Current overall results for MRG Flash Test Project 2011
| Program | Samples | Passed | Failed |
| Avira | 80 | 43 | 37 |
| Avast | 80 | 46 | 34 |
| AVG | 80 | 39 | 41 |
| BitDefender | 80 | 35 | 45 |
| BluePoint Security | 28 | 21 | 7 |
| Coranti | 48 | 31 | 17 |
| DefenseWall | 80 | 80 | 0 |
| Emsisoft | 80 | 76 | 4 |
| Eset | 80 | 51 | 29 |
| F-Secure | 80 | 34 | 46 |
| G Data | 80 | 47 | 33 |
| Immunet | 80 | 53 | 27 |
| Kaspersky | 80 | 51 | 29 |
| Malwarebytes | 80 | 75 | 5 |
| McAfee | 80 | 35 | 45 |
| Microsoft | 80 | 14 | 66 |
| Norton | 80 | 58 | 22 |
| PC Tools | 32 | 1 | 31 |
| Panda | 80 | 43 | 37 |
| Prevx/Webroot | 80 | 56 | 24 |
| GFI | 80 | 66 | 14 |
| SUPERAntispyware | 80 | 20 | 60 |
| Zemana | 79 | 68 | 11 |
List of participants:
1. Avira AntiVir Premium
2. Avast Antivirus Professional Edition
3. AVG Antivirus
4. BitDefender Antivirus
5. BluePoint Security
6. Emsisoft Anti-Malware
7. Eset Nod32 Antivirus
8. F-Secure Antivirus
9. G Data Antivirus
10. Immunet Protect Plus
11. Kaspersky Antivirus
12. Microsoft Security Essentials
13. McAfee Antivirus Plus
14. Norton Antivirus
15. Panda Antivirus
16. PCTools Spyware Doctor with Antivirus
17. Prevx/ Webroot SecureAnywhere Antivirus
18. Sunbelt VIPRE Antivirus Premium
19. Malwarebytes Anti-Malware (with real time)
20. SUPERAntispyware Professional Edition
21. DefenseWall HIPS
22. Zemana Anti-Logger
23. Coranti Multi-Engine Anti-Virus & Anti-Spyware
The Methodology:
The purpose of MRG flash tests is to assess how security applications react to zero day – early life threats. In our experience, the vast majority of ITW infections are caused by malware less than a week old, even though these make up a small proportion of the total population.
In these tests we will be using samples taken directly from live URLs. All samples are analysed in our labs to determine their type and confirm their malicious nature.
We have created a simple methodology to emulate how these zero day threats could infect a system in the real world.
The samples are downloaded from their native URLs via Internet Explorer to test systems with active security software installed. The Security applications will have up to four chances of passing the test by achieving any one of the following:
1) Detecting the sample upon download
2) Detecting the sample downloaded to the desktop during an on demand scan
3) Detecting and blocking execution of the sample on the desktop
4) In the case of financial malware, preventing data breach by any active sample.
All tests are conducted on a clean Windows 7 32 VM, with all updates applied.
All security applications are installed with default settings and the most recent build and signatures used in each test.
Project started on: 27.01.2011
Project ended on: – 25.12.2011
List of samples used so far:
Unknown KeyLogger
TDL3
Ranky
Zeus
LdPinch
TDL4
Unknown Trojan Dropper
QQPass
SpyEye
Banker
TDL3
Refroso
Unknown Trojan Dropper
Banker
Unknown Trojan Dropper
Zeus
TDL4
Zeus
TDL4
Unknown Trojan
Zeus
Banker
TDL4
FakeAlert
Zeus
Menti
AutoIt
FakeAV
Bancos
Unknown Trojan Dropper
Zeus
TDSS
Hiloti
TDSS
FakeAlert
FakeAV
Zeus
Banker
Inject
AutoIt
Banker
Zeus
Buzus
FakeAlert
Zeus
SpyEye
Banker
Banbra
Jorik
SpyEye
Ransom
StartPage
Banker
Inject
Qhost
Zeus
Ransom
Ransom
Ransom
Ransom
Buzus
Carberp
Monder
Ruskill
SpyEye
TDSS
VBInject
Zeus
ZAccess
Tibia
Kbot
Ransom
Tests performed 24h later will not be listed in the results table.