Feeds

Anti-virus suites still can't block Google China attack

Protection layer flunks independent tests

Using blade systems to cut costs and sharpen efficiencies

Analysis The vast majority of consumer anti-virus products are still failing to block the Operation Aurora exploits used in the high profile attack against Google and other blue-chip firms last December, according to independent tests.

NSS Labs evaluated the effectiveness of seven popular consumer endpoint security products to see which blocked variants of the Operation Aurora attack. The security testing firm reckoned that most, if not all, of the products would block the exploit and malicious code payloads associated with an ultra-high profile attack that has been a mainstay of talk in the information security biz for the last six weeks.

However, only security software from McAfee out of all the seven tested products "correctly thwarted multiple exploits and payloads, demonstrating vulnerability-based protection", NSS discovered to its surprise. Other tested security suites - AVG Internet Security, ESET Smart Security 4, Kaspersky Internet Security, Norton Internet Security 2010, Sophos Endpoint Protection for Enterprise and Trend Micro Internet Security 2010 - all failed.

NSS Labs argues that its research, unveiled at the BSidesAustin security conference on Saturday - highlights the importance of providing greater vulnerability-based protection.

"Rather than reactively blocking individual exploits or malware, vendors should focus on minimizing their customers’ risk of exposure by insulating the vulnerability," Rick Moy, president of NSS Labs explained in a statement.

The research has received a mixed reception from security vendors. Trend Micro, which received a thumbs-down in the test, nonetheless welcomed the research.

"NSS Labs is building up a series of tests that measure the protection at various 'protection layers'," said Anthony Arrott, product manager of security analytics at Trend Micro. "Individually, these tests do not attempt to measure end-to-end protection across all layers – ultimately what matters most to users."

Modern endpoint protection products rely on multiple layers of protection - including malicious attachment blocking, preventing access to malicious URLs and behaviour blocking as well as shielding the underlying vulnerability on the endpoint from being exploited - but the NSS tests only looked at the last of these layers, in concluding that only one in seven tested products snuffed out the exploit.

"Trend Micro agrees with this assessment. This is why Trend Micro recently acquired Third Brigade and is currently integrating the Canadian firm's excellent vulnerability layer protection technology into Trend Micro's enterprise and consumer products," Arrott told El Reg.

"Trend Micro is looking forward to the day when the independent security product testing laboratories develop tests that measure the end-to-end protection provided against threats regardless which layer thwarts the threat."

Non-vulnerability-shielding countermeasures in Trend Micro's arsenal already block the threat, he added.

Boost IT visibility and business value

Next page: Come and AVG a go

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.