I chose 15 RANDOM pieces of malware and ran each one of them.
The system is Windows 7 64bit, fully updated - Default UAC, Windows Defender off. Mamutu fully updated. Comodo fully updated. Settings for both at the bottom of this post.
The number of times Comodo outright blocked an application - 2.
The number of times default UAC outright blocked an application - 1.
The number of times Comodo sandboxed and then cleaned malware - 13.
The number of times Mamutu detected and blocked a program - 9.
No successful infections. 3 out of the 15 malicious files were blocked before they could successfully start. The 13 files that managed to run were cleaned by Comodo. 9 out of those 13 files were also picked up by Comodo and blocked.
Now to test Mamutu alone. I think Comodo was getting to everything/ blocking things before Mamutu kicked in. By sandboxing and applying security restrictions on them I think the malicious files weren't able to implement some of the things Mamutu looks for. Still, 9/13 is not bad.
New test will be in a separate post.
Mamutu Behavioral Blocker
Beta updates
Allow program if 92% of community members allowed it.
Deny program if 88% of community members allowed it.
Comodo Internet Security (Firewall and Defense+, no AV) (Password Protected)
Comodo Firewall: Safe Mode, Alert Settings Low
-- Ports Stealthed
-- Create Rules for safe applications
-- Enable IPv6 filtering
-- Protect ARP Cache, Block Gratuitous ARP Frames
-- Block Fragmented IP datagrams
-- No protocol analysis, no monitoring NDIS protocols other than TCP/IP
Comodo Defense+: Safe Mode
-- Autosandbox as Limited
-
-
Mamutu stand alone results:
Successful infections: 2
UAC Blocked: 2
Mamutu Blocked: 11
So mamutu blocked 11/13 malicious files that managed to run without admin.
It would have been nice to see something break free from Comodo only to be stopped by Mamutu, but Comodo managed to break every piece of malware just fine on its own.
Mamutu (between its two processes) is using just under 6MB of RAM. -
Some things I would like to mention:
You have to manually setup Mamutu to auto startup
If you set Mamutu on Paranoid mode, it will send you notifications and attempt to block every application that has access to the internet.
Thank you for testing Mamutu, Hungry Man.
From your testing, I can conclude that removing Mamutu and using Comodo Firewall and Defense+ is a better alternative than relying solely on Mamutu. However, since Mamutu is very light (Lighter than Comodo) I will continue using it. -
I would say it's worth using it. If something slips past Comodo Comodo won't look at it again - once the process gets whitelisted by the user that is. Mamutu is constantly looking at processes so it should help in every situation.
I was doing some more tests but I won't post results (too informal/ I used some of the same samples) and Mamutu (alone) was blocking everything I threw at it. -
-
Beta updates on
Paranoid mode off -
Alright.
Thanks
Testing Mamutu
Discussion in 'Security and Anti-Virus Software' started by Hungry Man, Jul 15, 2011.