Feeds

Anti-virus suites still can't block Google China attack

Protection layer flunks independent tests

Seven Steps to Software Security

Analysis The vast majority of consumer anti-virus products are still failing to block the Operation Aurora exploits used in the high profile attack against Google and other blue-chip firms last December, according to independent tests.

NSS Labs evaluated the effectiveness of seven popular consumer endpoint security products to see which blocked variants of the Operation Aurora attack. The security testing firm reckoned that most, if not all, of the products would block the exploit and malicious code payloads associated with an ultra-high profile attack that has been a mainstay of talk in the information security biz for the last six weeks.

However, only security software from McAfee out of all the seven tested products "correctly thwarted multiple exploits and payloads, demonstrating vulnerability-based protection", NSS discovered to its surprise. Other tested security suites - AVG Internet Security, ESET Smart Security 4, Kaspersky Internet Security, Norton Internet Security 2010, Sophos Endpoint Protection for Enterprise and Trend Micro Internet Security 2010 - all failed.

NSS Labs argues that its research, unveiled at the BSidesAustin security conference on Saturday - highlights the importance of providing greater vulnerability-based protection.

"Rather than reactively blocking individual exploits or malware, vendors should focus on minimizing their customers’ risk of exposure by insulating the vulnerability," Rick Moy, president of NSS Labs explained in a statement.

The research has received a mixed reception from security vendors. Trend Micro, which received a thumbs-down in the test, nonetheless welcomed the research.

"NSS Labs is building up a series of tests that measure the protection at various 'protection layers'," said Anthony Arrott, product manager of security analytics at Trend Micro. "Individually, these tests do not attempt to measure end-to-end protection across all layers – ultimately what matters most to users."

Modern endpoint protection products rely on multiple layers of protection - including malicious attachment blocking, preventing access to malicious URLs and behaviour blocking as well as shielding the underlying vulnerability on the endpoint from being exploited - but the NSS tests only looked at the last of these layers, in concluding that only one in seven tested products snuffed out the exploit.

"Trend Micro agrees with this assessment. This is why Trend Micro recently acquired Third Brigade and is currently integrating the Canadian firm's excellent vulnerability layer protection technology into Trend Micro's enterprise and consumer products," Arrott told El Reg.

"Trend Micro is looking forward to the day when the independent security product testing laboratories develop tests that measure the end-to-end protection provided against threats regardless which layer thwarts the threat."

Non-vulnerability-shielding countermeasures in Trend Micro's arsenal already block the threat, he added.

Mobile application security vulnerability report

Next page: Come and AVG a go

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.