New Zero-day detection test from (Anti-Malware Test Lab) And Comodo scored......

I can’t find that this have been posted before.

New test from Anti-malware test lab! 11/26/09.

Though, Idk why they used Comodo 3.9 instead of 3.10, 3,11, 3,12 or newer :-\

And here you can see the whole test:

Comodo actually scored an Golden award even if it’s made on the CIS 3.9 version wich is good.

But if this test is trustworthy or not don’t ask me judge by yourself!


Hi J_G,

Actually the Software versions of other contestants are older as well.

The “Methodology…” link brings you to the page written in Russian
and the first line states that the test(s) were carried from July 7 till October 22

So that’s the result of previous tests that was just published in November

My regards

Fairly clear that Ilya has paid for the test haha.

I’d like to see them test those malware against SRP. It would get 100% no doubt. And SRP is free, and much ligther than DefenseWall. SRP also comes built into Windows. So much simpler.

Hi ssj100 ,

That really doesn’t matter, was he paid or not…

There is a bigger problem.

Unfortunately when I pressed “English” the description still came up in Russian, which is not a big deal for me :slight_smile: So…

Также в тесте участвовали две специальные программы для проактивной защиты от новейших видов угроз класса HIPS (Hosted Intrusion Prevention System): 1. DefenceWall HIPS 2.56 2. Safe'n'Sec Personal
Also two special programs for proactive defense against the newest types of threats "class HIPS" participated in this test...
I don't know why they call it "class HIPS"or type-HIPS ???, but that is how they put it and therefore I placed it in quotes.

And that’s where the problem exists, as far as I understand.

HIPS and alike and separately Behavioral Blockers (that do work differently - stressing) should be the subject of such tests. Only those should participate when we are talking about “zero days” … Antiviruses basically ( any ) are total failure against those and we know that.

Further they are describing that all AVs were set “as default” for auto-updates etc.
So what? that is a major weakness of any AV anyway.
“Zero day” … or “zero-half-an-hour”? … probably “zero last minute?”
What is that critical time frame we are talking about within which any AV will definitely find itself in a deep crapper?

Therefor I really don’t care about test like this … and who was or was not paid.
That is just wrong methodology.

That is similar to seeing Mamutu at the last place with “failed” verdict in Firewall tests
(haven’t we all seen that?)
At the same time Mamutu is the best Behavioral Blocker currently… …and so on …

Actually in addition to what I answered to J_G - readings a bit more.
The testers admitted that

К сожалению, в ходе длительного проведения теста полученных результатов, некоторые вендоры выпустили обновления своих продуктов, что не могло быть отражено в итоговых результатах
Unfortunately due to long time of carrying out of the test and getting the results, some vendors issued updated (versions of) products and that could not be reflected in the final set of the concluding results

Cheers! :wink:

IIRC an old version of Mamutu was tested in matousec Proactive challenge failing even the most baseline termination tests (Kill1 and Kill2) but passing a test named Leaktest meant to finds out whether the tested product filters outbound TCP traffic…

An EMSI representative did apparently represent that whole stss suite as a firewall leak testing one…

2008-11-29 (Mamutu scored 2%): Emsi Software GmbH – the vendor of Mamutu

In our opinion Mamutu is completely misplaced in this test. Mamutu is not a firewall, but a behavior blocker, designed to detect and block real malware samples only, not to pass a firewall leaktest. For us, the test results are useless because the product was tested for features that Behavior Blockers are not intended to provide in general. In oposite to Matousec, we think that Firewalls, Behavior Blockers and HIPS are not the same type of software and therefore they can not be tested and compared as they were the same.

Christian Mairoll
Managing Director
Emsi Software GmbH

Matousec reply was:

We are testing a specific kind of security software which must meet some [url=]fixed criteria[/url] in order to be included to our project. The main criterion is to implement a process-based security. Proactive Security Challenge is designed to test Internet security suites, personal firewalls, HIPS products, behavior blockers and other behavior based systems. Mamutu met all the required criteria and hence there was no why not to include Mamutu to our project after we received several requests from our visitors. All the products included to our project implement similar features. These security features are tested in our project. We believe that using a set of open tests is the only objective way to compare all the products that implement the very same features. There are various tests used in Proactive Security Challenge, only a part of the used testing suite is based on leak-tests.

I assume that Mamutu does now defend itself against such terminating behaviors at least (which is for the best) as for it includes comments made by some tested vendors (including Microsoft) as well

My answers here were about the versions as original poster asked.

In addition I expressed my view that the pointed two or similar “additional” Software are indeed intended to be tested against zeo-days – separately, but not the AVs together with them.

My opinion is that the answer by Christian Mairoll was correct and Mamutu should not be tested amongst Firewalls.

… but anyway, since we agreed once – as soon as you are in the thread - I am out of that thread, because that will lead to endless “jumping-jack-self-quoted” replies of yours and discussion going nowhere.

At least I will keep my word


If you meant to reply about tested products being linked to in the OP post then Mamutu is strikingly out of place even more if you actually meant to rephrase matousec tests in the same way some EMSI representative did.

And here I was inclined to ask you, despite such all-along undisclosed agreement ( ??? )I never was aware of so far ( 88) ), if you recently ran what you defined the “best Behavioral Blocker currently” against many of such stss termination tests at least…

Because when I got to check something your opinion appeared to hint at, I had the definite impression some of your words were to be read like “That is similar to seeing Mamutu failing to prevent self termination as a Behavior blocker” (haven’t we all seen that?)

…even though I guess you would disagree with some of the comments made by tested AV/suite vendors on (by chance maybe, some of such products were featured on matousec site as well)

Nevertheless I got to know your definite self-referencing opinion about Mamutu value and even some clarification about your thoughts about that EMSI representative opinion about Proactive tests I “jumping jack” quoted and linked, whenever I got none about the related matousec reply whereas I won’t have everybody to rely on my words alone if I can link a post containing somebody else words along with mine.