Tests find security programs fooled by attack vector

Malware that is blocked one time may be allowed through via another route

A new round of antivirus testing found some products fail to detect malware that tries to infect a computer via a different attack vector, such as through a local network fileshare or a USB drive.

The tests, conducted by NSS Labs, sought to find out how effective security products are at detecting malware from various attack vectors. Malware can be delivered to a computer via rigged websites, e-mail attachments and USB flash drives, among other ways.

Although drive-by downloads remain the most common attack vector, about 15 percent of attacks are delivered via e-mail with a malicious attachments, such as a PDF document.

Many security products allow users to download all of their e-mail to their inbox by default and not scan it, even if it contains malware.

"Surprisingly, many products tested did not remove malware from the inbox by default," according to the report, titled "Socially-engineered Malware Via Multiple Attack Vectors."

Of the 10 products tested, the average protection rate was just 36 percent. NSS Labs said that if a company runs a centralized, server-based security product that is integrated with the e-mail servers, such as Microsoft's Exchange or IBM's Lotus Notes, the malware may be removed before it reaches an end user.

But NSS Labs did find that those products that did not scan e-mail before it arrived in an inbox would scan it if the user decided to save the attachment. That improved the average protection rate, which measured 74 percent, NSS Labs said.

Another possible infection vector is file servers, commonly used in organizations to allow access to documents among users. But those files servers can become repositories for malware, allowing bad programs to proliferate among a high number of users.

"While file servers should have their own anti-malware scanning, this often is not the case, and users must rely on local anti-malware security products to detect the downloaded files," the report said.

About 70 percent of the malware was caught by the 10 products when downloaded from a file server, NSS Labs found.

The strongest aspect of most endpoint antivirus products is their ability to block malware as it is executed and quarantine it. NSS Labs found that even if malware did make it on a PC, most products performed well at containing it.

"Every vendor product, with the exception of Panda, blocked more malware during execution than by analyzing the entry vectors," according to NSS Labs. "Trend Micro, McAfee and Sophos lead the group."

But one attack vendor where most security companies are still lacking is detecting malicious payloads that are written only to memory, also known as single-use malware. Malware can, for example, masquerade as a permitted DLL (Dynamic Link Library), which skirts around DEP (Data Execution Prevention) security features in OSes.

"This type of attack circumvents protections that lack behavioral analysis for these attacks," NSS Labs wrote. Only three products from Kaspersky, McAfee and Sophos have features to protect against that style of attack.

NSS Labs, which does not accept money from vendors for its testing, is selling the report on its website for US$995.

Send news tips and comments to jeremy_kirk@idg.com

Join the Good Gear Guide newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags NSS Labsintrusionsecuritydata breachExploits / vulnerabilitiesdata protectionmalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?