Win 2000 anti-virus products fail independent tests
Polymorphic virus fools mediocre security packages
Many big-name anti-virus products failed to secure Windows 2000 in recent independent tests.
Seventeen out of 32 products tested - including packages from Trend Micro, Kaspersky, Norman and Sophos - failed to reach the standard required for VB100 certification. A total of 13 products failed to spot threats known to be circulating. False alarms on known clean files also came up as a problem during the testing, which was run by Virus Bulletin, the independent security certification body.
To earn VB100 certification, products must be able to detect all of the viruses contained in the WildList test set (a list of malware known to be in circulation) without generating any false alarms when scanning clean files.
It's a tough challenge but normally only a handful of submitted products fail VB100 certification. The latest round of testing produced the worst results in years.
The main cause of the string of failures was a particularly nasty polymorphic virus, a form of malware with self-modifying program code specifically designed to defeat anti-virus packages.
"Polymorphic malware went out of fashion for some time but has recently become popular with malware writers once more, both in self-morphing viruses and in Trojans morphed at the server side before delivery," explained John Hawes, technical consultant at Virus Bulletin (VB).
Detecting morphing malware may be tricky, but it's an insufficient excuse for the poor results in the tests. VB called on the industry to "pull up its socks". "It was a shock and a concern to see such a poor performance from so many products in this latest round of testing. It is particularly disappointing to see so many major products missing significant real-world threats," Hawes added. "In these days of hourly updates computer users really ought to be able to rely on their chosen security vendors for full protection against known threats."
Unlike other certification schemes, Virus Bulletin tests all products free of charge and does not allow re-testing - performances are reported exactly as they are found. Security vendors volunteer their products for testing. Virus Bulletin's comparative reviews also cover other performance aspects including detection rates against a selection of zoo viruses, scanning speeds and performance overheads.
The results of the VB100 certification of products for Windows 2000 can be found here (free registration required).
Now, if you'll excuse me, I'm off to download a copy of Ubuntu Linux. ®
@Rik - Safe Sites
There are such things as safe sites. You cannot possibly tell me with a straight face that every possible site on the net I visit could be/has been compromised. Fair enough, there is a slight possibility that maybe a site could possibly maybe have been ha><or3rd at some point, but to blanket-cover all the net and say that is simply wrong.
Part of these security issues you allude to is down to SysAdmins not knowing how to secure Apache. Or IIS. (But IIS and security in the same sentence...)
I'm not going to go down the Windows -v- Linux -v- Mac route, but in the 4 years I've been on Linux I've never had a virus. Yes I go to warez sites, porn sites and P2P (hell I am a guy after all) but I don't worry about it. I don't have to. I use fake email accounts, anonymizers and an OS that (so far) can't be easily exploited by malicious code that I inadvertently download.
Bottom line is, if you must use Windows, get AVG or Sophos installed and a decent malware package and you'll be ok. If you switch to Linux/Mac, you won't need to worry about it for a couple of years more.
@Phil Rigby - safe site
Unfortunately Jarno is right, there really is no such thing as a safe site. Many of the most recent successful exploits have been based on malicious iframes inserted into innocent, and what most people would believe to be "safe" sites. Try googling (although Google results aren't so safe either) "iframe" and "Bank of India", "The Italian Job" or even "Superbowl".
The only anti virus vendors that people should be considering are those that offer real-time, in-the-cloud, categorisation of sites based on some kind of reputation database instead of relying solely on definition files that are, by necessity, behind the game.
Trend Micro for example may have failed the Wild List test. But I would bet my shirt that the all-round protection they offer with their Web Reputation services far exceeds the competition.
@Wade Burchette - Norton
"I think this is a case of lab performance and not real-world performance. Apparently Norton and McAfee are like the "practice players", they do good in a lab but poor when it counts the most."
Agreed - I've lost count of the number of PCs I've encountered with Norton Internet Security loaded (and set to update automatically) yet riddled with viruses and other malware - and not an alert in site. Combine that with the way it reduces all but the latest PCs to a crawl (how about >5 minutes to boot? Less than 1 once Norton was removed) and I'm beginning to think Norton's a nasty joke someone's playing on unsuspecting PC users.