Global security vendors fail malware test
Published: 08 Jun 2007 12:24 BST
Antivirus software from three global vendors has failed a major series of malware tests, the VB100.
Products from Kaspersky, Grisoft, and F-Secure all failed to detect 100 percent of the in-the-wild malware signatures in the database of testers Virus Bulletin, although each company has passed before.
Of the 37 products submitted for testing, 10 failed to demonstrate the detection abilities required for VB100 certification.
Kaspersky Anti-Virus 6.0.2.621 failed to detect a network worm called allaple. According to Kaspersky's senior technology consultant David Emm, Kaspersky first added a signature for the worm in February. At the time of the test, Kaspersky was "optimising" its allaple signature, and the signature wasn't in the Kaspersky database, Emm explained.
Kaspersky said it is confident that no customers running its security suite were affected at the time of the test, because the security suite includes a firewall, behavioural analysis and heuristics, and the product was tested in a manner that precluded behavioural analysis. "That doesn't help in our disappointment at not passing the test, but at least we know our customers weren't affected," said Emm.
Grisoft AVG 7.5 Professional Edition also failed the VB100. AVG is a popular free anti-malware application, which has widespread use.
Larry Bridwell, global security strategist for Grisoft, said that the part of its anti-malware application, AVG 7.5 Professional Edition, that detects signatures had failed to detect one of the W32 agobot Trojan variants, but that the anti-spyware part of the product had picked it up. "Testing is on-access, at the hardware level, which is scanned," Bridwell told ZDNet.co.uk. "When [AVG 7.5 Professional Edition] was tested, we picked up the bot on the spyware side, which is on-demand [the program has to start to be executed before it is halted]. We should have detected it on-access."
Bridwell said the company had no record of any support calls that would suggest customers had been affected, but that Grisoft was "disappointed" with the test result. "We're absolutely disappointed. VB100 has shown itself to be the premier review test. However, while we all hate to come in second, no-one should determine the quality of a product on a single test," said Bridwell.
Like Kaspersky's antivirus, F-Secure's Protection Service for Customers (7.00 build 387) failed to detect allaple. The company said it had made a mistake in not submitting the latest updates with its product for testing. "The product submitted for the test did not include the latest updates," F-Secure said in a statement. "It was tested offline and therefore did not benefit from automatic updates. In a normal end-user environment the databases would have been automatically updated and the customer protected."
Microsoft's consumer antivirus product OneCare and its business anti-malware offering ForeFront received certification. Last year OneCare failed the VB100 test, while earlier this year the product quarantined and even deleted some Outlook files. Arno Edelmann, a senior Microsoft security manager, told ZDNet.co.uk that OneCare had "bits and pieces" missing from the code, and had failed to interact with Microsoft Server products.
Virus Bulletin's technical consultant John Hawes said, "It's never good news when a product fails to detect a significant threat, even if only for a short period of time. Any window of vulnerability, no matter how small, is sufficient for a user to be infected. Computer users deserve better than to see a patchy performance from their security vendors."
"Security companies voluntarily send in their products for testing and certifying, and I am constantly amazed — especially in this age of hourly updates — by the number of products that fail to come up to the certification standards," Hawes added. "All anti-malware products should be able to pass our tests if they are to provide users with a valuable service."
Virus Bulletin carries out the tests on Windows XP.











