Security

AntiVirus Software Still Sucks

Leave a comment

Secunia has posted a rave review of Symantec, saying that the big yellow marketing machine “beats the competition” at detecting exploits. How good is Symantec?

Symantec detected a mere 64 out of 300 exploits, or less than one-fourth, leaving 236 exploits undetected!

Wow, that’s great. Let’s beat the drum for the leader in a space that’s quickly becoming an example of what not to become. Here are the contestants in Secunia’s review:

• McAfee Internet Security Suite 2009
• Norton Internet Security 2009
• Windows Live OneCare
• ZoneAlarm Security Suite 8
• AVG Internet Security 8.0
• CA Internet Security Suite 2008
• F-secure Internet Security 2009
• TrendMicro Internet Security 2008
• BitDefender Internet Security Suite 2009
• Panda Internet Security 2009
• Kaspersky Internet Security 2009
• Norman Security Suite 7.10

Open-source and related solutions were conspicuously ignored.

The complete results are available in a PDF, and show that ten of the eleven products were below a 4% (yes, four percent) detection rate for “important test cases”. In other words, they did not find exploits lurking in html, xls, ppt, and other “productivity” files.

Careful when you click that PDF link. ;)

The bottom line here is don’t believe the hype of AntiVirus marketing. You will not be safe after you install the software. Many more controls and settings are required, and large organizations still need professional staff to measure and reduce risk to a reasonable level. Thanks Microsoft.

In the meantime, if you want to do an AntiVirus software comparison, I recommend using VirusTotal. They have a more comprehensive list of participants:

# AhnLab (V3)
# Aladdin (eSafe)
# ALWIL (Avast! Antivirus)
# Authentium (Command Antivirus)
# AVG Technologies (AVG)
# Avira (AntiVir)
# Bit9 (FileAdvisor)
# Cat Computer Services (Quick Heal)
# ClamAV (ClamAV)
# CA Inc. (Vet)
# Doctor Web, Ltd. (DrWeb)
# Eset Software (ESET NOD32)
# ewido networks (ewido anti-malware)
# Fortinet (Fortinet)
# FRISK Software (F-Prot)
# F-Secure (F-Secure)
# G DATA Software (GData)
# Hacksoft (The Hacker)
# Hauri (ViRobot)
# Ikarus Software (Ikarus)
# K7 Computing (K7AntiVirus)
# Kaspersky Lab (AVP)
# McAfee (VirusScan)
# Microsoft (Malware Protection)
# Norman (Norman Antivirus)
# Panda Security (Panda Platinum)
# PC Tools (PCTools)
# Prevx (Prevx1)
# Rising Antivirus (Rising)
# Secure Computing (SecureWeb)
# BitDefender GmbH. (BitDefender)
# Sophos (SAV)
# Sunbelt Software (Antivirus)
# Symantec (Norton Antivirus)
# VirusBlokAda (VBA32)
# Trend Micro (TrendMicro)
# VirusBuster (VirusBuster)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.