Secunia exploits security suites flaws
A nontraditional test using exploits instead of malware shows that traditional security suites fail.
A new report (PDF) from Secunia is raising awareness about the need to patch vulnerabilities and block malware from desktops.
The report found that "security vendors do not focus on vulnerabilities." And while Symantec Norton Internet Security 2009 bests the 11 other suites tested, Secunia found that Symantec "detected a mere 64 out of 300 exploits, or less than one-fourth, leaving 236 exploits undetected." Overall the dozen products all received an "F" on the report.
The Secunia test departed from the traditional testing done by organizations such as AV-test.org and AV-comparatives.org, which use collections of malware to demonstrate the on-demand and heuristic capabilities of the security products. Secunia used exploits--not viruses and worms--to demonstrate the need for users to patch vulnerabilities as well as have a good firewall, antivirus, and other anti-malware protection. The company said exploits are what criminals are most likely to use these days, and faulted the tested security vendors who said their products could protect against any threat.
Secunia did single out one product, Kaspersky Internet Security, as providing a vulnerability scanner, yet Kaspersky also did poorly on the test.
There is a move within the security industry to standardize malware testing. The newly formed Anti-Malware Testing Standards Organization states that there is a "global need for improvement in the objectivity, quality, and relevance of anti-malware testing methodologies." The group is currently soliciting opinions on two papers, one for testing best practices and the other for fundamental principals for malware testing.