Matousec: Proactive Security Challenge

[~Джон Доу~ 45]

Заглянув в кошелек,Нейл вздохнул,пробормотал про себя фразу"376 раз-не дикобраз"...

"Эт точно." (с) Сухов

The Best Security Suites of 2012 (с) Neil J. Rubenking

(а ещё в PCMAG каки-то неправильны ступеньки)

глянцевые журнальчики такие глянцевые:

"Немецкие Computer Bild и PC Welt - мы тоже на верхней ступеньке пьедестала И так далее." (с) e-kaspersky.livejournal

[NKjulanoff 0]

Ну кроме любителей и наблюдателей подобных тестирований и их самоуспокоения.

Вот я, вполне себе опытный пользователь, могу вполне осознанно пользоваться и кис, и комодо, и outpost и другими, задающими вопросы программами в интерактивном режиме.

[Dmitriy K 603]

2012-05-21

Ad-Aware Total Security 21.1.0.30 --- 3% --- None

eScan Internet Security Suite 11.0.1139.1150 --- 5% --- None

Total Defense Internet Security Suite 8.0.0.87 --- 21% --- None

VirusBuster Internet Security Suite 4.1 --- 71% --- Good

VirusBuster Internet Security Suite is a product that is based on the Outpost engine. This is why it did not surprise us that it scored well and took the third position in our challenge. It is natural that products that are based on third party engines do perform a bit worse than the original products. Most common reasons are that the derived products use slightly older versions of engines or that they are not so perfectly tweaked or do not utilize all possibilities of the used engine. This is the case of VirusBuster. It finished with 71% score, which means a protection very close to what Outpost Security Suite Pro offers.

If Total Defense Internet Security Suite sounds unknown to you, note that it used to be called CA Internet Security Suite. The Internet Security division of CA Technologies has become an independent company called Total Defense, Inc. The core of their flagship product has not changed, just its name has. In our tests Total Defense scored 21 %, which is not a good result. This product implements many security features, but most of them are half-baked. This means some methods of infecting the system are secured, some are not; the self-defense is effective against several techniques but some can break it; the user's data can not be stolen from the protected machine using basic methods, but when more advanced techniques are used, it is no problem. Some of the features of Total Defense are implemented using insecure user mode hooks.

eScan Internet Security Suite offers just a very basic set of features. Nothing much to talk about. 5 % for eScan for today.

Ad-Aware Total Security is another product tested today that is based on a third party engine. In this case, it is the engine of G Data. And this is probably the main reason why Ad-Aware Total Security finished among the worst products in Proactive Security Challenge 64 with the score as low as 3 %.

[Сергей Ильин 1538]

VirusBuster Internet Security Suite 4.1 --- 71% --- Good

VirusBuster Internet Security Suite is a product that is based on the Outpost engine.

Бартер рулит. Так и недолго слиться в русско-венгерском экстазе

[Виталий Я. 859]

Бартер рулит. Так и недолго слиться в русско-венгерском экстазе

Сливаться (тем более с рынка) тут необязательно, да и бартера тут 0

Т.к. никто тут свечку не держал, поясню: венгры в основном в корп. секторе и лицензировании преуспели (а этот контракт идет отдельно от лицензирования, т.к. они получают ребренд) и отдает дань их устремлениям сделать апселлинг своей базе домашних пользователей (+ нагрузить партнерский канал, где он построен).

[Dmitriy K 603]

2012-06-18

ESET Smart Security 5.2.9.1 --- 51% --- Poor

K7 TotalSecurity 2012 12.1.0.119 --- 3% --- None

[Сергей Ильин 1538]

2010-11-05

ESET Smart Security received 6 %.

2012-06-18

ESET Smart Security 5.2.9.1 --- 51% --- Poor

Прогресс то очень даже неплохой, хотя до ТОП-уровня еще далеко.

[Dmitriy K 603]

2012-07-13

avast! Internet Security 7.0.1456 --- 15% --- None

ThreatFire 4.7.0.53 --- 5% --- None

Outpost Security Suite Free 7.1.1.3431.520.1248 --- 71% --- Good

ZoneAlarm Free Antivirus + Firewall 10.2.064.000 --- 34% --- Very poor

Today's best score was reached by Outpost Security Suite Free. The same engine is being used in both the free and the Pro version of Outpost products. The difference between the free version and the commercial Pro version is that the free version uses slightly older version of the engine. This is why the protection of Outpost Security Suite Free is lower and so is its score – 71 %. Still a Good level of protection.

ZoneAlarm Free Antivirus + Firewall finished with 34 %. This score is lower than the score of its paid version because some of the features of the paid version are not included in the free version – the protection against keyloggers for example.

avast! Internet Security is the only product tested today that is not available for free. The results of its recently released major version 7 are exactly the same as those of the previously tested version 6, which means 15 %. On the field of protection features that are tested in our challenge, there are no improvements in the new version of avast!.

ThreatFire passed few tests and finished with 5% score in the red zone among many others.

Из отчета по авасту:

Further notes

avast! fails Keylog3 not only in the normal environment but also within its special SafeZone environment that is designed to protect against keyloggers. This was proved using a slightly modified version of the test.

[Сергей Ильин 1538]

Для Аваста конечно эпичный фейл получился, пробился даже из SafeZone. Как такое получилось вообще не понятно. Баги?

[Виталий Я. 859]

Как такое получилось вообще не понятно. Баги?

Или скорость имплементации новых уровней защиты не та.

[Dmitriy K 603]

Или скорость имплементации новых уровней защиты не та.

2011-12-21 Proactive Security Challenge 64 report

avast! Internet Security 6.0.1367:

Further notes

avast! fails Keylog3 not only in the normal environment but also within its special SafeZone environment that is designed to protect against keyloggers. This was proved using a slightly modified version of the test.

Результаты тестов для avast! Internet Security версий 6.0.1367 и 7.0.1456 равны.

[Сергей Ильин 1538]

Что SafeZone за безопасная среда такая, если она пробивается кейлоггером %) Вот что меня смущает здесь. Или Аваст заигрался и выкатывает сырой функционал, очень сырой, на что намекает Виталий Я.. Или есть какая-то ошибка в снятии результата тестовыми утилитами.

[Dmitriy K 603]

Что SafeZone за безопасная среда такая, если она пробивается кейлоггером %) Вот что меня смущает здесь. Или Аваст заигрался и выкатывает сырой функционал, очень сырой, на что намекает Виталий Я.. Или есть какая-то ошибка в снятии результата тестовыми утилитами.

Комментарий от саппорта matousec:

The primary testing configuration is outside SafeZone. However, we have confirmed that even if SafeZone is used, the user is not protected against Keylog3 technique. SafeZone is implemented as a secondary desktop, but this new desktop is not secured well and it is possible to infiltrate it from the outside.

[Виталий Я. 859]

Или Аваст заигрался и выкатывает сырой функционал, очень сырой, на что намекает Виталий Я..

Или я намекаю на что-то другое, но на что - не скажу

[Dmitriy K 603]

2012-08-07

Bitdefender Total Security 2013 16.18.0.1406 --- 9% ---None

G Data TotalSecurity 2013 23.0.4.0 --- 4% --- None

Privatefirewall 7.0.28.1 --- 88% --- Very good

UnThreat Internet Security 2012 4.2.33.12488 --- 3% --- None

The latest version of Privatefirewall came with many great improvements that caused its score to jump up from the previous 56 % to the today's almost excellent 88 %. There are just few techniques left that can be used to bypass its protection. COM based techniques that are used in tests such as Flank, BITStest or Schedtest3 cause big troubles to Privatefirewall. Otherwise the protection of Privatefirewall is very solid. Privatefirewall takes the second place in our challenge, a great result for another product that is available free of charge!

Bitdefender Total Security 2013 scored exactly the same as its previously tested 2012 version. This means no improvements on the field of host protection security that Proactive Security Challenge 64 focuses on. 9% score is just not good enough.

Bitdefender has not improved, but G Data TotalSecurity in its 2013 version scored even worse than its previously tested 2012 version. A huge security suite that ended deeper in the red zone than the last time. 4 % for G Data this time.

Unlike other three products tested today, UnThreat Internet Security is new to our challenge. However, its debut testing ended early in the first level with 3 % score, which means that we have just discovered another product that we can not recommend.

[Сергей Ильин 1538]

G Data TotalSecurity in its 2013 version scored even worse than its previously tested 2012 version.

В G Data решили нащупать дно, при достижении которого их клиенты еще будут считать, что покупают в составе TS фаервол?

[Вадим Волков 176]

Я так понимаю, что по условиям тестирования для прохождения на следующий этап (level) тестирования необходимо на каждом этапе показывать результат не менее 50%.

Насколько результаты одних этапов коррелируют с возможными результатами на других? Т.е. если AV не прошел какой-то этап, то на следующем ему делать нечего или результат мог бы быть и положительным?

Например, на Level 1 Norton и Kaspersky прошли с результатом 70%, а Avast - 80%, на Level 2 - 40%, 80% и 50%. На третьем этапе вылетел Avast, на 5-м KIS.

Если бы тестировали все антивирусы до последнего этапа - результаты распределения по местам сильно могли бы отличаться? Вероятно, что у большинства продуктов не было бы таких позорных процентов (от 3 до 28)?

[Виталий Я. 859]

Т.е. если AV не прошел какой-то этап, то на следующем ему делать нечего или результат мог бы быть и положительным?

Да, все именно так.

[Dmitriy K 603]

Т.е. если AV не прошел какой-то этап, то на следующем ему делать нечего или результат мог бы быть и положительным?

Такой ответ устроит?

From our experience, it is unlikely for a product to score well on higher levels if it has problems on lower levels.

It is as you understand it - higher levels contain more difficult tests. For example, if a product fails the Kill1 test, it means that its self-defense mechanisms are implemented poorly or are not implemented at all. The Kill1 test is very straightforward, does not use any tricks, just tries to attack the security product's processes directly. If a product fails this test it is really unlikely for it to pass much more advanced Kill* tests that use tricky techniques for their attacks.

This holds for many other tests like File*, Reg*, Crash*, Keylog* tests etc. More and more sophisticated methods are used on higher levels. If even basic methods are not blocked it does not make much sense to try more advanced methods.

[Dmitriy K 603]

2012-09-04

AhnLab V3 Internet Security 8.0.6.6.1197 --- 2% --- None

ArcaVir Internet Security 2012 12.8.6401.1 --- 4% --- None

TrustPort Total Protection 2013 13.0.3.5073 --- 8% --- None

ZoneAlarm Extreme Security 2012 10.2.074.000 --- 43% --- Very poor

A regular update for the latest versions of ZoneAlarm Extreme Security and TrustPort Total Protection confirmed their previous results. For ZoneAlarm Extreme Security, this means 43 % and 8th position in our challenge. For TrustPort Total Protection, it is 8 %, which means a position among other software that we can not recommend for its proactive protection.

ArcaVir Internet Security and AhnLab V3 Internet Security were tested for the first time in our challenge but their result were not good. The score of AhnLab V3 Internet Security is 2 %, which means the worst result in Proactive Security Challenge 64 from all the tested products so far. ArcaVir Internet Security scored 4 % and finished better than AhnLab only because of its ability to protect some registry entries from being infected.

[Lias 5]

2012-09-18: A single product update:

Kaspersky Internet Security 2013 13.0.1.4190

With the new 2013 version, Kaspersky Internet Security returns to the top. Kaspersky Internet Security 2013 is able to control most of the malicious techniques. The only general problem this product has is with COM/OLE based techniques. Its today's score is 86 %, a Very good level of protection, which is currently enough for the tied third place in our challenge. Congratulations!

в итоге - 3/4 место! Отлично

http://www.matousec.com/projects/proactive...-64/results.php

[Danilka 678]

2012-09-18: A single product update:

Kaspersky Internet Security 2013 13.0.1.4190

With the new 2013 version, Kaspersky Internet Security returns to the top. Kaspersky Internet Security 2013 is able to control most of the malicious techniques. The only general problem this product has is with COM/OLE based techniques. Its today's score is 86 %, a Very good level of protection, which is currently enough for the tied third place in our challenge. Congratulations!

в итоге - 3/4 место! Отлично

http://www.matousec.com/projects/proactive...-64/results.php

Работа над ошибками, по сравнению с 2012.

[Виталий Я. 859]

Работа над ошибками, по сравнению с 2012.

А сбор средств на восстановление провала шел с релиза 2012? "Детям и милиционерам - пять копеек"

[Umnik 997]

Это все равно плохо, по сравнению с тем, что было раньше.

[DelicateHeart 0]

2012-10-10:

AVG Internet Security 2013.0.2677 --- 3% --- None

Avira Internet Security 2013 13.0.0.2693 --- 9% --- None

McAfee Total Protection 2013 11.6.434 --- 3% --- None

Panda Global Protection 2013 6.00.01 --- 4% --- None

This is the time of the year during which many vendors introduce new versions of their products for the upcoming year. The "2013" label is included in version names of all products tested today. More 2013 products will be tested next time.

Avira Internet Security is the product that finished with the highest score today, but since its score is as low as 9 %, we can hardly speak about a success. Yes, a slight improvement over the previsouly tested 2012 version, but this is just not good enough. The results of other 2013 products tested today are not worth mentioning. They all provide nothing but a simple and easy to bypass functionality on the field of host protection and proactive security.