Tests Expose Internet Security Suites Failures To Protect Against Exploits
Danish security notification firm Secunia is urging security suites vendors to rethink how their products are designed, moving away from “ineffective signature-based detection” to a smarter form of defense. According to Secunia, internet security suites do little to protect users against online exploits.
Secunia tested 12 suites (which include firewall, anti-malware and anti-spam functions) against a range of 300 exploits targeting vulnerabilities in various high-profile programs. Even though it blocked only 64 out of 300 exploits, Symantec’s Norton Internet Security 2009 came out best from the test, detecting almost ten times more exploits than its nearest competitor. Security suites from the likes of Kaspersky, Check Point, Microsoft, AVG and McAfee all failed this test.
Security product bundles are marketed as comprehensive Internet Security Suites, leaving the impression that the user is fully protected against internet threats. Secunia’s tests suggest the products fail to do what they say on the tin. Symantec has recently begun introducing behavior-based detection, which helps to explain why its software did the best of a bad bunch.
Thomas Kristensen, chief technology officer at Secunia, said that the shortcomings of security suites combined with the fact users rarely keep systems fully patched made a recipe for trouble. “While we did suspect that the popular security vendors would score quite poorly in detecting exploits, the extremely low detection rate took us by surprise and this really begs the question: Does the customer get their money’s worth?”
Computer users therefore need to keep up to date with patches in order to have any hope of withstand hacking attacks. Secunia’s free Personal Software Inspector (PSI)* and the similar functionality within Kaspersky Internet Security 2009 make it easier to keep up to date with patching.
Graham Cluley, senior technology consultant at Sophos, which focuses on the corporate market and did not take part in the tests, agreed that applying patches was important. “There’s no such thing as a perfect security suite, but security software reduces threats and people shouldn’t come away from these tests with the conclusion that they these products are ineffective.”
Secunia said its tests illustrated the shortcomings of signature-based security suites. Generic detection of exploits would be a better approach because what triggers a vulnerability (unlike the payload of an attack) doesn’t alter, Kristensen pointed out.
An anti-virus expert whose firm’s products were not involved in the tests said Secunia’s approach only tested against one aspect of how security suites protect consumers, and were therefore potentially misleading.
More on CyberInsecure:
Posts
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.