Feeds

Anti-virus suites still can't block Google China attack

Protection layer flunks independent tests

Choosing a cloud hosting partner with confidence

Analysis The vast majority of consumer anti-virus products are still failing to block the Operation Aurora exploits used in the high profile attack against Google and other blue-chip firms last December, according to independent tests.

NSS Labs evaluated the effectiveness of seven popular consumer endpoint security products to see which blocked variants of the Operation Aurora attack. The security testing firm reckoned that most, if not all, of the products would block the exploit and malicious code payloads associated with an ultra-high profile attack that has been a mainstay of talk in the information security biz for the last six weeks.

However, only security software from McAfee out of all the seven tested products "correctly thwarted multiple exploits and payloads, demonstrating vulnerability-based protection", NSS discovered to its surprise. Other tested security suites - AVG Internet Security, ESET Smart Security 4, Kaspersky Internet Security, Norton Internet Security 2010, Sophos Endpoint Protection for Enterprise and Trend Micro Internet Security 2010 - all failed.

NSS Labs argues that its research, unveiled at the BSidesAustin security conference on Saturday - highlights the importance of providing greater vulnerability-based protection.

"Rather than reactively blocking individual exploits or malware, vendors should focus on minimizing their customers’ risk of exposure by insulating the vulnerability," Rick Moy, president of NSS Labs explained in a statement.

The research has received a mixed reception from security vendors. Trend Micro, which received a thumbs-down in the test, nonetheless welcomed the research.

"NSS Labs is building up a series of tests that measure the protection at various 'protection layers'," said Anthony Arrott, product manager of security analytics at Trend Micro. "Individually, these tests do not attempt to measure end-to-end protection across all layers – ultimately what matters most to users."

Modern endpoint protection products rely on multiple layers of protection - including malicious attachment blocking, preventing access to malicious URLs and behaviour blocking as well as shielding the underlying vulnerability on the endpoint from being exploited - but the NSS tests only looked at the last of these layers, in concluding that only one in seven tested products snuffed out the exploit.

"Trend Micro agrees with this assessment. This is why Trend Micro recently acquired Third Brigade and is currently integrating the Canadian firm's excellent vulnerability layer protection technology into Trend Micro's enterprise and consumer products," Arrott told El Reg.

"Trend Micro is looking forward to the day when the independent security product testing laboratories develop tests that measure the end-to-end protection provided against threats regardless which layer thwarts the threat."

Non-vulnerability-shielding countermeasures in Trend Micro's arsenal already block the threat, he added.

Choosing a cloud hosting partner with confidence

Next page: Come and AVG a go

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.