I want to expand on this post as the MRG test is quite unique when compared to most testing that looks at the efficacy of an AV solution.
MRG's test is broken into two main categories. The first looks at browser security features, similar to Webroot's Identity Shield, and uses custom simulators designed from recently reverse engineered trojans in the wild. This step is rather important as using real live trojans causes many issues when trying to analyze whether data capture and exfiltration actually took place. The reason is that trojans are very careful about how data is collected and encrypted before being exfiltrated. Creating simulations which use the identical techniques found in real, in the wild, trojans is a fantastic approach to being able to evaluate browser security technology.
So, how did Webroot SecureAnywhere perform in the browser security test?
As the above chart shows, WSA successfully prevented all four simulated attacks against the browser which is great validation of this advanced compromise prevention technology. It is also worth mentioning that there are some big name vendors in this list who did not pass all tests.
The next part of MRG's test looks at detection of the most prevalent financial trojan, Zeus. While Zeus has been around for over 5 years, the public release of its source code in 2009, followed by two major variant updates, has helped the Zeus family of trojans remain in the # 1 spot for most often discovered financial malware. Today's Zeus variant is very short lived in the wild. Our research shows that the average variant infects less than 20 PC's and is active in the wild for less than 24 hours. Additionally, the trojan compiler is very well designed and is able to circumvent traditional signature technology.
It is these reasons that MRG chose this trojan for their financial malware detection test.
The test used 100 very recent samples which spanned the three major variants of the Zeus trojan.
So, how did Webroot SecureAnywhere perform in the Zeus detection test?
Again, a perfect score and great validation that our unique approach to discovering and rapidly classifying new threats works! And, again, some big name vendors who didn't do so well.
MRG plans to run this test on a quarterly basis moving forward.
Webroot applauds MRG for its innovative approach to evaluating new security features in today's AV products as they truly understand that a simple detection test is no longer sufficient when measuring the true efficacy of a product.
Be sure to let me know if you have any questions about this test, or any other tests where Webroot participates.