[Thread split]MRG Flash Tests 2012

Discussion in 'other anti-virus software' started by LoneWolf, Jun 30, 2012.

Thread Status:
Not open for further replies.
  1. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Right. I thought the 'joking' referred to Amin' post.
    Sorted. :)
     
  2. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    DefenseWall's core technology is not whitelisting, it's a sandboxing-style HIPS system. Whitelisting is used only run run known as good software installation files as trusted automatically.
     
  3. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    ^I'm not gonna argue with you about your own program oc. Point taken.
    Better put would be perhaps a distinction between signature and non signature based progs (although EAM and Bluepoint are both a mix of whitelisting/behavioural blocker and signatures oc).
     
  4. qakbot

    qakbot Registered Member

    Joined:
    Aug 25, 2010
    Posts:
    380
    Yeah, thats exactly why I am not sure what MRG tests are "detecting". I haven't used your product, but from your description, I would assume that either
    a) the product alerts on every suspicious behavior OR
    b) the product silently sandboxes all changes, in which case I would assume they would need to test False positives to get a complete picture of the effectiveness to ensure you aren't sandboxing EVERY app including good apps. its very easy to sandbox every app and break many in the process.

    In case of a) above I dont consider that a "detection", I consider that an "alert" which forces the user to make a decision which could be wrong.

    So what does DefenseWall "detect" to get a 100% detection rate ?
     
  5. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Not all but most of the changes. That is the main trick used by Avast or DefenseWall. It is very important to evaluate false alarms on execution also!
     
  6. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Nope.

    Nope.

    There are no "false positives" in your terms. DW runs new software installation files, known as good, as trusted automatically (in case whitelisting on), other case prompts you if you want to install new program trusted or untrusted.
     
  7. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,688
  8. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    818
    I like Kaspersky, but I am starting to have a hard time believing that they can get 100% detection on zero hour malware like that all the time, especially with KAV that doesn't have the HIPS that KIS does but has to rely mostly on signatures.
     
  9. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    5,997
    Location:
    New York City
    Thanks LoneWolf. Another mediocre performance from Eset.
     
    Last edited: Aug 25, 2012
  10. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,253
    Location:
    North Texas
    Thanks LoneWolf.....Kaspersky and Emsisoft always there.
     
  11. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,985
    Location:
    Parallel Universe
    Look at SAS. It sucks.:thumbd:
     
  12. Jim1cor13

    Jim1cor13 Registered Member

    Joined:
    Aug 4, 2012
    Posts:
    473
    Location:
    US
    I have to agree King Grub. As interesting as these tests can be, sometimes I get the impression things are not always 'above board', but that is just me. Kaspersky is good, but nothing is 100%. Even if it actually was possible to achieve 100%, I would not personally use KAV/KIS, or BD for reasons I have stated many times, they can be monsters on ones system and are far from perfect. Testing is good, certainly, but it does often appear there is a slant towards some, but again, that is just my opinion.

    Thanks for your thoughts :)
     
  13. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,051
    Location:
    United Surveillance States
    When I was running KAV 2009/2010, it had HIPS. Did they remove it from later versions of KAV? I have also been wondering how much of a factor HIPS has been for KAV and EAM's stellar results. I recently discovered that the latest version of EAM isn't giving me conflicts with MD, so I've been running with EAM for a couple weeks now. It has been very impressive so far - light on my system and it downloads signature updates more frequently than anything I've ever used before. :thumb:
     
  14. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    KAV never had HIPS, it has a complex PDM which now (2013) has been integrated into SystemWatcher.

    Nobody said that, if we look we can find samples that even pass KIS. But it has an impressive cloud detection and many proactive features.

    Unfortunately MRG tests have not much details, to see what is so effective. Another point is the source of MRG's few test samples. Maybe KL watches the same sources, also KL has many honeypots...

    Emsisoft and Bluepoint also deteted all until now - here no one wonders? I think for those relative small vendors it's even more impressive - or confusing. :)
     
  15. Jim1cor13

    Jim1cor13 Registered Member

    Joined:
    Aug 4, 2012
    Posts:
    473
    Location:
    US
    Good points SLE, thank you :) I would lean towards more confusing LOL

    Have a good day!
     
  16. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    818
    Emsisoft has a good behaviour blocker so I'd expect that to stop a lot. Which it obviously does, since Ikarus has a number of fails.

    I don't know much about Bluepoint and how it detects and stops stuff.
     
  17. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,051
    Location:
    United Surveillance States
    What is a PDM?
     
  18. syk69

    syk69 Registered Member

    Joined:
    Feb 7, 2010
    Posts:
    183
    These tests are missing details on how each AV passed the specific 0 hour malware sample. Was it their heuristic definition? HIPS? Cloud detection? Saying what technology helped in blocking the sample will be more helpful to people then just saying PASSED.

    I mean the point of these tests to help people decide what AV to choose I assume right? And as is it doesn't help any at all.
     
  19. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,688
    If I'm not mistaken that would be "Proactive Defense"(module).
     
  20. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    5,997
    Location:
    New York City
    This information used to be provided. Not any more.
     
  21. Amin

    Amin Registered Member

    Joined:
    May 16, 2012
    Posts:
    437
    Location:
    UK
    what's wrong with SAS o_O
     
  22. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,253
    Location:
    North Texas
    Vapor-Lock. It really is stunning this time...not sure about SAS.
     
  23. syk69

    syk69 Registered Member

    Joined:
    Feb 7, 2010
    Posts:
    183
    Why was it taken off?
     
  24. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    5,997
    Location:
    New York City
    That's a question for MRG.
     
  25. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA

    It just has a high level of sucktitude.

    Did you see the SAS results --- even 12 hours later?

    http://www.blog.mrg-effitas.com/



    Nuts.
     
    Last edited: Aug 25, 2012
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.