SlideShare une entreprise Scribd logo

Mrg effitas-online-banking-browser-security-assessment-project-q2-20132 (1)

Комсс Файквэе
Комсс Файквэе

Mrg effitas-online-banking-browser-security-assessment-project-q2-20132 (1)

Technologie
1  sur  8
Télécharger pour lire hors ligne
MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 Results Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 1
MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 Contents: Introduction 3 The Purpose of this Project 3 Tests employed 3 Security Applications Tested 4 Methodology Used in the Test 4 Test Results 6 Certifications 7 Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 2
MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 Introduction: MRG Effitas has published an Online Banking Browser Security report every year for the last four years. In 2013 and beyond, this single report is replaced by quarterly assessments. This report is the assessment for Q2 2013, with the programme running from start of Q2 2013 to end of Q1 2014. Whilst, this report sits in much the same space as our previous annual reports, it is hoped that in being quarterly, we will be able to give more up to date information and assessments against threats that are prevalent during that particular period. The Purpose of this Report: What is at the core of our testing and on-going research is the belief that cybercrime is the most significant threat faced by nation states and the most prevalent crime affecting corporations and individuals. This fact has recently been acknowledged by the governments of all major countries and most are now implementing strategies, policies and allocating resources in order to counter these threats. To put the scale of the problem in perspective, cybercrime is now estimated to have an annual global value of $250 billion and is set to overtake the revenues of all international drug crime which currently has the highest turnover. Another metric we can use is the drastic increase in the volume and diversity of malware found in the wild. MRG Effitas is currently processing over 350,000 unique malicious binaries and up to 500,000 malicious URLs every day and supplying these to our clients and other testing labs in an attempt to protect against them. Aside from supplying zero day threats to clients and labs, our belief is that the most significant way in which we can help in the fight against cybercrime is in the accurate and relevant assessment of product efficacy. MRG Effitas has been working with the IEEE, other testing labs and universities in an attempt to devise a set of testing standards that will allow the accurate and relevant measurement of today’s security products and also those that will be released in the next ten years in the new emerging computing model. It is vitally important that protection technologies evolve and improve – but how are we to achieve this if we are unable to accurately measure their efficacy against current and emerging threats? Product improvement can’t be achieved without the ability to measure real world performance. The purpose of this and our other reports is to be part of that process of measurement for the sake of improvement and efficacy assurance. Tests Employed: Applied metrology is complicated and imprecise science and in the light of this, we position this and all our other work as the best assessments we can currently perform and not as an absolute or definitive determination. In this quarters report, we ran two types of test: Detection and blocking of Zeus. Zeus is still by far and away the most prevalent type of financial malware and is continually evolving to avoid detection and circumvent countermeasures employed by banks and security vendors. Over the Q2 period, we tested a total of 100 Zeus samples, all from live URLs, which were in three main strains that emerged over the period. Prevention of data exfiltration from ssl protected banking sites. Whilst detection is still a valuable metric, in itself it is not enough to determine real world efficacy as there will be instances where a system is compromised Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 3
MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 before a security solution is installed or occasions where malware will bypass a preinstalled product. In these cases we need to be able to measure if active malware is able to perform data exfiltration or not. MRG Effitas has a range of simulators which employ MitB attacks which have been used by financial malware and wider crimeware that we have reverse engineered.i Over the Q2 period, we used our simulators to test the security products in the cohort against four unique MitB attacks. Security Applications Tested: • avast! Internet Security 8.0 • AVG Internet Security 2013 • BitDefender Internet Security 2013 • Emsisoft Anti-Malware 8.0 • ESET Smart Security 6.0 • F-Secure Internet Security 2013 • GFI VIPRE Internet Security 2013 • Kaspersky Internet Security 2013 • McAfee Internet Security 2013 • Microsoft Security Essentials 4.2 • Panda Internet Security 2013 • Quarri Protect on Q 3.2 • SoftSphere DefenseWall 3.22ii • SourceFire Immunet Antivirus Plus 3.1 • Symantec Norton Internet Security 2013 • Threatmetrix TrustDefender Pro Gold Edition • Trend Micro Titanium Internet Security 2013 • Trusteer Rapport Emerald Build 1208.34 • Webroot SecureAnywhere 8.02 • Wontok SafeCentral 3.0 • Zemana AntiLogger 1.92 Methodology Used in the Test: 1. Windows 7 Ultimate Service Pack 1 64 bit operating system is installed on a virtual machine and all updates are applied and third party applications installed and updated according to our “Average Endpoint Specification”iii 2. An image of the operating system is created. 3. A clone of the imaged systems is made for each of the security applications to be used in the test. 4. An individual security application is installed using default settings on each of the systems created in 4 and then, where applicable, is updated. 5. A clone of the system as it is at the end of 4 is created. 6. Each Simulator test is conducted by: a. Downloading the simulator using Internet Explorer to the desktop, closing Internet Explorer and then executing the simulator. b. Starting a new instance of Internet Explorer and navigating to www.paypal.com.iv c. Text is entered into the Account login page of www.paypal.com using the keyboard, or using a virtual keyboard if the application under test provides such functionality and then the “log in” button is pressed. 7. A test is deemed to have been passed by the following criteria: a. The security application detects the simulator whilst it is being downloaded to the desktop. Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 4
MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 b. The security application detects the simulator when it is executed according to the following criteria: i. It identifies the simulator as being malicious and either automatically blocks it or postpones its execution and warns the user that the file is malicious and awaits user input. ii. It identifies the simulator as suspicious or unknown and gives the option to run in a sandbox or safe restricted mode and when run in this mode it meets the criteria c or d below. c. The security application prevents the simulator from capturing and sending the logon data to the MRG results page or local store location, whilst giving no alerts or informational alerts only. d. The security application intercepts the installation/action of the simulator and displays warnings and user action input requests that are clearly different to those displayed in response to legitimate applications, when they are executed or installed on that system. 8. A test is deemed to have been failed by the following criteria: a. The security application fails to detect the simulator when it is executed and then: i. The security application fails to prevent the simulator from capturing and sending the logon data to the MRG results page or local store location and gives no, or informational alerts only. ii. The security application intercepts the installation/action of the simulator but displays warnings and user action input requests that are indistinguishable in meaning from those displayed in response to legitimate applications, when they are executed or installed on that system. b. The security application identifies the simulator as suspicious or unknown and gives the option to run in a sandbox or safe restricted mode and when run in this mode it: i. Fails to prevent the simulator from capturing and sending the logon data to the MRG results page or local store and gives no, or informational alerts only. ii. Displays warnings and user action input requests that are indistinguishable in meaning from those displayed in response to legitimate applications, when they are executed or installed on that system. 9. Each Zeus test is conducted by: a. Downloading the Zeus binary from its native URL using Internet Explorer to the desktop, closing Internet Explorer and then executing the binary 10. A test is deemed to have been passed by the following criteria: a. The security application blocks the URL where the Zeus binary is located. b. The security application detects and blocks the simulator whilst it is being downloaded to the desktop. c. the security application detects the simulator when it is executed according to the following criteria: i. It identifies the simulator as being malicious and either automatically blocks it or postpones its execution and warns the user that the file is malicious and awaits user input. ii. In the case of products that only provide a secure browser, the security application alerts that the system is compromised and will not allow the user to initiate a banking session at the location detailed in 6c above. 11. A test is deemed to have been failed by the following criteria: a. The security application fails to detect or block the binary at any stage in 9a and allows it to be executed. 12. A test result is deemed to be undetermined by the following criteria: a. In the case of products that only provide a secure browser or secure desktop, the security application does not alert that the system is compromised and will allow the user to initiate a banking session at the location detailed in 6c above.v Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 5
MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 13. Testing is conducted with all systems having internet access. 14. Each individual test for each security application is conducted from a unique IP address. 15. All security applications are fully functional unregistered versions or versions registered anonymously, with no connection to MRG Effitas. 16. All testing was conducted during Q2 2013. Test Results: The table below shows the results of testing using the simulators employing reverse engineered MitB Attacks P The application prevented the simulator from capturing data F The application failed to prevent the simulator from capturing data Security Application FMA01 FMA02 FMA03 FMA04 Overall Avast P P P P AVG P F F F BitDefender P P P P DefenseWall P P P P Emsisoft P P P P ESET F F F F F-Secure F F F F GFI P F F F Kaspersky P P P P McAfee P F F F Microsoft F F F F Panda F F F F Quarri P P P P SourceFire P F F F Symantec P F F P TrendMicro P F F P ThreatMetrix F F F F Trusteer P P P P Webroot P P P P Wontok P P P F Zemana P P P P Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 6
MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 The graph below shows the detection / blocking results for the 100 ITW Zeus samples used Note, ThreatMetrix and Wontok are not included in this test as neither offers detection. Certification: In order to be attain the MRG Online Banking Browser Security Certification, a product must pass every test during the quarter. Applications which meet this specification will be given the certification for that quarter. The MRG Effitas Online Banking Browser Security Certification for Q2 2013 is awarded to the following products: • avast! Internet Security 8.0 • BitDefender Internet Security 2013 • SoftSphere DefenseWall 3.22 • Emsisoft Anti-Malware 8.0 • Kaspersky Internet Security 2013 • Quarri Protect on Q 3.2 • Trusteer Rapport 1208.34 • Webroot SecureAnywhere 8.02 • Zemana AntiLogger 1.92 Certifications for Q3 2013 will be announced in the second week of Q4 when our second report will be published. Security Application Detection % Avast 100 BitDefender 100 DefenseWall 100 Emsisoft 100 Kaspersky 100 Quarri 100 TrendMicro 100 Trusteer 100 Webroot 100 Zemana 100 F-Secure 98 SourceFire 98 Symantec 98 ESET 96 AVG 93 GFI 92 Panda 91 McAfee 89 Microsoft 74 Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 7
MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 i It is necessary to use simulators with reverse engineered MitB attacks as testing using real financial malware which rely on ITW C&C servers is unlawful under the Computer Misuse act in the UK as it requires that malicious code is run on a third parties computer without their knowledge or consent. ii DefenseWall was tested on Windows 7 32 bit. iii AES includes Adobe Flash, Reader, Microsoft Office 2007 & Firefox, all fully updated. iv Where the security application offers a secured or dedicated banking browser, this is used v Note, this classification does not represent a failure. Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 8

Recommandé

Sql ch 15 - sql security
Sql ch 15 - sql securitySql ch 15 - sql security
Sql ch 15 - sql securityMukesh Tekwani
 
Wi max tutorial
Wi max tutorialWi max tutorial
Wi max tutorialAbhishek Kesharwani
 
Channel estimation for high data rate communication in mobile wi max system
Channel estimation for high data rate communication in mobile wi max systemChannel estimation for high data rate communication in mobile wi max system
Channel estimation for high data rate communication in mobile wi max systemIAEME Publication
 
Sql security
Sql securitySql security
Sql securitySafwan Hashmi
 
Linux and IBM System z Technology
Linux and IBM System z TechnologyLinux and IBM System z Technology
Linux and IBM System z TechnologyIBM India Smarter Computing
 
Web Security: SQL Injection
Web Security: SQL InjectionWeb Security: SQL Injection
Web Security: SQL InjectionVortana Say
 
FINAL SEMINAR REPORT OF RASPBERRY PI
FINAL SEMINAR REPORT OF RASPBERRY PIFINAL SEMINAR REPORT OF RASPBERRY PI
FINAL SEMINAR REPORT OF RASPBERRY PIGANESH GOVIND BHOR
 
Browser security — ROOTS
Browser security — ROOTSBrowser security — ROOTS
Browser security — ROOTSAndre N. Klingsheim
 

Recommandé

Sql ch 15 - sql security
Sql ch 15 - sql securitySql ch 15 - sql security
Sql ch 15 - sql securityMukesh Tekwani
 
Wi max tutorial
Wi max tutorialWi max tutorial
Wi max tutorialAbhishek Kesharwani
 
Channel estimation for high data rate communication in mobile wi max system
Channel estimation for high data rate communication in mobile wi max systemChannel estimation for high data rate communication in mobile wi max system
Channel estimation for high data rate communication in mobile wi max systemIAEME Publication
 
Sql security
Sql securitySql security
Sql securitySafwan Hashmi
 
Linux and IBM System z Technology
Linux and IBM System z TechnologyLinux and IBM System z Technology
Linux and IBM System z TechnologyIBM India Smarter Computing
 
Web Security: SQL Injection
Web Security: SQL InjectionWeb Security: SQL Injection
Web Security: SQL InjectionVortana Say
 
FINAL SEMINAR REPORT OF RASPBERRY PI
FINAL SEMINAR REPORT OF RASPBERRY PIFINAL SEMINAR REPORT OF RASPBERRY PI
FINAL SEMINAR REPORT OF RASPBERRY PIGANESH GOVIND BHOR
 
Browser security — ROOTS
Browser security — ROOTSBrowser security — ROOTS
Browser security — ROOTSAndre N. Klingsheim
 
10th samacheer kalvi english i important questions
10th samacheer kalvi english i important questions10th samacheer kalvi english i important questions
10th samacheer kalvi english i important questionsWelcome Trsao
 
Browser Security
Browser SecurityBrowser Security
Browser SecurityRoberto Suggi Liverani
 
Sslc social-5-model-question-papers-english-medium
Sslc social-5-model-question-papers-english-mediumSslc social-5-model-question-papers-english-medium
Sslc social-5-model-question-papers-english-mediummohanavaradhan777
 
Sslc english-first-and-second-paper-5-model-question-papers
Sslc english-first-and-second-paper-5-model-question-papersSslc english-first-and-second-paper-5-model-question-papers
Sslc english-first-and-second-paper-5-model-question-papersmohanavaradhan777
 
Python reading and writing files
Python reading and writing filesPython reading and writing files
Python reading and writing filesMukesh Tekwani
 
Trusteer Rapport – Browser Security - How It Works
Trusteer Rapport – Browser Security - How It WorksTrusteer Rapport – Browser Security - How It Works
Trusteer Rapport – Browser Security - How It Workstrusteer
 
E-BALL TECHNOLOGY SEMINAR REPORT
E-BALL TECHNOLOGY SEMINAR REPORTE-BALL TECHNOLOGY SEMINAR REPORT
E-BALL TECHNOLOGY SEMINAR REPORTVikas Kumar
 
Web Browsers
Web BrowsersWeb Browsers
Web BrowsersAahmed Hussain
 
E ball seminar
E ball seminarE ball seminar
E ball seminarjomin mathew
 
Rasberry pi
Rasberry pi Rasberry pi
Rasberry piGANESH GOVIND BHOR
 
Ksb 2013 ru
Ksb 2013 ruKsb 2013 ru
Ksb 2013 ruКомсс Файквэе
 
Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013Комсс Файквэе
 
Rp data breach-investigations-report-2013-en_xg
Rp data breach-investigations-report-2013-en_xgRp data breach-investigations-report-2013-en_xg
Rp data breach-investigations-report-2013-en_xgКомсс Файквэе
 
Apwg trends report_q2_2013
Apwg trends report_q2_2013Apwg trends report_q2_2013
Apwg trends report_q2_2013Комсс Файквэе
 
Mobile threat report_q3_2013
Mobile threat report_q3_2013Mobile threat report_q3_2013
Mobile threat report_q3_2013Комсс Файквэе
 
Scimp paper
Scimp paperScimp paper
Scimp paperКомсс Файквэе
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attackКомсс Файквэе
 
Hta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingHta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingКомсс Файквэе
 
Analitika web 2012_positive_technologies
Analitika web 2012_positive_technologiesAnalitika web 2012_positive_technologies
Analitika web 2012_positive_technologiesКомсс Файквэе
 
B istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usB istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usКомсс Файквэе
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013Комсс Файквэе
 
B intelligence report-08-2013.en-us
B intelligence report-08-2013.en-usB intelligence report-08-2013.en-us
B intelligence report-08-2013.en-usКомсс Файквэе
 

Contenu connexe

En vedette

10th samacheer kalvi english i important questions
10th samacheer kalvi english i important questions10th samacheer kalvi english i important questions
10th samacheer kalvi english i important questionsWelcome Trsao
 
Sslc social-5-model-question-papers-english-medium
Sslc social-5-model-question-papers-english-mediumSslc social-5-model-question-papers-english-medium
Sslc social-5-model-question-papers-english-mediummohanavaradhan777
 
Sslc english-first-and-second-paper-5-model-question-papers
Sslc english-first-and-second-paper-5-model-question-papersSslc english-first-and-second-paper-5-model-question-papers
Sslc english-first-and-second-paper-5-model-question-papersmohanavaradhan777
 
Python reading and writing files
Python reading and writing filesPython reading and writing files
Python reading and writing filesMukesh Tekwani
 
Trusteer Rapport – Browser Security - How It Works
Trusteer Rapport – Browser Security - How It WorksTrusteer Rapport – Browser Security - How It Works
Trusteer Rapport – Browser Security - How It Workstrusteer
 
E-BALL TECHNOLOGY SEMINAR REPORT
E-BALL TECHNOLOGY SEMINAR REPORTE-BALL TECHNOLOGY SEMINAR REPORT
E-BALL TECHNOLOGY SEMINAR REPORTVikas Kumar
 

En vedette (10)

10th samacheer kalvi english i important questions
10th samacheer kalvi english i important questions10th samacheer kalvi english i important questions
10th samacheer kalvi english i important questions
 
Browser Security
Browser SecurityBrowser Security
Browser Security
 
Sslc social-5-model-question-papers-english-medium
Sslc social-5-model-question-papers-english-mediumSslc social-5-model-question-papers-english-medium
Sslc social-5-model-question-papers-english-medium
 
Sslc english-first-and-second-paper-5-model-question-papers
Sslc english-first-and-second-paper-5-model-question-papersSslc english-first-and-second-paper-5-model-question-papers
Sslc english-first-and-second-paper-5-model-question-papers
 
Python reading and writing files
Python reading and writing filesPython reading and writing files
Python reading and writing files
 
Trusteer Rapport – Browser Security - How It Works
Trusteer Rapport – Browser Security - How It WorksTrusteer Rapport – Browser Security - How It Works
Trusteer Rapport – Browser Security - How It Works
 
E-BALL TECHNOLOGY SEMINAR REPORT
E-BALL TECHNOLOGY SEMINAR REPORTE-BALL TECHNOLOGY SEMINAR REPORT
E-BALL TECHNOLOGY SEMINAR REPORT
 
Web Browsers
Web BrowsersWeb Browsers
Web Browsers
 
E ball seminar
E ball seminarE ball seminar
E ball seminar
 
Rasberry pi
Rasberry pi Rasberry pi
Rasberry pi
 

Plus de Комсс Файквэе

Rp data breach-investigations-report-2013-en_xg
Rp data breach-investigations-report-2013-en_xgRp data breach-investigations-report-2013-en_xg
Rp data breach-investigations-report-2013-en_xgКомсс Файквэе
 
Hta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingHta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingКомсс Файквэе
 

Plus de Комсс Файквэе (20)

Ksb 2013 ru
Ksb 2013 ruKsb 2013 ru
Ksb 2013 ru
 
Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013Rp quarterly-threat-q3-2013
Rp quarterly-threat-q3-2013
 
Rp data breach-investigations-report-2013-en_xg
Rp data breach-investigations-report-2013-en_xgRp data breach-investigations-report-2013-en_xg
Rp data breach-investigations-report-2013-en_xg
 
Apwg trends report_q2_2013
Apwg trends report_q2_2013Apwg trends report_q2_2013
Apwg trends report_q2_2013
 
Mobile threat report_q3_2013
Mobile threat report_q3_2013Mobile threat report_q3_2013
Mobile threat report_q3_2013
 
Scimp paper
Scimp paperScimp paper
Scimp paper
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
 
Hta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijackingHta t07-did-you-read-the-news-http-request-hijacking
Hta t07-did-you-read-the-news-http-request-hijacking
 
Analitika web 2012_positive_technologies
Analitika web 2012_positive_technologiesAnalitika web 2012_positive_technologies
Analitika web 2012_positive_technologies
 
B istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usB istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-us
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
 
B intelligence report-08-2013.en-us
B intelligence report-08-2013.en-usB intelligence report-08-2013.en-us
B intelligence report-08-2013.en-us
 
Dtl 2013 q2_home.1.2
Dtl 2013 q2_home.1.2Dtl 2013 q2_home.1.2
Dtl 2013 q2_home.1.2
 
Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012Rp quarterly-threat-q1-2012
Rp quarterly-threat-q1-2012
 
Kaspersky lab av_test_whitelist_test_report
Kaspersky lab av_test_whitelist_test_reportKaspersky lab av_test_whitelist_test_report
Kaspersky lab av_test_whitelist_test_report
 
The modern-malware-review-march-2013
The modern-malware-review-march-2013 The modern-malware-review-march-2013
The modern-malware-review-march-2013
 
Dtl 2012 kl-app_ctl1.2
Dtl 2012 kl-app_ctl1.2Dtl 2012 kl-app_ctl1.2
Dtl 2012 kl-app_ctl1.2
 
Panda labs annual-report-2012
Panda labs annual-report-2012Panda labs annual-report-2012
Panda labs annual-report-2012
 
H02 syllabus
H02 syllabusH02 syllabus
H02 syllabus
 
Course reader-title
Course reader-titleCourse reader-title
Course reader-title
 

Dernier

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Dernier (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Mrg effitas-online-banking-browser-security-assessment-project-q2-20132 (1)

  • 1. MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 Results Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 1
  • 2. MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 Contents: Introduction 3 The Purpose of this Project 3 Tests employed 3 Security Applications Tested 4 Methodology Used in the Test 4 Test Results 6 Certifications 7 Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 2
  • 3. MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 Introduction: MRG Effitas has published an Online Banking Browser Security report every year for the last four years. In 2013 and beyond, this single report is replaced by quarterly assessments. This report is the assessment for Q2 2013, with the programme running from start of Q2 2013 to end of Q1 2014. Whilst, this report sits in much the same space as our previous annual reports, it is hoped that in being quarterly, we will be able to give more up to date information and assessments against threats that are prevalent during that particular period. The Purpose of this Report: What is at the core of our testing and on-going research is the belief that cybercrime is the most significant threat faced by nation states and the most prevalent crime affecting corporations and individuals. This fact has recently been acknowledged by the governments of all major countries and most are now implementing strategies, policies and allocating resources in order to counter these threats. To put the scale of the problem in perspective, cybercrime is now estimated to have an annual global value of $250 billion and is set to overtake the revenues of all international drug crime which currently has the highest turnover. Another metric we can use is the drastic increase in the volume and diversity of malware found in the wild. MRG Effitas is currently processing over 350,000 unique malicious binaries and up to 500,000 malicious URLs every day and supplying these to our clients and other testing labs in an attempt to protect against them. Aside from supplying zero day threats to clients and labs, our belief is that the most significant way in which we can help in the fight against cybercrime is in the accurate and relevant assessment of product efficacy. MRG Effitas has been working with the IEEE, other testing labs and universities in an attempt to devise a set of testing standards that will allow the accurate and relevant measurement of today’s security products and also those that will be released in the next ten years in the new emerging computing model. It is vitally important that protection technologies evolve and improve – but how are we to achieve this if we are unable to accurately measure their efficacy against current and emerging threats? Product improvement can’t be achieved without the ability to measure real world performance. The purpose of this and our other reports is to be part of that process of measurement for the sake of improvement and efficacy assurance. Tests Employed: Applied metrology is complicated and imprecise science and in the light of this, we position this and all our other work as the best assessments we can currently perform and not as an absolute or definitive determination. In this quarters report, we ran two types of test: Detection and blocking of Zeus. Zeus is still by far and away the most prevalent type of financial malware and is continually evolving to avoid detection and circumvent countermeasures employed by banks and security vendors. Over the Q2 period, we tested a total of 100 Zeus samples, all from live URLs, which were in three main strains that emerged over the period. Prevention of data exfiltration from ssl protected banking sites. Whilst detection is still a valuable metric, in itself it is not enough to determine real world efficacy as there will be instances where a system is compromised Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 3
  • 4. MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 before a security solution is installed or occasions where malware will bypass a preinstalled product. In these cases we need to be able to measure if active malware is able to perform data exfiltration or not. MRG Effitas has a range of simulators which employ MitB attacks which have been used by financial malware and wider crimeware that we have reverse engineered.i Over the Q2 period, we used our simulators to test the security products in the cohort against four unique MitB attacks. Security Applications Tested: • avast! Internet Security 8.0 • AVG Internet Security 2013 • BitDefender Internet Security 2013 • Emsisoft Anti-Malware 8.0 • ESET Smart Security 6.0 • F-Secure Internet Security 2013 • GFI VIPRE Internet Security 2013 • Kaspersky Internet Security 2013 • McAfee Internet Security 2013 • Microsoft Security Essentials 4.2 • Panda Internet Security 2013 • Quarri Protect on Q 3.2 • SoftSphere DefenseWall 3.22ii • SourceFire Immunet Antivirus Plus 3.1 • Symantec Norton Internet Security 2013 • Threatmetrix TrustDefender Pro Gold Edition • Trend Micro Titanium Internet Security 2013 • Trusteer Rapport Emerald Build 1208.34 • Webroot SecureAnywhere 8.02 • Wontok SafeCentral 3.0 • Zemana AntiLogger 1.92 Methodology Used in the Test: 1. Windows 7 Ultimate Service Pack 1 64 bit operating system is installed on a virtual machine and all updates are applied and third party applications installed and updated according to our “Average Endpoint Specification”iii 2. An image of the operating system is created. 3. A clone of the imaged systems is made for each of the security applications to be used in the test. 4. An individual security application is installed using default settings on each of the systems created in 4 and then, where applicable, is updated. 5. A clone of the system as it is at the end of 4 is created. 6. Each Simulator test is conducted by: a. Downloading the simulator using Internet Explorer to the desktop, closing Internet Explorer and then executing the simulator. b. Starting a new instance of Internet Explorer and navigating to www.paypal.com.iv c. Text is entered into the Account login page of www.paypal.com using the keyboard, or using a virtual keyboard if the application under test provides such functionality and then the “log in” button is pressed. 7. A test is deemed to have been passed by the following criteria: a. The security application detects the simulator whilst it is being downloaded to the desktop. Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 4
  • 5. MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 b. The security application detects the simulator when it is executed according to the following criteria: i. It identifies the simulator as being malicious and either automatically blocks it or postpones its execution and warns the user that the file is malicious and awaits user input. ii. It identifies the simulator as suspicious or unknown and gives the option to run in a sandbox or safe restricted mode and when run in this mode it meets the criteria c or d below. c. The security application prevents the simulator from capturing and sending the logon data to the MRG results page or local store location, whilst giving no alerts or informational alerts only. d. The security application intercepts the installation/action of the simulator and displays warnings and user action input requests that are clearly different to those displayed in response to legitimate applications, when they are executed or installed on that system. 8. A test is deemed to have been failed by the following criteria: a. The security application fails to detect the simulator when it is executed and then: i. The security application fails to prevent the simulator from capturing and sending the logon data to the MRG results page or local store location and gives no, or informational alerts only. ii. The security application intercepts the installation/action of the simulator but displays warnings and user action input requests that are indistinguishable in meaning from those displayed in response to legitimate applications, when they are executed or installed on that system. b. The security application identifies the simulator as suspicious or unknown and gives the option to run in a sandbox or safe restricted mode and when run in this mode it: i. Fails to prevent the simulator from capturing and sending the logon data to the MRG results page or local store and gives no, or informational alerts only. ii. Displays warnings and user action input requests that are indistinguishable in meaning from those displayed in response to legitimate applications, when they are executed or installed on that system. 9. Each Zeus test is conducted by: a. Downloading the Zeus binary from its native URL using Internet Explorer to the desktop, closing Internet Explorer and then executing the binary 10. A test is deemed to have been passed by the following criteria: a. The security application blocks the URL where the Zeus binary is located. b. The security application detects and blocks the simulator whilst it is being downloaded to the desktop. c. the security application detects the simulator when it is executed according to the following criteria: i. It identifies the simulator as being malicious and either automatically blocks it or postpones its execution and warns the user that the file is malicious and awaits user input. ii. In the case of products that only provide a secure browser, the security application alerts that the system is compromised and will not allow the user to initiate a banking session at the location detailed in 6c above. 11. A test is deemed to have been failed by the following criteria: a. The security application fails to detect or block the binary at any stage in 9a and allows it to be executed. 12. A test result is deemed to be undetermined by the following criteria: a. In the case of products that only provide a secure browser or secure desktop, the security application does not alert that the system is compromised and will allow the user to initiate a banking session at the location detailed in 6c above.v Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 5
  • 6. MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 13. Testing is conducted with all systems having internet access. 14. Each individual test for each security application is conducted from a unique IP address. 15. All security applications are fully functional unregistered versions or versions registered anonymously, with no connection to MRG Effitas. 16. All testing was conducted during Q2 2013. Test Results: The table below shows the results of testing using the simulators employing reverse engineered MitB Attacks P The application prevented the simulator from capturing data F The application failed to prevent the simulator from capturing data Security Application FMA01 FMA02 FMA03 FMA04 Overall Avast P P P P AVG P F F F BitDefender P P P P DefenseWall P P P P Emsisoft P P P P ESET F F F F F-Secure F F F F GFI P F F F Kaspersky P P P P McAfee P F F F Microsoft F F F F Panda F F F F Quarri P P P P SourceFire P F F F Symantec P F F P TrendMicro P F F P ThreatMetrix F F F F Trusteer P P P P Webroot P P P P Wontok P P P F Zemana P P P P Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 6
  • 7. MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 The graph below shows the detection / blocking results for the 100 ITW Zeus samples used Note, ThreatMetrix and Wontok are not included in this test as neither offers detection. Certification: In order to be attain the MRG Online Banking Browser Security Certification, a product must pass every test during the quarter. Applications which meet this specification will be given the certification for that quarter. The MRG Effitas Online Banking Browser Security Certification for Q2 2013 is awarded to the following products: • avast! Internet Security 8.0 • BitDefender Internet Security 2013 • SoftSphere DefenseWall 3.22 • Emsisoft Anti-Malware 8.0 • Kaspersky Internet Security 2013 • Quarri Protect on Q 3.2 • Trusteer Rapport 1208.34 • Webroot SecureAnywhere 8.02 • Zemana AntiLogger 1.92 Certifications for Q3 2013 will be announced in the second week of Q4 when our second report will be published. Security Application Detection % Avast 100 BitDefender 100 DefenseWall 100 Emsisoft 100 Kaspersky 100 Quarri 100 TrendMicro 100 Trusteer 100 Webroot 100 Zemana 100 F-Secure 98 SourceFire 98 Symantec 98 ESET 96 AVG 93 GFI 92 Panda 91 McAfee 89 Microsoft 74 Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 7
  • 8. MRG Effitas MRG Effitas Online Banking / Browser Security Assessment Project Q2 2013 i It is necessary to use simulators with reverse engineered MitB attacks as testing using real financial malware which rely on ITW C&C servers is unlawful under the Computer Misuse act in the UK as it requires that malicious code is run on a third parties computer without their knowledge or consent. ii DefenseWall was tested on Windows 7 32 bit. iii AES includes Adobe Flash, Reader, Microsoft Office 2007 & Firefox, all fully updated. iv Where the security application offers a secured or dedicated banking browser, this is used v Note, this classification does not represent a failure. Copyright 2013 Effitas Ltd. This article or any part of it must not be published or reproduced without the consent of the copyright holder. 8