[Thread split]MRG Flash Tests 2012

Always pleased with DefenseWall's results.

They seem to be MIA

 

Hehhee, unless in MIA

I don't see their.

 

Both Sandboxie and Bufferzone Pro failed BBC Sim!
http://www.mrg-effitas.com/wp-conte...Banking-and-Endpoint-Security-Report-2012.pdf

 

It would be interesting to know whether Sandboxie failed because of its default configuration.

 

what settings would need to be made so it does not fail? I have SBIE but am just a novice user of the program.

 

While I don't know the exact methodology used by this simulated exploit,SBIE has quite a granular range of settings,such as Start/Run restrictions (only allow web browser for example).Also you can drop rights and adopt a range of "read only/block access to" policies.

 

I can't be sure of course whether a tight configuration would have made any difference, a new test should be performed.

If you click Sandbox/Default box/Sandbox settings/Restrictions/Internet Access you can list the only programs (of your choice) that are allowed to access the Internet.
Similarly you can draw a list of programs that are allowed to start/run within the chosen sandbox in Start/Run Access.
Tzuk mentioned that a program could theoretically still inject itself into one of the programs allowed to access the Internet, and therefore elude detection.

I'm also wondering about the test system being 64 bit whether it affected Sandboxie's performance.

 

Somebody 'splain to me why and how Sandboxie, a program that contains threats, is being tested to see if it detects threats?

 

I believe the point with Sandboxie was to stop the malware from connecting to the Internet and and transmitting data to MRG.

 

Nice results for EAM, KIS, Avast and Comodo.
Recently KIS has been acing all tests, Avast! doing a great job this time and EAM . . . fulfilling my expectations.

 

Good points, Osaban.
Under default config, all programs can start/run and access the internet, as you know. As soon as a user adds just one program, the restriction then allows only that single program (or multiple programs as designated) to access or start/run.

If the test was at default, then I am not surprised by results.

Still, even with access, the threat is still contained and not harming system files, don't you agree?

 

Yes, the test was undertaken with default configurations, which IMO doesn't make any sense, as all the applications tested have often different targets in terms of security, as you have correctly mentioned Sandboxie in its core concept is designed at default to contain threats from spilling out of the sandbox.

Yes I do, but the point of the test was either to protect banking data from being successfully transmitted or blocking the malware from running. Sandboxie with 'Restrictions' activated could have protected in both instances.

I'm actually surprised that it passed the other tests, with default settings.

 

Thats what I was thinking.

Bo

 

If they tested with default settings than it doesn't make any sense, this is a waste of time and money. Why don't they ask Tzuk or someone else to configure Sandboxie to give maximum protection than test Sandboxie, they should really listen.
If they ignore it, than why test Sandboxie in the first place?

 

Wonder why Bitdefender wasnt tested with its Safepay

 

The BBC sim was downloaded through IE so perhaps it was already inside the sandbox and the two others were executed from USB so they were probably outside the sandbox.

 

Re the Sandboxie results - please read the testing methoogy again.
Step 6 a.b &c - the BBC simulator was downloaded to the desktop, the browser was closed, simulator started from the desktop and then the browser opened again to access PayPal login. Therefor the simulator was running outside the browser sandbox.
Had that been on my machine it would have been downloaded to a seperate sandboxed download folder from where I imagine it would have been neutered (no internet or run access in there)

One point that needs explaining though - the tests were supposedly run on a 64 bit system, if so how did they test Defensewall

I hope Sveta will drop in some time to 'enlighten' us.

Another poor showing from Webroot, they failed the BBC test first time and only passed it after having access to the simulator afterwards. It seems they stumble evertime they come up against some new and unknown.

 

Exactly there is the main point that makes me wonder and don't believe this test.

Why only the old simulator wasn't stopped by sandboxie, and the new "in house" variants that should behave the same way were blocked?

Also MRG claims for the old simulator ""As the variants of the BBC simulator were submitted to vendors over a long period of time..." - it would be nice if Sveta could give here some more details. Only submitted to the AV vendors or also to vendors of the other products? From some people whose products were tested I have information that they get NOTHING form MRG, no samples, no information, nothing...

 

MRG Flash Tests 2012

DefenseWall and Kaspersky IS: Great Results!

 

See methodology carefully: "3. A clone of the imaged systems is made for each of the 32 security applications to be used in the test."

 

How does that explain getting Defensewall to run on a 64-bit system?

 

There are too many things that don't seem to make sense in these tests, and it really looks like Sandboxie was tested without even knowing what it was designed for let alone its powerful configuration features. I'm still puzzled as how SB could fail one test and pass the others with default settings.

 

Yes, I quite agree with you. Thats why I said I hope Sveta drops in to explain things in more detail.
I am confident that with Sandboxie set up as tightly as I have it and with Zemana (which is compatable with SB) as well I am as safe as I'm going to get.

 

Another strange thing: At the end of october it was announced on MRG homepage that test is almost ready and will be published on oct. 26th. Everybody was waiting.

Now the test is out and we can read in report "All testing was conducted on the 28 th of October 2012."

 

They repeated the test? Thus the delay.