Your antivirus software, according to this new report from Cyveillance.
Look at that chart! Chances are very good that if you have antivirus software running on your computer, it comes from one of the companies listed there. Where’s Norton? Sorry cowboy, Norton is made by Symantec.
These results are atrocious. Would you use your browser if two out of three times that you clicked on a link it took you to the wrong page? Would you buy a car that only started every third time? OK, I actually owned a car like that in my younger days, but I digress.
And you know what’s worse? Pretty soon now, these companies will be asking you to cough up another chunk of your hard-earned cash so that you can continue to be “protected” in 2010.
It’s been obvious for some time that trying to make the internet safe by trying to secure end-user computers (also called the end-point) is a losing proposition. Let’s face it – most people don’t care about securing their computers. Today’s end-user doesn’t want to be bothered with the never-ending cycle of updates and patches. For these people, the computer is an appliance that gets them to email, IM, Facebook, Twitter or what-have-you. Long gone are the days where every user was, to some degree, a computer hobbyist who enjoyed daily tinkering with his/her computer to ensure it ran correctly.
Much like it was with the battle against spam, it’s time to take the battle against malware off of end-user machines and closer to the bad actors.
[...] This post was mentioned on Twitter by Umbra Data. Umbra Data said: Your antivirus program sucks! http://is.gd/3BXOP #antivirus #malware [...]
Of course, AV detection criteria is a bad metric — we all acknowledge that.
More interesting is when other “assistive” technologies are in the mix, and match “real world” testing, as in the latest NSS Labs testing of security suites with reputation services enabled.
http://www.computerworld.com/s/article/9138346/AV_tests_find_that_reputation_really_does_count
Let’s put things in proper perspective.
Cheers,
- ferg
Ferg,
What perspective is that?
While the NSS Labs test that the Computerworld article refers to was not funded by a client, isn’t it curious that googling “NSS Labs” “Trend Micro” returns over 6,000 results? Do any of these results paint Trend Micro in a bad light?
It would appear that some portion of NSS’s business is to produce “reports” that are funded by clients or at least that’s what NSS Labs says they do on their web site @ http://nsslabs.com/services
The most severe malware vulnerabilities – the ones that get people unwittingly sucked into botnets – will exist on sites that have only recently come into existence, containing newly-minted malware. It would be very interesting to see how old the sites were that NSS tested.
The Cyveillance report referenced in my post goes on to evaluate McAfee Site Advisor and Norton Safe Web. For all phishing emails that Cyveillance saw Jan-Jun 2009, McAfee caught only 43.1% of phishing attempts when the attacks were first detected. That number improved to 52.3% after 24 hours, but that’s a far cry from the NSS report which says that McAfee caught 81.6% of the 3000 site sample that they used in their test. The numbers for Norton are even more alarming. Norton Safe Web caught 4.4% of all phishing attempts when first detected and 5% after 24 hours. Yet the NSS report claims that Norton identified 81.8% of their 3000 sites used in the test.
It would be very interesting to read what methodology NSS used for their testing. Unfortunately, the link proved in the Computerworld article you reference does not seem to point to any test.
Clearly, something doesn’t add up.
Look it.
Don’t believe things at face value — that’s a good policy, and I subscribe to it.
But to presume that there is some AV conspiracy here is… ludicrous.
I’ve personally poured many hours, intelligence, and sweat into making Trend Micro’s reputaaltion services viable, functional, and superior.
Let’s not be drawn into issues of FUD.
Cheers,
- ferg
Neither test should be taken at face value? Where was a conspiracy mentioned?
It’s nice to know that people are working hard at making anti-malware solutions. It would be nicer still if a) testing methodologies were disclosed and b) it were possible to openly discuss wildly different test results about the efficacy of anti-malware solutions.
Finally, something still doesn’t add up.