Jump to content

Does MBAM use Reputation-based detection?

joe53
 Share

Recommended Posts

joe53

joe53

Posted
Posted

I ask because of this article about NSS tests of security suites, and their ability to block web-based attacks using reputation-based detection techniques:

http://www.computerworld.com/s/article/913...ally_does_count

I'm not a fan of suites (jack of all trades, master of none) and have always "rolled my own", with MBAM (or Windows Defender) as my resident anti-malware. NSS did not include MBAM in its rather limited testing, which was restricted to only 9 commercial suites.

I know that my NOD32 AV does not include reputation-based detection, hence my question.

Link to post
Share on other sites
GT500

GT500

Posted
Posted

Three of the worst anti-virus softwares in the world scored in the top four?

Comparative tests of AV software is nothing but a waste of time. Not only do most of them do it wrong, but they always wind up promoting the AV's that everyone knows are terrible.

As far as our detection algorithms, those are kept secret from even me, so I can't spill the beans. :blink:

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted

As a rule of thumb you can ignore any test where multiple contestants score in the upper 90s% . Malware testing is as a whole collected sample based , not directly pulled from web based . Until that changes the results are only a measure of how efficient their legacy defs department is . Think of it this way . Lets say you have 1,000,000 samples from the last 5 years and a scanner detects 999,000 of them , that is 99.9% , awesome huh , not really . What if the 1000 missed all were coded within the last 30 days . The way testing is done completely factors the most critical factor out of the equation .

Link to post
Share on other sites
joe53

joe53

Posted
  • Author
Posted

With all due respect, GT500, I don't discount all reputable independent AV tests. And I think NSS is both reputable and independent. I'm not talking about comparatives from some magazine tests here, which are tainted by advertising pressures.

AV-comparatives consistently rates Kaspersky and NOD32 as top-notch products, and this is consistent with my experience. Ditto for VB100 certifications. Do you discount their testing also? Comparative testing has its limits, but surely it has some utility. Without it, we are at the mercy of the snake-oil salesmen.

The NSS tests looked at only one aspect of protection (web-based attacks) and I would never advocate purchasing any product based on this alone. And I agree that I would never allow 3 of the 4 top-rated NSS products on my PC, based on other considerations and criteria.

But web-based attacks are increasingly a vector of infection. I'm a big fan of MBAM, but I didn't think my original question posed any threat to MBAM's proprietary secrets! I will take these responses as a "no" to my question.

@nosirrah: These tests (as I understand them) were based on recent websites downloading malware. They were "web-based", not signature or definition based.

@yardbird: Congratulations to MBAM.

Link to post
Share on other sites
GT500

GT500

Posted
Posted
With all due respect, GT500, I don't discount all reputable independent AV tests. And I think NSS is both reputable and independent. I'm not talking about comparatives from some magazine tests here, which are tainted by advertising pressures.

AV-comparatives consistently rates Kaspersky and NOD32 as top-notch products, and this is consistent with my experience. Ditto for VB100 certifications. Do you discount their testing also? Comparative testing has its limits, but surely it has some utility. Without it, we are at the mercy of the snake-oil salesmen.

And yet the three worst AV protection products in the world still managed to make the top four list. That does not instill me with confidence in their testing methods.

It's highly likely that either the list of sites was pulled from well known sources (such as MalwareDomainList or hpHosts), or that whoever supplied the list had already submitted the list to various vendors. It's also more than likely that the sites on the list were not the latest and nastiest malicious sites, but many were outdated and running off of servers where the hosting company refuses to cancel accounts that are being abused.

I put 0% faith in comparative AV tests unless I do them on my own test setup.

Link to post
Share on other sites
joe53

joe53

Posted
  • Author
Posted

GT500:

I am not a professional tester, but I did take the trouble to access the NSS website, and registered to read the original report in its entirety before posting here. It looks to me like they took great lengths to ensure all malicious URLs were current and active. Their methodology was described in great detail, and I can recommend you read it before dismissing their findings out of hand. I would be most interested in your opinion.

It was not my intention to recommend the AVs that NSS found best at blocking these malicious websites. Frankly, I wouldn't allow any but Kaspersky on my PC. But I was open to the concept that they might have a good thing going in at least one aspect of their protection. As a research scientist (not computer related) I am curious, keep an open mind, yet remain a skeptic. And I ask questions, some of which are actually answered on occasion.

MBAM works for me, even if I don't know how it works its wonders ...

Best regards.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.