This kind of new attack - what cyber-researchers used a "zero day" exploit - tests the limits of the anti-virus scanning software, the ability to not only filter previously unrecognized infections but also in competition with the cutting edge of cyber-fraudsters innovation. And for consumers, but it is the right choice of PC protection software harder than ever before.
The best performer in the company tests? Two names that most Americans have never heard of: the German company and the Slovak company ESET Avira. And the rankings, cyber analysts say can only think so much about the industry's growing pains, as they do on the two companies the ability to clean up your hard drive.
In pictures: Grading 10 Antivirus Vendors
Video: Goodbye antivirus, hello whitelisting
Avira in Tettnang, Germany, AV-Comparatives' label as the overall best antivirus product of 2008 on the basis of their ability, more malicious files from hard drives as big name competitors such as Symantec, McAfee and Microsoft move in less time and with less influence on PC performance.
In the latest AV-Comparatives tests last month, for example, Avira found about two-thirds of previously undetected malware - collected over a period of four weeks - installed on the machines scanned. ESET NOD32 is the program found 51%. Symantec and Microsoft, by comparison, found only 44% of the samples, while McAfee detection rate was below 30%.
Andreas Clementi, AV-Comparatives' Chief Executive Founder, chalks has to apparent superiority Avira to the fact that it has a smaller user base than their larger competitors, it can be faster pipe from new virus watch lists for users without a massive network. "Symantec, for example, is used by many millions more people around the world," said Clementi. "Smaller companies can more quickly release the updates from Symantec has to be careful.. If it triggered a false alarm, it would be much harder for the millions of users to create"
However AV-Comparatives' top ranking for Avira is not the last word in anti-virus vendor rankings. In fact, means the development of malicious software to measure the effectiveness of anti-virus vendors is more complicated than ever.
In its quarterly cyber-showdown, AV Comparatives uses 50 1.5-terabyte hard drives with a single set of newly collected from malicious software "bait" computers all over the world filled.
In half the tests, it pits antivirus software against malware detected earlier and measures the software's ability to successfully deliver these large disks. Have collected in the other half, it "freezes" waiting for a version of anti-virus software, a month without updating it and test against all the malware testers this month. This technique has been developed to the anti-virus' ability to find previously undiscovered race check of malicious code.
But even in these sophisticated tests, AV-Comparatives is not possible to measure the latest features of anti-malware programs, protests, Symantec senior director of product management, Dave Cole. The next generation of malware detection, he argues, is "behavior-based" detection, which filters out bad files to a large extent, how they act in the course of time after they are installed on your PC basis - not just their looks in the moment of a scan.
"We know it was bad because it was used" the bumpy Trojan, "Cole says." Now we know there is something bad, because it uses the keyboard, sends the data to China. "
Another test last September by a German antivirus analysis company called AV-Test, however, the behavior-based scanning features are included. AV-Test, in fact, gave Symantec Top Marks for the kind of "proactive" scan that Cole describes. Avira, but fared even worse.
The actual winners, it turns out may be ESET, placed near the top of the two AV-Comparatives and AV-Test "proactive" scan tests. The company, whose anti-virus software, serving more than 70 million users largely in Russia and the United States, said her secret is "heuristics," the ability to detect statistically a familiar piece of malware in a new form.
"Viruses are constantly today. They are like wolves in sheep's clothing," says Jeff Brosse, ESET's Director of North American research. "Recognizing that the malware is where we distinguish ourselves."
ESET began on heuristics, long before other anti-virus companies said John Hawes, a researcher with the British Security analysis online newsletter Virus Bulletin, and it was the false alarms that most of heuristic tests to avoid plague. "You have a good balance between strong heuristics and false positives," he says. Hawes' own tests to ensure the other two: he says that has the 16-year-old company was located on the newsletter of the VB100 certification list more frequently than any other company.
But the real result of the two tests can show how become outdated signature-based detection of malware. The fact that Avira could outperform competitors and to capture only two out of three new types of malware, says security expert, blogger and consultant Rich Mogull, shows that no real behavior-based detection, cyber security can not keep up.
In fact, he says the real key to victory is not malware, antivirus approaches, like Firefox but no-script plug-in, the web pages blocked the execution of potentially malicious programs. Mogull also supported software platforms such as Windows Vista or Google Chrome, the "sandbox" applications or limit access to computer resources. "You give applications a very small, safe place to play," he says.
Until these kinds of safety features have become commonplace, the explosion of different races means malware antivirus companies are fighting a losing battle, says Mogull. "The tests can show which of these work better, but they are all far from perfect," he says. "The truth is, it does not really matter which one is better. The bad guys will scoot around each of them."
No comments:
Post a Comment