本帖最后由 yhjtj 于 2012-7-7 13:10 编辑
测试来源网站:http://www.matousec.com/
Online Payments Threats Comparative Testing (2012/07/06 08:38)
We have been asked to design and perform a comparative testing focused on financial malware – i.e. malware created to steal credentials to online payment services. The task was assigned by Kaspersky Lab ZAO in order to test their new Safe Money technology, which is implemented in their upcoming Kaspersky Internet Security 2013. Besides Kaspersky Internet Security 2013 (RTM version) we have included 13 security products from different vendors in this testing. Except for Trusteer Rapport all products were general purpose anti-virus products and Internet security suites. With primary focus to common inexpert users, assuming no or low computer security awareness from the users, all products were tested in their out-of-box configurations.
We have designed 15 tests with ability to steal PayPal and eBay credentials. Each test exploited different attack vector to achieve its goal. The techniques of the tests were inspired by widespread real-life malware including Zeus, Sinowal, Silon, Cidox, SpyEye, Carberp, Yaludle, etc.
A half of the tested products did not prevented a single test to steal the credentials. Only two of the tested products passed all the tests – Kaspersky Internet Security 2013 and Trusteer Rapport.
See the complete report for more information about this testing.
网上支付的威胁比较测试(2012年7月6日08:38)
我们已要求设计和专注于金融恶意软件进行对比测试 - 即恶意软件创建窃取凭据的在线支付服务。 ZAO跟卡巴斯基实验室,以测试他们的新的安全货币的技术,这是实现在其即将推出的卡巴斯基互联网安全2013被分配的任务。 除了卡巴斯基互联网安全2013(RTM版本),我们从不同的厂商在此测试包括13个安全产品。 所有产品除Trusteer的融洽是通用的反病毒产品和互联网安全套装。 与共同不熟练的用户,假设没有从用户的计算机安全意识低的首要重点,所有产品进行了测试盒的配置。
我们已经设计了15个测试,有能力窃取PayPal和eBay的凭据。 每个测试利用不同的攻击载体,以实现其目标。 通过广泛的现实生活中的恶意软件,包括宙斯,Sinowal的,Silon,Cidox,SpyEye,Carberp,Yaludle等测试技术的灵感
测试产品的一半,并没有阻止一个单一的测试,以窃取凭据。 只有两个测试的产品通过了所有测试 - 卡巴斯基互联网安全2013年和Trusteer的融洽。
请参阅完整的报告,关于这个测试的更多信息。
全部测试软件列表
The following products were tested:
1. avast! Internet Security 7.0.1426
2. AVG Internet Security 2012.0.2178
3. Avira Internet Security 2012 12.0.0.1085
4. Bitdefender Internet Security 2012 15.0.38.1604
5. ESET Smart Security 5.2.9.1
6. F-Secure Internet Security 2012 12.49.104
7. G Data Internet Security 2013 23.0.0.19
8. Kaspersky Internet Security 2013 13.0.0.3370
9. McAfee Total Protection 2012 11.0.669
10. Microsoft Security Essentials 4.0.1526.0
11. Panda Internet Security 2012 17.01.00
12. Symantec Norton Internet Security 2012 19.7.1.5
13. Trend Micro Titanium Maximum Security 2012 5.2.1035
14. Trusteer Rapport 3.5.1201.76
有两款软件通过了全部15个测试,Kaspersky Internet Security 2013 和 Trusteer Rapport.
值得一提的是其中一款类似浏览器插件的软件Trusteer Rapport比较陌生,支持ie,火狐,chrome,不支持国内的改版浏览器,个人安装后初步测试了一下,在chrome中开启,变成绿色后,能够抵挡AntiTest.exe的所有截屏,大家有空可以试一下。
下载地址:
PC users: http://download.trusteer.com/Gcur4Wtnu/RapportSetup.exe
Mac users: http://download.trusteer.com/Gcur4Wtnu/leopard/Rapport.dmg
浏览器支持列表:
For Windows Operating Systems, 32-bit and 64-bit (Windows XP, Vista and Windows 7), Rapport supports:
Internet Explorer 6, 7, 8 and 9
Firefox 3.x, 4.x (Not including the 64-bit versions. How do I check this?)
BT Yahoo browser (Only broadband version 3.x)
Google Chrome 3.x and above (Not including versions from the Developer Channel)
For Mac OS X Leopard (10.5) and Snow Leopard (10.6), Rapport supports:
Firefox 3.x, 4.x (32-bit mode only. Snow Leopard users, please follow this guide to set Firefox 4 to open in 32-bit mode)
Safari 4.x and 5.x (Including 64-bit versions)
|
发表于 2012-7-7 13:05:39
发表于 2012-7-7 13:17:14
对这家的测试没有好感,经常搞不清楚他到底要测试什么东西,而且很多测试的内容和名字配不上
楼主
