MRG Effitas:In-the-wild Ransomware Protection Comparative Analysis 2016 Q3

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,354
Competitor products tested
  • BitDefender Anti-ransomware 1.0.12.1
  • Cryptoprevent 7.4.21.0
  • MalwareBytes Anti-Ransomware Beta 0.9.16.484, 1.0.0
  • Hitmanpro Alert build 3.1.10 373

00.png

Based on this report, Zemana AntiMalware proved to be the best ransomware protection among the tested
products during the test. These scores are not normalized with the prevalence of the ransomware samples.
Usually, the most prevalent samples are included in these generic protections, but as always, life (and IT Security) is
never simple.

Full Article: https://www.mrg-effitas.com/wp-content/uploads/2016/07/Zemana_ransomware_detection.pdf
 
N

NullByte

Test was paid by Zemana so it makes sense that Zemana will be #1. Each time I see tests like this (Paid/Sponsored), it makes me not recommend that software to anyone even if it's a good (decent) product. I don't wanna support this type of behavior, that's why I don't like most security products.

The HitmanPro developer post from wilders is epic :cool:
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Test was paid by Zemana so it makes sense that Zemana will be #1. Each time I see tests like this (Paid/Sponsored), it makes me not recommend that software to anyone even if it's a good (decent) product. I don't wanna support this type of behavior, that's why I don't like most security products.

The HitmanPro developer post from wilders is epic :cool:
There was an equally good reply from @cruelsister but the mods removed it for review. Which as a matter of fact i don't understand. Censorship without a serious reason is bad.
 
N

NullByte

There was an equally good reply from @cruelsister but the mods removed it for review. Which as a matter of fact i don't understand. Censorship without a serious reason is bad.

I don't wanna comment anything especially after the VoodooShield stuff and how much hate I've got. I'm censoring myself a lot and I will keep doing it, even here.

It's so easy to show how bad other products are. If I quote myself "The best security product is the one you will not find in any botnet (or other malware) installed security products."

I did a test two days ago with almost 200 GB of malware and the detection was below 30% after the execution of some files the protection level went to ~50 to 55% (I only executed a few samples because the VirtualBox was so infected my laptop couldn't handle it). Why I'm telling this ? Well, it's because if you have a new type of malware there is a 99.9% it will bypass your security software and because of that you must "pay" or use other type of deception to show how epic is your product. Paying or sponsoring a test will always get you better protection level no matter what product you test. I have to say that most "tests" are questionable, I said most because I don't wanna get hate for saying all :)

Censoring (or lacking of critical thinking, not accepting other people point of view that is different from your point of view) will only make your community look bad.
 

Kardo Kristal

From Crystal Security
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143
Hi @NullByte,

I agree with you.

Mods must have very good "Anti-Trolling system" in their brains to detect any kind of bad behavior here by some members (misleading comments, spamming etc..). They can't bypass (allow) everything and they also can't censorship (block) everything. Fortunately we have many mods aka "Vendors" here so they can together decide which is wrong or right.

About this test: In general I like Zemana and their products but I do not like any kind of sponsored or paid tests. It is strange that WinAntiRansom is not included in test. Just my opinion.

Regards,
Kardo
 
Last edited:

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
They intentionally left out Malwarebytes AM for obvious reasons ;)
It's just my educated opinion but, in a legitimate head to head test MBAM would wipe the floor with them so it was a good idea to exclude them and include the fledgling beta product MBAR.
This type of behavior (test) speaks volumes about Zemana, and honestly I did not expect this from them. :(
Thanks for the post Petrovic :)
 
Last edited:
H

hjlbx

I don't wanna comment anything especially after the VoodooShield stuff and how much hate I've got. I'm censoring myself a lot and I will keep doing it, even here.

It's so easy to show how bad other products are. If I quote myself "The best security product is the one you will not find in any botnet (or other malware) installed security products."

I did a test two days ago with almost 200 GB of malware and the detection was below 30% after the execution of some files the protection level went to ~50 to 55% (I only executed a few samples because the VirtualBox was so infected my laptop couldn't handle it). Why I'm telling this ? Well, it's because if you have a new type of malware there is a 99.9% it will bypass your security software and because of that you must "pay" or use other type of deception to show how epic is your product. Paying or sponsoring a test will always get you better protection level no matter what product you test. I have to say that most "tests" are questionable, I said most because I don't wanna get hate for saying all :)

Censoring (or lacking of critical thinking, not accepting other people point of view that is different from your point of view) will only make your community look bad.

Then they have accomplished their goal -- by silencing you either of your own accord or by other means.

You have to be thick-skinned and not worry about what others think\feel. You have the right to express the truth. Abrasive counter-debate is to be expected.

On the security forums, there are a lot of highly opinionated people - and those that live in denial.

Ask anyone here, I have had to fight hard against some detractors - because I have stated things people do not want to hear or like.
 
H

hjlbx

These tests are only a guideline.

In my experience sometimes my self-test results differ greatly from the published tests. That doesn't mean too much - because I don't have the same samples as used in the test - but it does give me a darn good idea of what works and what doesn't on my specific system with the samples to which I have access.

It is not that difficult for a user to install Rollback Rx Home (freeware) and then proceed to test each product against different ransomware.

This is the only way not to have any nagging doubts about the soft installed on your system versus what a published lab test says.

This basic concept is not difficult... when in doubt, prove it to yourself by doing it yourself.
 

Xtwillight

Level 6
Verified
Well-known
Jul 1, 2014
297
Censoring in a Forum must be.;)
But the team or the censor should It justify.
A forum consists and falls with its engaged Users.

It is fair If one it the User a Threads
or one Test shares with Why censored has.
Comunication is important, Why so has decided.

To the Testresult and the Sponsoring Zemana AntiMalware:
I find the test from MRG Effitas does not Relevant.

1)Zemana AntiMalware is not only AntiRansomware, it is a AV.
2)WinAntiRansom missing in the Test.
 
H

hjlbx

The rationale behind not using WinAntiRansom in the test is that it is not a widely known product.

No one has even mentioned that the test includes a beta product - MBAE.

Technically, I don't know how one can truly can consider a side-by-side comparison between a stable and beta product a fair comparison.

This is why SurfRight has moved to private beta testing. In the past their beta releases have been used as comparison products in lab tests. It isn't difficult to understand why SurfRight would (justifiably) cry "Foul... foul ! Test is no fair !" The fairness question applies no less to a beta MBAE product.

Interpret it as you will and use your own judgment...

If lab testing is questionable in any way, then it naturally calls into question what or what has not been proven during the testing and published in the test results.

Security soft vendors should be more acutely aware of this fact, but I don't even think it is considered.
 
Last edited by a moderator:

Kardo Kristal

From Crystal Security
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143
No one has even mentioned that the test includes a beta product - MBAE.

Technically, I don't know how one can truly can consider a side-by-side comparison between a stable and beta product a fair comparison.

Mark Loman from SurfRight also mentioned interesting thing in his analysis.

"It is also interesting that the sponsor told MRG Effitas who to include, that no other AV/AM was part of the test. So basically it was 1 AV vs 4 non-AV."

Regards,
Kardo
 
H

hjlbx

Mark Loman from SurfRight also mentioned interesting thing in his analysis.

"It is also interesting that the sponsor told MRG Effitas who to include, that no other AV/AM was part of the test. So basically it was 1 AV vs 4 non-AV."

Regards,
Kardo

If your gonna pay - and pay handsomely at that - to have your product tested, naturally you will position your product in such a way that it will be demonstrated as the best - right ? Common sense...

One cannot deride Zemana too much for this... afterall, sponsored lab tests are an industry standard practice. The greater problematic issue is not the products tested, but the manner in which testing is done. True scientific testing eliminates all bias. But therein lies the problem, sponsored tests are not done according to statistical\scientific principles; there is an agenda - marketing.

Technically, that is why it is best to use published lab tests results as a guideline - and figure out what works best on your specific system via your own testing.

For example, what if - for example - for whatever technical reason(s) Zemana will not function correctly on your specific system ? In that case, it doesn't matter if Zemana is absolutely the best security solution in the history of mankind for all time.

Some fundamental concepts that are not considered by a lot of users...
 
Last edited by a moderator:

Kardo Kristal

From Crystal Security
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143
For example, what if - for example - for whatever technical reason(s) Zemana will not function correctly on your specific system ? In that case, it doesn't matter if Zemana is absolutely the best security solution in the history of mankind for all time.

Hi @hjlbx,

Thanks for the reply. I agree with you. :)

We must watch different reviews about products (by test labs and by individual reviewers on YouTube). It is also good to make own research about product. Every computer/system is different and one of the best method is to personally test out security product.

In my opinion Zemana made a lot of good work recently and I like their products and staff (friendly and helpful). :)

Regards,
Kardo
 
H

hjlbx

Hi @hjlbx,

Thanks for the reply. I agree with you. :)

We must watch different reviews about products (by test labs and by individual reviewers on YouTube). It is also good to make own research about product. Every computer/system is different and one of the best method is to personally test out security product.

In my opinion Zemana made a lot of good work recently and I like their products and staff (friendly and helpful). :)

Regards,
Kardo

Zemana is a competent company and their products are solid within the parameters of what they are designed to do.

Too much of security soft testing results in and engenders hyperbole. Stick to the fundamentals and things just generally work out... just like in life.
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
The Wilders thread was closed by a Moderator 7 minutes ago:rolleyes:
Yep basically said they can close whatever they want for any reason they want and they don't have to even tell why because TOS said so. Guess will stop posting there if it's not absolutely necessary.
Items were brought up in posts that are best handled in private between all parties involved, and as part of our Terms of Service, we always reserve the right to remove any content, for any reason, and with forum management decisions being final, these posts are not open for public debate.

Thread now closed.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top