That's 100% correct, but no, the forum will be all for this amazing piece of software that can stop what no other can??? Government hacking.... Edward Snowden is probably in contact with Melih so they can both develop an advanced APT kit that all enterprise's will want.....
I read the full reports - including the spreadsheets that show the results.
Comodo Internet Security and Emsisoft Anti-Malware were the only two security softs that alerted to all attempted installs on all tested systems (w\different OS versions). TrustPort Internet Security did well too.
FinFisher when installed on certain Windows versions was able to "heart-beat" - and as far as I can recall, Comodo and EAM couldn't stop it. The exact technical details of whether or not the "heart-beat" posed any kind of security risk with Comodo or EAM installed is unclear to me = read the full reports for yourself. "Heart-Beat" = ET Call Home - that's it; probably just pings C&C to let it know that it is installed and functional\operational.
All three (Comodo, Emsi and TrustPort) are HIPS-based systems (Emsi quasi-HIPS). All those documents prove is that each one has HIPS that can detect the specific system changes made by the FinFisher installer - that's it; the results are not a confirmation that each soft is the overall "best, of the best, of the best... Sir !"
I wouldn't even go so far as to conclude that Comodo, EAM and TrustPort have "Best-of-Class" HIPS capabilities, but I am confident that each one is more capable than the average HIPS. That's as far as I am willing to wager...
Although, Melih uses word games - just like any other AV's marketing tactics - to make a user\potential user think that is the case.
All this debate is meaningless - since Gamma International (FinFisher Reconnaissance Suite author) has probably developed a way to by-pass Comodo and EAM by this point in time. In fact, that was the whole point of the tests - to pentest each of the AVs - and determine which ones should be further targeted for bypass.
I am not Enemy-of-the-State No. 1 - so I don't worry about it.
Start worrying about it when Organized Crime gets their hands on the coding - or develops their own - that allows wide-spread hidden, undetectable installs of reconnaissance-type softs. Some would argue that they already have it - using roorkits, undetected Trojans, etc. What I am talking about is the most extreme high-level coding that avoids detection for years - like Enigma group's work. OC gets to this same level = it is probable that all of our "Gooses are cooked" regardless of what AV we use.
