Testing reveals security software often misses new malware

Research from NSS Labs show that security software vendors take an average of two days to block a new malicious Web site

New research has further confirmed the difficulties security software companies are having keeping up with an explosion in malicious software programs on the Internet.

Security software from major vendors can take an average of two days to block a Web site designed to attack a computer visiting it, according to the latest report from NSS Labs, which tested security software suites against fresh malware released on the Internet.

"The magnitude of these findings should be noting short of an alarming wake-up call for the security industry," according to the report.

NSS Labs does independent security software testing. Unlike many other testing companies, it does not accept money for vendors for performing the tests, a stance that the company's president Rick Moy says results in more accurate evaluations.

NSS Labs developed a test that mimics how average people browse the Web, finding potentially malicious Web sites and then visiting them with a Web browser. They then record how and when -- or if at all -- security software block the threats. The latest test was run 24 hours a day for nine days.

"We've done testing like the bad guys do," Moy said. "If you're not testing like the bad guys, what's the point? We go out to the live Internet and find out what is circulating on malicious campaigns in real time."

Enterprises are most at threat from fresh customized malware. Security companies share malware samples, but if no company sees or detects the malware, it could quietly circulate and potentially infect machines, stealing data. Even if it is undetected for a short period of time, it still is enough a window to infect a corporate network. As many as 50,000 new malicious programs are detected every day.

NSS Labs has chosen to reveal the worst-performing vendors of the 10 products they tested. NSS Labs puts the suites in three categories: "recommend," which means a product performed well and should be used in an enterprise; "neutral," which means a product performed reasonably well and should continued to be used if it is already in use; and "caution," which means the product had poor test results and organizations using it should review their security posture.

NSS Labs rated AVG's Internet Security Business Edition and Panda Security's Internet Security as "caution." The full results are contained in NSS Labs' report, "Endpoint Protection Products Group Test Report, Socially-Engineered Malware," which costs US$495. Also covered in the report are Eset, F-Secure, Kaspersky, McAfee, Norman, Sophos, Symantec, Trend Micro.

Some security software vendors employ reputation systems in order to detect a malicious Web site, which usually involves checking a database of blacklisted Web sites. Those systems, however, are not widely used and are immature, NSS Labs said. Overall, it took vendors an average of 45.8 hours to block a site, if it was blocked at all, according to the report.

If a software suite did not block a bad Web site the first time, they continued to test the site against the software every eight hours to see how long it took a vendor to add protection. Times ranged from 4.62 hours for the best performing vendor to 71.01 hours for AVG and 92.48 hours for Panda.

Block rates varied depending on how long the malicious Web site has been active. The researchers have a "zero-hour" criteria where it checks whether the software can stop newly found sites. The results aren't great. The best vendor was able to block new sites only 60.6 percent of the time. At the bottom end, AVG, Panda and Eset's software could do that less than 44 percent of time.

Moy said security companies could make vast improvements in their ability to detect brand-new malware. For consumers and enterprises, buying the brand that takes out the largest ad space doesn't necessarily equate to better security, he said.

Up to one-third of security software contracts change hands every year. "Enterprises are definitely dissatisfied with the protection," Moy said. "They're looking around."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaresoftwareNSS Labs

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Essentials

Brother MFC-L3745CDW Colour Laser Multifunction

Learn more >

Mobile

Exec

Sony WH-1000XM4 Wireless Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?