captures the keystrokes, the tool is only able to capture the login information of a website (paypal) using internet explorer when this informaton is being sent.

 

We tested using the latest version of Comodo. As for KeyScrambler, I already told you all that I can at this moment in various posts.

Regards,
Sveta

 

If he used old version, that,s wrong, ok. With the version he tested, Sandbox failed. If new version,s sandbox can stop the hook, then OK. Stopping just internet access is not a full Pass to me, though it,s second line of defence against data protection and is very important as well.

I am not so emotional with any product.

Let,s wait until the month is over and I hope he can share the sample with some of us atleast or vendors. I am too curious to test it myself. I beleve any security software can be bypassed by a piece of malware/ POC etc.

 

-http://www.youtube.com/watch?v=0-xW6N8_eDI- Let this be the end of the Comodo story.

Regards,
Sveta

 

All I can saw was a blurry video which bashed a user and with 2 CIS red alerts allowed and CIS failed. WOW!

 

if it fails it fails nothing is perfect in life just move on people maybe next time when they updated it will passed

 

MRG pulled the original video. LOL

Anyway, to sum it up, if you are smart enough to click deny on the popup, CIS will protect you. If you allow it, you will not be protected.

The take away - if you are an experienced user CIS works great. If you are not experienced, you may be better off with a different app.

 

@ MRG - Why do my comments not show up on your youtube video, and ratings disallowed? Lame.

As posted on other forums. MRG is screening comments to their video. Unprofessional. I can't trust a company like that.

 

Stop bashing MRG.

 

Company ?? Don't make me laugh please

 

i think MRG is a small company you can even make donations in the website
i think this tester is doing a good job,keep doing your thing man you are cool

 

Seems KeyScrarmbler passed this time. Am I true?

http://www.browsersecurityproject.malwareresearchgroup.com/

 

No, that was when we tested Comodo, you can see it in the video.

Regards,
Sveta

 

how did SpyShelter do?

 

Dont worry keyscrambler is not going to pass any of the test since is an antikeylogguer and the MRG tool not a keylogguer.

 

It seems a typical keylogger, most probably working via a dll injection.

 

This is hilarious. Really.

Thanks MRG guys/gals with those videos you made my Saturday evening. I never laugh so much since Benny Hill era. Thanks again you're good at entertaining.
Ah, maybe after watching -http://www.youtube.com/watch?v=-iSfUorRiT0- this video you'll have an idea about how CIS works. Or maybe not.