MRG Effitas Real World Exploit Prevention Test March 2015

A

Azure

Level 28
Thread author
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
Project details: MRG Effitas Real World Exploit Prevention Test March 2015

  • Diverse set of exploit kits (12)
  • Diverse set of vulnerabilities (16 different CVEs) in the product comparison
  • Internet Explorer, Firefox and Chrome exploits used
  • Large number of internet security suites and anti-exploit tools – 13 products
  • Use of in-the-wild in-memory malware
  • Test with an artificial zero-day attack
  • Manual test and result analysis
  • Combined in-the-wild and Metasploit test
  • Sponsored by SurfRight – HitmanPro Alertv3
Source: https://www.mrg-effitas.com/mrg-effitas-real-world-exploit-prevention-test-march-2015/
 
  • Like
Reactions: FreddyFreeloader, Welldone, Daniel Hidalgo and 2 others
H

hjlbx

The Lohman brothers really improved HMPA.

Lots of really hard work.

It shows.

Better than v. 2.
 
Last edited by a moderator:
  • Like
Reactions: Daniel Hidalgo
kiric96

kiric96

Level 19
Verified
Well-known
Jul 10, 2014
917
i wonder how they "do" these test... while HMPA may be a good product i dont really think that they did an equal test for all of the products, neither they use a fair environment
 
  • Like
Reactions: randj89
FleischmannTV

FleischmannTV

Level 7
Verified
Honorary Member
Well-known
Jun 12, 2014
314
Funny how existing customers, who would have sucked in this test big time, are conveniently spared from being tested, whereas former customers like Emsisoft, who don't even advertise exploit protection, are bludgeoned in this comparative and are not even permitted to utilize their modules properly, so they are much more likely to fail.
 
Enju

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
FleischmannTV said:
Funny how existing customers, who would have sucked in this test big time, are conveniently spared from being tested
Click to expand...
You are talking about Webroot, am I right? I was wondering why they weren't being tested while Emsisoft was.
 
H

hjlbx

I read the test methodology.

Unfortunately, MRG doesn't specifically state in no uncertain terms - that they only tested exploit protection within the browser.

What they did is there in print. One just has to carefully read what they counted as a block and a fail. Only then is it clear.

That's why they ignored payload blocks by, for example, Emsisoft's Behavior Blocker.

Lots of folks are screaming "foul" over this test, but to be perfectly honest, ignoring a payload block makes sense to me.

In any case, once in a while MRG tests get that "dodgy" feel to them.

This is one of them.

There's always some kind of drama connected to HMPA... either on the forums or published tests.

If given the choice... would you use HMPA 3 or the old version 2 ?

Hah... gotcha.

* * * * *

I use Emsisoft.

Emsisoft openly states that their products provide no anti-exploit protections for compatibility reasons (go look on Emsi forum).

So I use anti-exploit for the browser only - MBAE free.

I do not use any Adobe products, Oracle's Java\JRE, Windows Media Player, Microsoft Office, etc - so as to reduce the attack surface.
 
randj89

randj89

Level 4
Verified
May 7, 2014
172
Instead of naming it real world exploit prevention test, they should name it Hitman Pro Alert test because that's the only one you can see. They put charts of the other products but there's no actual tests shown.... So that makes me wonder how did they get the results..... No proof of concept or anything for me....
 
H

hjlbx

randj89 said:
Instead of naming it real world exploit prevention test, they should name it Hitman Pro Alert test because that's the only one you can see. They put charts of the other products but there's no actual tests shown.... So that makes me wonder how did they get the results..... No proof of concept or anything for me....
Click to expand...

It's a test pretending to be a test.

It was cobbled together.

Initially, only HMPA 3 was tested.

Surfright requested other security solutions be added for comparison.

Still, HMPA 3 has a lot of improvements over old version 2.
 
  • Like
Reactions: jamescv7 and randj89
Alexstrasza

Alexstrasza

Level 4
Verified
Mar 18, 2015
151
This test is just ...weird.

They even tested products that openly do not possess anti-exploit modules (as a lot of people has stated above... Emsisoft would be a prime example). What is the point of that?

You cannot test a fish by telling it to climb a tree.

If this kind of tests want to be called *fair*, then it should be between HMP.A, MBAE, EMET and Crystal AE.
 
  • Like
Reactions: rienna, jamescv7, randj89 and 1 other person
randj89

randj89

Level 4
Verified
May 7, 2014
172
hjlbx said:
It's a test pretending to be a test.

It was cobbled together.

Initially, only HMPA 3 was tested.

Surfright requested other security solutions be added for comparison.

Still, HMPA 3 has a lot of improvements over old version 2.
Click to expand...
I agree!
 
Enju

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
hjlbx said:
What they did is there in print. One just has to carefully read what they counted as a block and a fail. Only then is it clear.
That's why they ignored payload blocks by, for example, Emsisoft's Behavior Blocker.
Lots of folks are screaming "foul" over this test, but to be perfectly honest, ignoring a payload block makes sense to me.
Click to expand...
I just translated what Emisoft said themselves, but why would ignoring a payload block make sense? As long as the exploit has no real system impact it doesn't really matter if it was blocked before or after execution imo.
 
H

hjlbx

MRG only consider it an anti-exploit if it was blocked at the browser level.

Once the payload has been completely downloaded it has left the browser and entered the Windows file system.
 
B

bitbizket

Level 3
Jul 26, 2011
250
The fun part almost all AV + MAE used as a companion scored 98-100% even Emsisoft.
Seems like a one sided test which does not considered other layered of protection involved.
 
  • Like
Reactions: rienna
rienna

rienna

Level 2
Verified
Mar 28, 2015
64
Nice to see. I'm curious if anyones ran any test with MAE free with all the protections turned on. (by default only a fraction are on).
In the free version the only thing you can't turn protection on for in advanced settings is VB scripting protection for anything other than Internet Explorer. Surprisingly enough.

I've personally opted to crank everything up (what could it hurt?) and haven't noticed any negative side effects.
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
AV-Comparatives Business Security Test March-April 2023 – Factsheet
Replies
1
Views
743
Security Statistics and Reports
Trident
Trident
Gandalf_The_Grey
    • Like
AV-Comparatives Advanced Threat Protection Test 2023 – Consumer
Replies
0
Views
449
Security Statistics and Reports
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
AV-Comparatives Advanced Threat Protection Test 2023 – Enterprise
Replies
0
Views
617
Security Statistics and Reports
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top