Advertisement
Promo

Security threats Toolkit in association with http://ad.doubleclick.net/clk;214682528;14505427;f?http://uk.blackberry.com/ataglance/security/

Global security vendors fail malware test

Tom Espiner ZDNet.co.uk

Published: 08 Jun 2007 12:24 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Antivirus software from three global vendors has failed a major series of malware tests, the VB100.

Products from Kaspersky, Grisoft, and F-Secure all failed to detect 100 percent of the in-the-wild malware signatures in the database of testers Virus Bulletin, although each company has passed before.

Of the 37 products submitted for testing, 10 failed to demonstrate the detection abilities required for VB100 certification.

Kaspersky Anti-Virus 6.0.2.621 failed to detect a network worm called allaple. According to Kaspersky's senior technology consultant David Emm, Kaspersky first added a signature for the worm in February. At the time of the test, Kaspersky was "optimising" its allaple signature, and the signature wasn't in the Kaspersky database, Emm explained.

Kaspersky said it is confident that no customers running its security suite were affected at the time of the test, because the security suite includes a firewall, behavioural analysis and heuristics, and the product was tested in a manner that precluded behavioural analysis. "That doesn't help in our disappointment at not passing the test, but at least we know our customers weren't affected," said Emm.

Grisoft AVG 7.5 Professional Edition also failed the VB100. AVG is a popular free anti-malware application, which has widespread use.

Larry Bridwell, global security strategist for Grisoft, said that the part of its anti-malware application, AVG 7.5 Professional Edition, that detects signatures had failed to detect one of the W32 agobot Trojan variants, but that the anti-spyware part of the product had picked it up. "Testing is on-access, at the hardware level, which is scanned," Bridwell told ZDNet.co.uk. "When [AVG 7.5 Professional Edition] was tested, we picked up the bot on the spyware side, which is on-demand [the program has to start to be executed before it is halted]. We should have detected it on-access."

Bridwell said the company had no record of any support calls that would suggest customers had been affected, but that Grisoft was "disappointed" with the test result. "We're absolutely disappointed. VB100 has shown itself to be the premier review test. However, while we all hate to come in second, no-one should determine the quality of a product on a single test," said Bridwell.

Like Kaspersky's antivirus, F-Secure's Protection Service for Customers (7.00 build 387) failed to detect allaple. The company said it had made a mistake in not submitting the latest updates with its product for testing. "The product submitted for the test did not include the latest updates," F-Secure said in a statement. "It was tested offline and therefore did not benefit from automatic updates. In a normal end-user environment the databases would have been automatically updated and the customer protected."

Microsoft's consumer antivirus product OneCare and its business anti-malware offering ForeFront received certification. Last year OneCare failed the VB100 test, while earlier this year the product quarantined and even deleted some Outlook files. Arno Edelmann, a senior Microsoft security manager, told ZDNet.co.uk that OneCare had "bits and pieces" missing from the code, and had failed to interact with Microsoft Server products.

Virus Bulletin's technical consultant John Hawes said, "It's never good news when a product fails to detect a significant threat, even if only for a short period of time. Any window of vulnerability, no matter how small, is sufficient for a user to be infected. Computer users deserve better than to see a patchy performance from their security vendors."

"Security companies voluntarily send in their products for testing and certifying, and I am constantly amazed — especially in this age of hourly updates — by the number of products that fail to come up to the certification standards," Hawes added. "All anti-malware products should be able to pass our tests if they are to provide users with a valuable service."

Virus Bulletin carries out the tests on Windows XP.

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
42 out of 46 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

Dutch 2nd Level Desktop Support

Directeur Informatique Bilingue DSI - Senior IT Infrastructure Manager CTO

Graduate IT Support Trainee

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Nasa hacker petition presented to Numb...

Sting's wife Trudie Styler and Janis Sharp have presented a petition to Number 10 calling for Nasa hacker Gary McKinnon not to be extradited to the US. Styler, and Sharp, who is... More

Post a comment

UK to appoint cyber-sec tsar?

The UK is to appoint a cyber security tsar along the lines of the US, according to a story in the Telegraph this morning. The story is similar to one that appeared in the Guardian... More

Post a comment

Nokia Siemens denies Iran web snoop

Nokia Siemens has denied providing deep packet inspection capabilities to the Iranian authorities, following an article in the Wall Street Journal on Monday. The WSJ published the... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters