Friday, February 11, 2011

SECURITY - NSS Labs Report

Anti-Virus Utilities will never stop all malware. It's a race between protection software/hardware and publishers of malware.

The reason I'm posting this old article reference, there is a Newsnet post that quotes an Inquirer article, but the article did NOT provide links to NSS Labs source. Which is why The Inquirer is NOT a creditable source on this subject.

"NSS Labs Finds Most Endpoint Security Products Lack Vulnerability-Based Protection" Report NSS Labs 3/12/2010


NSS Labs, Inc., the leading independent security testing organization, today announced the results of its evaluation of seven popular consumer endpoint security products in protecting the vulnerability exploited in the recent “Operation Aurora” attack conducted against Google and at least 30 other organizations. This test—the first of its kind in the industry—was designed to identify which products truly shielded the underlying Microsoft Windows Internet Explorer vulnerability (CVE-2010-0249) against additional attack variants. Products that defended the vulnerability versus simply stopping a single variant or its malicious payload are considered to have a more effective security model.

In its Austin, Texas facility, NSS Labs created variants of the Operation Aurora attack and tested the anti-malware software to see which of the seven products stopped the exploits and malicious code payloads. Given the level of visibility of the attack and the time that has passed since its initial discovery, it was thought that most, if not all, of the products would cover the vulnerability. However, only one out of seven tested products correctly thwarted multiple exploits and payloads, demonstrating vulnerability-based protection (McAfee).

"Generally, there are multiple ways to successfully exploit a vulnerability," said Rick Moy, president of NSS Labs. “This test case underscores the need for IT security vendors to provide greater vulnerability-based protection. Rather than reactively blocking individual exploits or malware, vendors should focus on minimizing their customers’ risk of exposure by insulating the vulnerability.”

Products tested included:
  • AVG Internet Security, version 9.0.733

  • ESET Smart Security 4, version 4.0.474.0 (see caution below)

  • Kaspersky Internet Security 2010, version

  • McAfee Internet Security 2010 with SecurityCenter, version 9.15.160

  • Norton Internet Security 2010, version

  • Sophos Endpoint Protection for Enterprise - Anti-Virus version 9.0.0

  • Trend Micro Internet Security 2010, version 17.50.1366.0000

A full report of the test and its findings is available here. Additionally, Vikram Phatak, CTO of NSS Labs will be discussing the test and demonstrating the Operation Aurora exploit on March 13, 2010 at BSidesAustin, to be held at Norris Conference Centers.

  • I do NOT recommend "Security" nor "Internet" suites for home users because they tend to be resource hogs

  • I DO recommend a good Antivirus, that is not part of a suite

  • At home on my WinXP SP3 desktop system I use ESET NOD32 Antivirus 4, which is very fast, uses little resources; and includes Antivirus, anti-Trojan, anti-spyware protection.

CAUTION: ESET recently came out with ESET NOD32 Antivirus 5 and since I could "upgrade" for free, I tried it. In the next 5 days after upgrading I had problems I never had before, and my system became unstable. I was using the same settings I had for NOD32 Av 4. I did try changing settings. But after 5 days of instability, I uninstalled NOD32 Av 5 and reinstalled NOD32 Av 4. My system is back to being stable.

With NOD32 Av 5 I noted from its look-and-feel, that is likely written with Win7 in mind. I suspect that ESET did not fully test Av 5 on a Win XP system.

No comments: