Feeds

Win 2000 anti-virus products fail independent tests

Polymorphic virus fools mediocre security packages

Next gen security for virtualised datacentres

Many big-name anti-virus products failed to secure Windows 2000 in recent independent tests.

Seventeen out of 32 products tested - including packages from Trend Micro, Kaspersky, Norman and Sophos - failed to reach the standard required for VB100 certification. A total of 13 products failed to spot threats known to be circulating. False alarms on known clean files also came up as a problem during the testing, which was run by Virus Bulletin, the independent security certification body.

To earn VB100 certification, products must be able to detect all of the viruses contained in the WildList test set (a list of malware known to be in circulation) without generating any false alarms when scanning clean files.

It's a tough challenge but normally only a handful of submitted products fail VB100 certification. The latest round of testing produced the worst results in years.

The main cause of the string of failures was a particularly nasty polymorphic virus, a form of malware with self-modifying program code specifically designed to defeat anti-virus packages.

"Polymorphic malware went out of fashion for some time but has recently become popular with malware writers once more, both in self-morphing viruses and in Trojans morphed at the server side before delivery," explained John Hawes, technical consultant at Virus Bulletin (VB).

Detecting morphing malware may be tricky, but it's an insufficient excuse for the poor results in the tests. VB called on the industry to "pull up its socks". "It was a shock and a concern to see such a poor performance from so many products in this latest round of testing. It is particularly disappointing to see so many major products missing significant real-world threats," Hawes added. "In these days of hourly updates computer users really ought to be able to rely on their chosen security vendors for full protection against known threats."

Unlike other certification schemes, Virus Bulletin tests all products free of charge and does not allow re-testing - performances are reported exactly as they are found. Security vendors volunteer their products for testing. Virus Bulletin's comparative reviews also cover other performance aspects including detection rates against a selection of zoo viruses, scanning speeds and performance overheads.

The results of the VB100 certification of products for Windows 2000 can be found here (free registration required).

Now, if you'll excuse me, I'm off to download a copy of Ubuntu Linux. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?