Testing Reveals Security Software Often Misses New Malware

Source: PC World

Jeremy Kirk Jeremy Kirk – Sun Jun 20, 7:20 pm ET

New research has further confirmed the difficulties security software companies are having keeping up with an explosion in malicious software programs on the Internet.

Security software from major vendors can take an average of two days to block a Web site designed to attack a computer visiting it, according to the latest report from NSS Labs, which tested security software suites against fresh malware released on the Internet.

"The magnitude of these findings should be noting short of an alarming wake-up call for the security industry," according to the report.

NSS Labs does independent security software testing. Unlike many other testing companies, it does not accept money for vendors for performing the tests, a stance that the company's president Rick Moy says results in more accurate evaluations.

NSS Labs developed a test that mimics how average people browse the Web, finding potentially malicious Web sites and then visiting them with a Web browser. They then record how and when -- or if at all -- security software block the threats. The latest test was run 24 hours a day for nine days.

"We've done testing like the bad guys do," Moy said. "If you're not testing like the bad guys, what's the point? We go out to the live Internet and find out what is circulating on malicious campaigns in real time."

snip

NSS Labs has chosen to reveal the worst-performing vendors of the 10 products they tested. NSS Labs puts the suites in three categories: "recommend," which means a product performed well and should be used in an enterprise; "neutral," which means a product performed reasonably well and should continued to be used if it is already in use; and "caution," which means the product had poor test results and organizations using it should review their security posture.

NSS Labs rated AVG's Internet Security Business Edition and Panda Security's Internet Security as "caution." The full results are contained in NSS Labs' report, "Endpoint Protection Products Group Test Report, Socially-Engineered Malware," which costs US$495. Also covered in the report are Eset, F-Secure, Kaspersky, McAfee, Norman, Sophos, Symantec, Trend Micro.

snip
Send news tips and comments to jeremy_kirk@idg.com



Read more: http://news.yahoo.com/s/pcworld/20100620/tc_pcworld/testingrevealssecuritysoftwareoftenmissesnewmalware

---

more evidence that computerized voting has got to go!!

I use Linux.

Not only that but my 2001 model computer just came alive when I installed linux. I have no reason now to give thought to buying a newer dual core, quad core or whatever else is out there today. Ubuntu 10.04 is the best operating system I've used bar none.

Is it pretty simple to navigate?

there are a couple of Windows applications I have to use that don't have a Linux version. There is a Windows emulator in Linux called Wine, but it can be buggy at times. So I have to have Windows on my machine. I use Linux for everything else, though. I've had no trouble with it, and I'm far from a computer guru.

There is no OS that is immune from malware and whats worse is if you run something like linux and because of your false sense of security do not run a detection solution then you will never know when you do get infected.

The fact that windows holds 90% of all desktops makes it a huge target and hence it has most of the malware written for it. However that does not mean that other OS's are immune quite the opposite in fact.
Just recently a malicious patch for linux servers was found and it had gone undetected for months precisely because of the false impression that linux is immune to such attacks.

You certainly shrink the target on your back when you use another OS than windows but the target does not go away if you think it does you are fooling yourself.

regarding computerized voting (including DREs, optical scanners, and central tabulators). He would be the best hope for getting rid of computerized voting if only he could be convinced that there is no way to make it secure and transparent!!!

I do think its important to have a running printed receipt on computerized voting machines. But I dont know that I agree with the statement theres "no way" to make it secure and transparent.

They're charging us $50 and their junk doesn't even work. Great.

Nothing of real substance, and the findings aren't available unless you spend $500. It's like the "reporter" copied a press release.

free AV programs. Just grabbed low end ones that wouldn't compete very well with the ones that cost money. I'm a bit skeptical of their claim that they aren't being paid by the some of the AV companies.

Norton AV
Adaware
SuperAntiSpyware
Malwarebytes

I run a full scan with each of them once weekly.

You're better off replacing Norton AV with Microsoft Security Essentials, does the same job, less memory used.

but not happy with it. Didn't like MacAfee much either. My Norton expires soon and I was looking for something else..

Doesn't bother me, Updates quietly, etc.

have the software product protect you, there was a time updates were monthly, probably longer than that at one point before they even existed.

Clam AV "cloud" AV protection (Linux-based) and Avira, even though using two antivirus programs in a Windows OS is not recommended, due to compatibility/confliction issues. I am a bit surprised that only about a quarter million computers at a time are using Clam AV when I log in and it loads and then activates with a dialog bubble indicating the amount of computers online that are using it.

I do have both AV programs installed on different partitions, however, and never install ANY software programs on the same partition that the XP OS is located.

If I am feeling "adventurous", and want to throw caution to the wind, I can always boot up a live Linux DVD, such as Knoppix to browse the www, since it only resides in physical memory and vanishes w/o a trace when I log off and shut down.

is no fail-safe software that can protect your computer - Mac or PC - 100 percent of the time.

You can try to blacklist and white list emails/companies/contacts/domain names, but that may exclude people you didn't think of, but want communications from.

The only thing you can really do is keep a near-constant vigil using a variety of products, expertise and common sense.

FWIW, I'd pick Kaspersky for any home-use computer: it's as effective, but NOT a system hog.

Consisting of only a few lines.

Most A/V software will never see it because it looks like it belongs or because it is so basic.

The trick is to get it planted on an innocent machine.