Last week, I wrote about how malware is evolving to bypass commonly used control methods. I described how, according to Finjan, new malware will use popular Internet sites as go-betweens to help bypass current detection and control methods. Naturally, security tools need to evolve to defend against the more evolved types of malware.
Although I don't have any data yet about how existing tools perform in terms of detecting the newer types of malware, I do have some other data about virus scanners that might be useful to you. One major problem with security is legacy support. Some people can't resist using the latest and greatest OS platform; however plenty of other people see no need to rush into something new when something old still does the job quite well. A prime example is that many of you are still probably using Windows 2000.
A couple weeks ago, I got a copy the December 2007 report from Virus Bulletin--a company that measures the capabilities and performance of various antivirus solutions, among other things. Most antivirus solutions detect more than just viruses. Top-notch solutions also detect worms, bots, Trojans, and assorted other types of malware. So Virus Bulletin's report is useful in commenting on tools that run on Windows 2000 and monitor for all those types of malware.
The report contains two types of tests: on-demand scanning and on-access scanning. The results are interesting because they reveal some top performers that I hadn't heard of before.
According to the on-demand scanning tests, McAfee VirusScan and Symantec Endpoint Protect both had detection perfect scores with no false positive detections. Coming in right behind those two products were GDATA Anti-virus and Frisk F-PROT with perfect detection scores but some problems wth false positives. Agnitum Outpost Security Suite Pro, BitDefender Antivirus 2008, and Bullguard 8.0 all earned high marks too for overall performance.
In the on-access scanning tests, the top performers were, again, McAfee VirusScan and Symantec Endpoint Protect. Close seconds were ESET NOD32, Fortinet Forticlient, and Frisk F-PROT. Virus Bulletin also gave CA eTrust kudos for overall performance.
Several other products made high scores in both categories, and still others were either newcomers to the market or rising stars. Virus Bulletin said that of the over two dozen products it tested, roughly half "made the grade," meaning that their overall detection rate and performance were reasonable. The two biggest problems faced by antivirus vendors are the ability to detect polymorphic viruses and the prevention of false positive detection.
This report is part of the December issue of Virus Bulletin online magazine, which contains news, articles, editorials, reviews, and comparative reports. It was the first full report from Virus Bulletin that I've read, and I found it to be very useful. The report, and others like it, aren't available free to the general public. You need a paid subscription to access full articles, and subscriptions start at $175 per year. If you don't want a paid subscription, you can register on the Virus Bulletin site (http://www.virusbtn.com/) to gain access to summary data.
This is the last issue of Security UPDATE for 2007. I hope you all have pleasant holidays, and I'll be back next week to kick off 2008 with some New Year's revelations.