“Antivirus isn't dead--it's growing up” plus 2 more |
| Antivirus isn't dead--it's growing up Posted: 08 Sep 2010 04:55 AM PDT We've been hearing it for years: antivirus software is dead. But is it really? If so, it seems to have more lives than Richard Nixon. Rather than being the industry's swan song, mobile devices could be its redemption opportunity. The antivirus industry is in major transition as threats have evolved from being just the viruses and worms written to exploit holes in Windows that plagued computers in the 1990s to the exploits that target vulnerabilities in Web applications and end user gullibility today. Many consumers fork over at least $40 for Norton AntiVirus or something similar, many more are turning to free antivirus from AVG or Avast (here's why), and yet millions of computers are still getting hit with infections daily. While no antivirus software is perfect, the perception that AV often isn't doing a good enough job is backed by studies. Recent benchmark tests pegged the average detection rate among major antivirus products at about 75 percent. (In one test, three out of 10 products stopped all of the original exploits, but the vendors are not named. However, the tests are to be taken with a grain of salt given the variances in testing standards.) Antispyware and antispam have become standard in most AV, or antimalware, products as vendors have expanded their software into endpoint protection suites. And many have begun placing as much emphasis on heuristic technologies that look at the behavior or reputation of a piece of software as well as matching it to a database of malware signatures. But malware writers are adept at testing their code against the antivirus software and tweaking it until it passes through undetected. As an alternative, some people are turning to whitelisting technologies that allow only approved programs to run on a computer. Whitelisting is akin to the closed environment of the iPhone where Apple vets every app and is largely effective in protecting the devices, said Gartner analyst John Pescatore. (Bruce Schneier discusses the problems with whitelisting in his essay from last year on the state of the antivirus industry.) "Antivirus in the e-mail server does a lot of good things...(but) antivirus on people's desktops is almost totally ineffective," Pescatore said. "The antiviral model has been broken for quite a while." With the fast rise of smartphones and new electronics like iPads, the big challenge for antivirus companies is how best to protect those devices. It's obvious the traditional antivirus software model won't work, in large part because handheld devices have limited processing power, memory and storage, said Rebecca Bace, chief executive of Infidel, a security consultancy. That's where the cloud comes in, she said. "There is market demand from the consumer that this will be rolled in as part of the service," Bace said. "This is part of the utilization of network access; something you expect a provider to offer. When I sign up with Verizon, to a degree I'll have the expectation that they'll handle all the security stuff." Pescatore has a similar view of the future of mobile security. "In the smartphone world, the answer will not be putting antivirus clients on every phone," said Pescatore. "The answer will be (malware) filtering by cellular carriers...Everything that goes on the phone has to go through the carrier." Clearly, the antivirus space is grappling with how to move to mobile, said Hugh Thompson, who serves as chair of the RSA Conference and is founder of consultancy People Security and an adjunct professor of software security at Columbia University. "The challenge for antivirus is how to adapt to new devices, how to allow users to make better choices around what they're doing, and from a business perspective it's coming down to the cloud--what does antivirus mean in the cloud?," he said. "Those three points will define AV over the next two to three years." Mobile is likely a big reason behind Intel's $7.6 billion acquisition of McAfee, according to Thompson. "For Intel to buy McAfee, they can build some synergies there so that when the chip is released they will have an antivirus solution that supports the chipset and the platforms that come on it," he said. In general, a big part of the problem for people today is the fact that they are putting so much of their lives on the Web and they don't realize that that data, albeit in numerous different Web sites and sources, can be easily used to trick them into accepting malware with open arms. Sites like Facebook, LinkedIn, and Twitter have expanded peoples' circles of friends and acquaintances exponentially and that can be used to advantage in personalized attacks. Antivirus will eventually have to defend against social engineering attacks as well as malware, Thompson said. For instance, an e-mail coming from someone claiming that they met you at an event a few months back and you have a friend in common is more likely to be trusted than one with a generic reference like "LOL is this you?" with a link that appears to lead to a video. "In the future, an antivirus product will go out and analyze the information and say this is the data that is out there on the Web, this could be a legitimate person, but it will make you aware that you are connected to this person on LinkedIn and you tweeted about a meeting five months ago," Thompson said. "That context sensitive level of threat information is going to be really important in the future." "It's a fascinating time for AV," he said. "Rumors of its death have been greatly exaggerated over the last few years." This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read our FAQ page at fivefilters.org/content-only/faq.php |
| Posted: 08 Sep 2010 05:21 AM PDT Specifications
Whether you love it or hate it, you know the Norton name. Symantec has been in the business so long it must be tough to come up with a new version each year, right? Well, you wouldn't know it looking at Norton AntiVirus 2011 ($39.99 direct). The product's appearance continues to evolve, and it includes some interesting new features. It scored very well in my tests, though not always at the very top. Installs in Minutes More than half of my malware-infested test systems requested a reboot soon after installation to finish removing active threats. When Norton wouldn't start correctly on one system, the One Click Support screen appeared automatically with a recommendation to fix the problem; it worked. A full scan of my standard clean system took almost 50 minutes, twice as long as the average. However, by first running an application ratings scan to identify known good programs I cut the scan time down to barely over two minutes—that's fast! Normally this scan for known good programs would happen automatically during idle time. New in the 2011 edition, the Norton Insight Network window displays up-to-the-minute statistics on how many files have been identified as good or bad using input from the Norton community. Along the same lines, the new reputation scan examines all files on your disk and reports on three significant stats: trust level, age, and prevalence. Older and more widespread files are naturally considered safer than very new or very uncommon files. High Scores from the Labs Both AV-Comparatives and AV-Test ran special real-world tests last year. In the dynamic test by AV-Comparatives only Norton and Kaspersky Internet Security 2010 ($79.95, Just this August, AV-Test evaluated a collection of security products and rated them on ease of use, success at repairing malware infestations, and overall protection. Kaspersky, Norton and Panda Internet Security 2010 ($49.95, Thorough Malware Cleanup At the bottom of the results screen there's a little note: "If you think there are still risks, click here." Doing so takes you to the download page for Norton Power Eraser. This tool performs a more aggressive scan than Norton AntiVirus alone. That means it can remove more threats, but there's also a chance it will flag a valid file as malicious. Symantec points out that any false positives will be uncommon files, since Norton Insight whitelists known good files that are widely used. For testing, though, I just used Norton AntiVirus without piling on Norton Power Eraser. Norton detected 89 percent of the assorted threats, matching Panda Antivirus Pro 2011 ($50.95, Norton detected 78 percent of the scareware (rogue antivirus) threats. Four other products detected more, but Norton's removal was very effective. With 7.8 points, it came very close to the top scareware removers Ad-Aware Pro Internet Security 8.3 ($29.95, In a separate test using commercial keyloggers in place of malware Norton again scored well but not at the top. It detected 86 percent of the threats while Webroot AntiVirus with Spy Sweeper 2011 ($39.95, Both the malware and keylogger collections include samples that use devious rootkit techniques to hide from detection. Spyware Doctor, Webroot, and three other products detected every single one of the rootkit samples; Spyware Doctor scored 9.0 points and Webroot 8.0. With 89 percent and 7.7 points, Norton is definitely in the winner's circle but not quite at the top. For details on how I test malware removal and derive these scores, see How We Test Anti-Malware.
Norton does a great job cleaning up malware; in particular, it's very thorough at removing what it finds. While other products scored higher in specific categories, Norton took the overall prize. This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read our FAQ page at fivefilters.org/content-only/faq.php |
| Trend Micro Titanium Antivirus + 2011 Posted: 08 Sep 2010 10:21 AM PDT Specifications
Trend Micro's new Titanium line of security products aren't meant to be seen. They aim to protect you silently, without confusing queries or unnecessary notifications. Users of Trend Micro Titanium Antivirus + 2011 ($39.95 direct; $59.95 for three licenses) never need to see the main console after its initial appearance at installation. That makes perfect sense given that three quarters of Trend Micro's users self-identify as not technically skilled. Focus groups found that users want an antivirus product that does its job without ever bothering them. The point of the Titanium product line is to stay light and unobtrusive yet provide complete protection. It succeeds in the first of those two goals. Living in the Present In a recent meeting with Symantec, I encountered figures supporting Trend Micro's findings. Symantec's analysts point out that widespread, world-girdling threats are now extremely uncommon. On average, a unique malware variant infects just ten computers, while the median number of users affected by a given variant is exactly one. There are many approaches to handling the constant stream of new virus variants. Some vendors use malware signatures that are "fuzzy" enough to catch a family of related threats. Some use heuristic techniques that analyze program code and recognize patterns common to malware. Some devise elaborate behavior analysis schemes. Many use all three approaches, in addition to traditional antivirus signatures. Trend Micro's antivirus uses elements of all these approaches and relies strongly on support from their cloud-based malware detection system. In a bold move to keep the product fast and light, they've chose to focus entirely on threats that are active right now. They're aware this means they won't score well on "wild list" tests that use threats of all ages. Even my own samples are several months old. As my test results confirm, this is too old for detection by Trend Micro's in-the-present focus. Easy Install, Unusual Interface Initialization of security drivers can add to the time required for booting up a computer. Trend Micro works to minimize this by offering three load options. In the extra security mode, the app loads all drivers immediately. In the extra performance mode it waits until after the system has started. By default, it runs in balanced mode, loading some drives immediately and some later. Even so, I found that the user interface wouldn't open for a minute or two after startup—but that's something the average user won't notice. That user interface is well-designed and easy to use (for the most part) and it uses Aero-style transparency even when running under Windows XP. A graphical security report displays protective activity over the last month, with an option to view a full log. That log window illustrates the one big problem with Trend Micro's interface. It lists filenames, malware names, and such in a columnar display whose columns can't be resized. As a result, almost every filename gets cut seriously short, so there's no way to scan the list. Sure, many users never open this page, but those who do should get a chance to see all of the information it offers. Otherwise, why offer it? Ineffective Malware Cleanup AV-Test and AV-Comparatives have both performed special dynamic tests that challenge a dozen or more security products to protect test systems against the very latest threats. Trend Micro should excel in these tests; I look forward to seeing the results of the next round. Trend Micro scanned quickly—about 20 minutes on my standard clean system—but didn't find much. Each of my infested test systems has three or four malware or keylogger samples installed, but the scan reported nothing on five of those systems. Those threats it found on other test systems weren't cleaned up thoroughly; several were still running after alleged removal. Trend Micro's detection rate and overall malware removal score are the lowest I've seen. It detected 26 percent of the threats and pulled in just 1.7 out of 10 possible points. It also achieved a new low for removal of scareware (rogue security software)—2.4 points. In a separate test using commercial keyloggers, it detected half the samples, but, due to incomplete removal, it got just 2.8 points. When it came to rootkit samples from both the malware and keylogger collections, the app detected 44 percent and scored 1.3 points. What was I to make of these scores? To be fair, Trend Micro did warn me that the product wouldn't perform well against even slightly older threats, given their focus on the threat of the moment. But this seemed extreme. I pointed out to my contacts that some users might have been suffering malware problems for months before purchasing Trend Micro. I asked if there are any settings or tweaks that would make the product do a better job of cleanup. My contacts suggested that a user could run the Trend Micro Diagnostic Toolkit and submit the resulting logs for analysis. I rejected that path for two reasons. First, the user wouldn't necessarily know that any problem exists. Second, I'm testing the antivirus product, not the manual analysis skills of the techs in the back room. Tech support noted that the option to "automatically delete files that show any sign of a threat" is turned off by default and advised turning it on. They also offered a Registry tweak to lower the threshold for an "intensive scan." By default, this extra-deep scan kicks in after the product encounters 100 malware traces; I reset it to 1. Doing so was tough, as the antivirus protects its own Registry entries from change. I had to disable it, tweak the Registry setting, and enable it again. That's something no normal user would do, but I wanted to give the app another shot, so I tried it. The results were a total disappointment. Even after the configuration changes, five of the test systems still reported no malware at all. The keylogger, rootkit, and scareware scores didn't change, and the overall malware detection rate and score remained the lowest ever, at 31 percent and 2.1 points. For details on how I test malware removal and derive these scores, see How We Test Anti-malware.
The takeaway here is that if there's any possibility that your computer has an existing malware problem, don't expect Trend Micro to fix it for you. This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read our FAQ page at fivefilters.org/content-only/faq.php |
) received an ADVANCED+ rating. AV-Test challenged a dozen security products to protect test systems from real-world current threats over a period of two months. Norton detected the most threats, but 
) shared the top score, with 5 or 5.5 points in each category.
). However, Norton was significantly more effective than the other two at removing what it found. It cleaned up almost every trace for nearly half of the threats it found and achieved a malware removal score of 7.9, the highest yet with my current malware collection.
) and 
| You are subscribed to email updates from Yahoo! News Search Results for antivirus To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
0 comments:
Post a Comment