Services

360 Degree Protection Testing

A first-of-its-kind test that covers all angles, our pioneering 360 Degree Protection Test targets the key threats faced by internet users. In each test case we employ the full spectrum of Early Life Malware. We use a Time-To-Detect metric to measure how long it takes each application to detect and neutralise missed threats.

Our Phishing Test assesses products’ capabilities in blocking Phishing websites.

more information

Next-Gen Network Appliance/Endpoint Protection Testing

Companies face the challenge that their multi-layered protections with firewalls, anti-virus systems and intrusion detection systems can be bypassed by targeted attacks or advanced opportunistic attacks (Advanced Persistent Threats). Vendors responded to this problem with APT detection appliances, also known as breach detection systems or next-generation intrusion detection systems. We provide efficacy and comparative assessments of these APT detection appliances, with custom developed, never-seen-before malware.

more information

In-The-Wild Exploit Testing

Criminals on the internet started to distribute malware to victims years ago by targeting vulnerabilities in browsers, browser plugins, and document readers. The obfuscation used in these attacks renders some traditional antivirus protections ineffective. Thus vendors started to develop products which can detect and block exploits against these vulnerabilities, so the malware does not have a chance to start working. We provide efficacy and comparative assessments of these anti-exploit protections.

more information

Safe browser tests

Internet Security Suites and Financial Endpoint Protection systems can provide a safe browser solution to prevent the theft of confidential data and protect the integrity of financial transactions by protecting a browser against financial malware (e.g. Zeus, Dyre, Tinba, SpyEye, etc.). We provide efficacy and comparative assessments of these safe-browser protections.

more information

Recent projects

ETERNALBLUE vs Internet Security Suites and nextgen protections

2017 / 05 /19

download report

MRG Effitas Online Banking Certification Q1 2017

2017 / 05 /18

download report

Blog news

Webroot SecureAnywhere Android AV coordinated disclosure

2017 / 07 /20

Researchers of MRG Effitas tested the Webroot SecureAnywhere Android application. During use, we came across implementation details, which might undermine the Vendor’s efforts to provide a comprehensive mobile security solution with the potential to aid users in case of encounters with malware.   Testing covered the following application version. Application name       Webroot SecureAnywhere Store URL                    https://play.google.com/store/apps/details?id=com.webroot.security Version                        4.1.0.8032   We considered the situation and opted for a coordinated disclosure approach to aid the Vendor in their efforts. In accordance with industry standards, we disclose the issues based on Google’s 90-day policy. As a result, after a 90-day plus a …

more information
Limitations of Android AntiVirus Scanners

2017 / 07 /20

Recently, MRG Effitas have been involved in a test of Android based AV products. Having completed the test process, we realised that the general approach of malware on Windows cannot be applied to mobile based samples, as the general considerations fundamentally differ. Furthermore, most Android based AV vendors started their work offering desktop AV solutions to customers, and many times the same approach is applied on both fields – which, we’ll see, often leads to controversial consequences. AV is “just another app” Most of the issues we found fundamentally originate from the fact that the AV is usually just another …

more information

Our partners