[Thread split]MRG Flash Tests 2012

I agree with you, a configured sandbox will go a long way to protect us against keyloggers but that doesn't make SBIE, an anti keylogger.

For example, if the keylogger is in the real system, a restricted sandbox wont do nothing to protect the user when he types a password.

I think you need to read very carefully the first and second links from the Sandboxie website that I posted in the post that you quoted. CWS, Sandboxie is the best but it doesn't do everything.

Bo

 

SBIE is not anti-keylogger, that much is so obvious, however stating that it cannot protect against keyloggers is wrong, unless, like you said you install malwares outside SBIE.
This is why I was saying if you install malwares inside SBIE, not outside of it.
If any form of malwares are inside SBIE with tight configuration and restrictions, they cannot do anything, they all just sit there and wait to be deleted.

 

CWS, my post (the one that you are complaining about) was about how SBIE was tested by MRG in test one. There is no way that SBIE could pass that test, even if a restricted sandbox had been used, as the applications were tested to see if malware was detected when being downloaded and also if the keylogger was detected or stopped when run outside the sandbox. Thats what I wanted to come across.

If simulator 1 had been executed inside a restricted sandbox, I have no doubt that it would have been blocked by Sandboxie Start/Run restrictions but my post was about "how the test was done and why SBIE can not be expected to do anything in a test like that one".

Bo

 

Exactly, testing installations of malwares outside of SBIE is useless.
When you install from sandboxed Firefox or sandboxed Internet Explorer sandboxed malware applications than SBIE with tight restrictions will completely protect you.

 

One of the tested products, Trustdefender, that failed all 3 is now being supplied to customers of Rabobank Austrialia and New Zealand:

http://www.threatmetrix.com/fraudsa...aland-taps-threatmetrix-to-protect-customers/

 

Does that thing even works? It failed all three tests, i wouldn't be that confident using it.
I mean one test means nothing but when a program isn't well known and it fails the only test that i know of . . .

 

http://www.mrg-effitas.com/current-tests/

Looks interesting. Wish to get hold on their simulators . Also they have changed their methodology and seem to accept a HIPS type pop up alert as a detection. Comodo is included as well. However I see one major drawback in their methodology. Detection of simulator by antivirus( by signatures or heuristics) doesn,t mean anything IMO. This detection can be bypassed easily. Such simulators/ malware must be detected by behavior.

I noticed their forum link is not there anymore. Seems they have closed the forums.

 

MRG Flash Tests 2012

Good results for: AIS, CIS, and KIS.

 

Interestingly Trend Micro didn't do very well in this particular test - but doing much better in some others.

I'm testing out Avast! free just now working fast and smooth - is it worth 'upgrading' to AIS? I don't need anti-spam or firewall, but i wonder if i am missing important protection if not have the Avast safepay which comes with AIS?

 

Re: MRG Flash Tests 2012

And Emsisoft and DefenseWall.

 

Aren't those the old test results from a couple weeks ago?

 

Yes, they are and have already been discussed.

 

MRG Flash Tests 2012

Zemana, too.

 

Re: MRG Flash Tests 2012

Hitman Pro, in fact.

 

Yes, the old known stuff. But maybe they underhandedly changed some things in pdf again?

 

Did they ... more info please?

 

You could also upgrade to the cheaper Antivirus Pro, it hasn't got firewall and anti-spam, but it does have the on-demand sandbox and SafeZone. SafeZone is isolated from the rest of the system so if you would be infected with a banking trojan, then the trojan can't access your banking login/details if you bank in SafeZone. Whether you need it is up to you and what other layers you might have in addition to Avast.

 

MRG Flash Tests 2012

Hmm...

 

Shortly after release the pdf was edited sometimes, without ever to mention it. (example here) For example, first was stated all vendors got an early version of the sample, later not. Maybe cause some vendors said that this was not true.

Adding information to reports is not worse, but without mention it clear it is very unprofessional, at least.

 

Re: MRG Flash Tests 2012

Zemana Anti-Malware, tested in the Flash Tests, is a rebranded version of Hitman Pro. In the Banking test, they tested Zemana Anti-Logger which is Zemana's own product.

 

What we see is, simple signatures isn't enough anymore.

Products that consistently fail, rely heavily on signatures. Bit Defender fails many of these tests while products that use it's engine but have enhancements, generally pass.. Emsisoft and Bullguard are two examples. Bullguard and it's additional engines and sigs, as well as Commtouch. Emsisoft with A2 engine and HIPS. Both will always - 100% of the time - score higher in real world testing then their parent product.

Frankly, I wouldn't rely on a traditional AV exclusively these days. I would seek a product with traditional AV sigs, but enhancements.

 

That may or may not be true, but you cannot draw that conclusion from this test given that two out of the the three tests were made using custom simulators that had not had any ITW exposure. How is a signature meant to detect something that has never been seen by the AV vendors?

What the test does show is that 80% of the AVs detected or prevented capture from the simulator that had received ITW exposure

 

Seems to be a problem accessing the site at the moment. Warning: require(/home/tfts2190/public_html/wp-includes/load.php) [function.require]: failed to open stream: No such file or directory in /home/tfts2190/public_html/wp-settings.php on line 21

Fatal error: require() [function.require]: Failed opening required '/home/tfts2190/public_html/wp-includes/load.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/tfts2190/public_html/wp-settings.php on line 21

 

all we Waiting for are here!!


http://www.mrg-effitas.com/current-tests/flash-test-results/

http://www.blog.mrg-effitas.com/mrg-effitas-flash-test-24-10-2012/

 

Eventually it seems there is 100% zero-day detection (for DefenseWall, Emsisoft & Kaspersky)!