MRG Flash Tests 2011

spotless, thanks to FD-ISR.

 

With the frequent changes you make...

 

HIPS okay? I have my wife's pc and son's pc at college both on ESET 5....I alternate back and forth with it...my pet peeve is that it must be light on the system and ESET 5 seems to be at the top, on Win 7 anyway. Thanks

 

So we will start 2012 with Eset Trjam!
Hahahaha back on topic, can't wait to see more releases of the tests

 

Single Product Flash Test – Symantec Norton Antivirus
For those interested Norton scored a 92% on MRG's latest test.......
http://malwareresearchgroup.com/

 

Always interested thanks.

 

Woa Norton did pretty well actually!!

 

How on earth did they test 19.1.1.3? If they ran a LiveUpdate 19.2.0.10 would have been installed.

 

Version 19.1.1.3 is the version you get if you download the latest version from the official http://www.norton.com/nis12. Sounds weird - didn't they update the product before testing?

 

Yes we tested the 19.2.0.10 version, I just made a mistake and posted the version that was downloaded, all sorted now.


Regards,
Sveta

 

Cool, thanks for the update.

 

New test result now up. IKARUS this time and a 100% score.

http://malwareresearchgroup.com/201...ash-test-ikarus-virus-utilities-january-2012/

 

Nice showing by Ikarus. Is anyone using this program? I use Emsi which I am very satisfied with...I am assuming Emsi uses the latest Ikarus scanning engine? Also, does Ikarus incorporate any of the Emsi products in their anti-virus?

Do any of these 50 malware sample tests have criticism of some tests being easier to score well on than others? If so I with the MRG would be able to rate tests as easy/medium/difficult to pass...any thoughts?

 

Hi,

These tests are created to show effectiveness of chosen security product against 0-day malware threats that are released into the wild not more then 90 minutes before the test starts.

I can't say that any of these tests is easier then the other one (or tougher), we tend to use only the widest spread malware samples in their earliest stage. If you take a closer look, you will notice that we are using about 120 of the most common threats that users get infected with. Each of the samples used has A LOT of variants that will be released into the wild over the next few hours...(I am sure that you know how this works).

Why only 50 samples? Well the way modern AM applications work, there is a strong chance (from our experience 9/10 times) that if they catch one sample, they will catch most of the variants too (if not all). This is mostly thanks to generic, heuristic and behavior detection methods.


Regards,
Sveta

 

Sveta

 

Nice IKARUS, i would still got for EAM since it has a bit more oomph (Behavior Blocker, Surf Protection, Emsisoft engine)

 

I use and I am satisfied.

 

yeap

 

I'd like to see a grading system for the malware used,therefore a product failing against 2 less serious threats would still be graded "better" than one failing against a single,more damaging malware.

That said,I'm pleased to see that you're using malware samples that people might actually encounter in the real World,rather than obscure stuff that the average user would never realistically come across.

 

Ikarus=amazing protection

@Sveta MRG
When will you do Kaspersky and Panda test?

Sorry for my bad english
Cheers

 

What would you consider a damaging threat? Consider the following scenario:

1) User A gets infected with a piece of malware lurking in user land. This piece of malware, obviously isn't detected by the antivirus the user has. This piece of malware steals bank credencials. User A does perform on-line transactions.

Question: Damaging?

2) User B gets infected with a piece of malware that gets kernel access. This piece of malware, obviously isn't detected by the antivirus the user has either. This piece of malware also steals bank credentials, but User B never performs on-line transactions.

Question: Damaging?

 

Great to see continued activity.

 

... but Ikarus=amazing false positives as well

 

Can not have everything, and thinking the user first check the file that Ikarus detected, for example on virustotal.com

 

Hello everybody,


Let me start by saying that we plan to use almost all of the known AM applications in these single product Flash Tests. We are always open for suggestions tho

When it comes to categorizing samples by their threat level and by that I mean Low, Medium, High and Severe, this is a good idea indeed although we tend to use only High and Severe ones in our tests. One thing that we can talk about is how to label certain samples, I am sure that most of you have seen how one vendor label something as Medium Risk, ofter one as High and third one as Severe. Now, you may think "well let the vendors do their own thing and you do it like you think is right", and this would be OK, but will the vendors agree with this....lets take Rogues for example, most are labeled as Low Risk, but are they? How can some malware that uses MiTB attack method be labled as Medium Risk? These are just a few examples but there are many more.

A lot of cool tests/reports coming this year so stay tuned

Regards,
Sveta