Share
Secunia, vulnerability intelligence provider, recently released a report that details how several security suites failed to protect computers from exploitation. The report demonstrates how most security companies fail to stop real-world exploits, and proves what most security experts have said all along; layers work, and they exist for a reason.
Secunia report shows all-in-one applications fail to stop exploits.(IMG:Secunia)
The test by Secunia included McAfee, Symantec, F-Secure, BitDefender, Panda, and Kaspersky’s 2009 security offerings, as well as OneCare Live from Microsoft, ZoneAlarm Security Suite 8, AVG Internet Security 8, CA Internet Security 2008, TrendMicro Internet Security 2008, and Normal 7.10.
Testing included a mix of three types of exploits. The three types consisted of Proof of Concept (PoC), which triggers a vulnerability but is rarely malicious; GameOver PoC, which a PoC that proves a computer can be compromised and code execution is possible by taking over the program flow; and Exploits themselves, each malicious in nature. Secunia made a point in its report that: “if a security product cannot detect a PoC it also cannot detect an exploit reliably.”
There were 300 total test exploits, 126 of them considered important by Secunia. The important tests consisted of Zero-day threats, public exploits, or exploits Secunia developed in-house to help with signature creation.
The results of the testing showed that Symantec, with Norton Internet Security 2009, came out on top, detecting and blocking the most exploits compared to the other products. However, before you jump for joy, Norton detected only 64 out of 300 exploits. The results showed that Norton detected 21.33 percent overall, with a 30.95 percentile detection rate when it came to the exploits determined as important.
BitDefender and TrendMicro tied for second place in both important exploit detection and overall with 2.33 percent and 3.97 percent respectively. McAfee came in third overall with two percent, but tied for second with a 3.97 detection rate for important exploits.
The rest of the list, in order of overall performance, included OneCare, Kaspersky, AVG, F-Secure, Panda, ZoneAlarm, CA, and Norman. Norman, with zero percent, earned the lowest rank, but only because ZoneAlarm and CA managed a 0.67 percent and a 0.33 percent detection rate overall.
"Recent statistics based on a nationwide campaign in Denmark show that approx. one-third of all programs installed on Danish PCs lack one or more security patches. These findings are, by and large, applicable to the rest of the world as well," said Thomas Kristensen on the Secunia blog.
"While we did suspect that the popular security vendors would score quite poorly in detecting exploits, the extremely low detection rate took us by surprise and this really begs the question: Do the customers get their money's worth?"
The question from a marketing point is valid, but realistically a little misleading. Consumers get their money’s worth as long as they remember that even the “all-in-one” or “complete coverage” products will never stop everything. Even Secunia points this out in its report. This is why security on a computer or network is done in layers.
Another point the report made is that, when you fail to patch the operating system or various programs on the computer, you leave yourself wide open to exploitation. The security suites will only catch the payload, or the malicious file that is delivered after the exploit works, they will not detect the faulty exploit code itself.
It would be unfair to the security vendors to expect them to include code scanning in their products. It would likewise be unfair to the consumer, because if the AV vendors included such scanning and detection abilities, the cost of the software would likely triple.
Yet, there is progression in this area by some vendors. Both BitDefender and Kaspersky include options on their respective programs that monitor the updates on the operating system. As long as the user follows the prompts, they ensure that patches are applied.
Again, the best protection comes from layers. The all-in-one security services are never all-in-one, and should only be viewed as a single layer for computer defense.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story