Testing reveals security software often misses new malware

Research from NSS Labs show that security software vendors take an average of two days to block a new malicious Web site

New research has further confirmed the difficulties security software companies are having keeping up with an explosion in malicious software programs on the Internet.

Security software from major vendors can take an average of two days to block a Web site designed to attack a computer visiting it, according to the latest report from NSS Labs, which tested security software suites against fresh malware released on the Internet.

"The magnitude of these findings should be noting short of an alarming wake-up call for the security industry," according to the report.

NSS Labs does independent security software testing. Unlike many other testing companies, it does not accept money for vendors for performing the tests, a stance that the company's president Rick Moy says results in more accurate evaluations.

NSS Labs developed a test that mimics how average people browse the Web, finding potentially malicious Web sites and then visiting them with a Web browser. They then record how and when -- or if at all -- security software block the threats. The latest test was run 24 hours a day for nine days.

"We've done testing like the bad guys do," Moy said. "If you're not testing like the bad guys, what's the point? We go out to the live Internet and find out what is circulating on malicious campaigns in real time."

Enterprises are most at threat from fresh customized malware. Security companies share malware samples, but if no company sees or detects the malware, it could quietly circulate and potentially infect machines, stealing data. Even if it is undetected for a short period of time, it still is enough a window to infect a corporate network. As many as 50,000 new malicious programs are detected every day.

NSS Labs has chosen to reveal the worst-performing vendors of the 10 products they tested. NSS Labs puts the suites in three categories: "recommend," which means a product performed well and should be used in an enterprise; "neutral," which means a product performed reasonably well and should continued to be used if it is already in use; and "caution," which means the product had poor test results and organizations using it should review their security posture.

NSS Labs rated AVG's Internet Security Business Edition and Panda Security's Internet Security as "caution." The full results are contained in NSS Labs' report, "Endpoint Protection Products Group Test Report, Socially-Engineered Malware," which costs US$495. Also covered in the report are Eset, F-Secure, Kaspersky, McAfee, Norman, Sophos, Symantec, Trend Micro.

Some security software vendors employ reputation systems in order to detect a malicious Web site, which usually involves checking a database of blacklisted Web sites. Those systems, however, are not widely used and are immature, NSS Labs said. Overall, it took vendors an average of 45.8 hours to block a site, if it was blocked at all, according to the report.

If a software suite did not block a bad Web site the first time, they continued to test the site against the software every eight hours to see how long it took a vendor to add protection. Times ranged from 4.62 hours for the best performing vendor to 71.01 hours for AVG and 92.48 hours for Panda.

Block rates varied depending on how long the malicious Web site has been active. The researchers have a "zero-hour" criteria where it checks whether the software can stop newly found sites. The results aren't great. The best vendor was able to block new sites only 60.6 percent of the time. At the bottom end, AVG, Panda and Eset's software could do that less than 44 percent of time.

Moy said security companies could make vast improvements in their ability to detect brand-new malware. For consumers and enterprises, buying the brand that takes out the largest ad space doesn't necessarily equate to better security, he said.

Up to one-third of security software contracts change hands every year. "Enterprises are definitely dissatisfied with the protection," Moy said. "They're looking around."

Tags NSS Labssecuritysoftwaremalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?