Many big-name anti-virus products failed to secure Windows 2000 in recent independent tests. Seventeen out of 32 products tested - including packages from Trend Micro, Kaspersky, Norman and Sophos - failed to reach the standard required for VB100 certification. A total of 13 products failed to spot threats known to be …
We use McAfee - one of the Windows boxen got trojaned and McAfee came up clean. You could tell it was trojaned by the strange network traffic but also the multi-gigabyte italian porn DVDs hidden in the recycle bin along with some tools to test the bandwidth of the internet connection.
I tested some suspect files on a known clean machine with totally up to date definitions, and nothing. Sent them to McAfee for analysis and they sent a patch out to catch them identifying it as a trojan. I found quite a few bits and pieces that were malware but McAfee was giving the green light.
All tests based on the WildList are flawed
While Virus Bulletin is one of the better AV testing outfits, any testing that is based on the WildList is fundamentally flawed. (VB's tests are broader than that, but even in them detection of the WL viruses is the most important part.)
Despite its name, the WildList bears absolutely no resemblance with what is really out there. See my paper
for description of some of the problems that are plaguing the WildList.
What were the results for AVG?
AVG's results are there:
AVG -> PASS
Forget AV products
Train the the people to not wantonly click everything. Works better.
Except for people that shouldn't be trusted with anything important.
Why test only with 2000 ?
There must be some logic in that choice, but I would have thought XP was probably the most prevalent windows OS.
How about Norton
Got the award EVERY TIME since May 1998. Not missed a single "In the Wild" virus, nor generated any false positives.
Had it for 2 years, now i'll stop. I got linux instead. I'll still recommend it to anyone who asks, though.
Plus, TINY memory footprint, and BLAZINGLY fast scan engine. Best AV product i've ever seen.
WildList is next to useless in protection test
Vesselin is right.
For customer protection test, Wildlist is just about useless.
The key problem in WildList is that it does not contain trojans, only stuff that replicates one way or another.
And as most of todays new malware are trojans WildList does not give any kind of indication how well particular AV can detect the stuff that people are getting to their systems.
Out of curiosity I checked todays AV updates and well over 80% or new detections were Trojans, Trojan-downloaders or backdoors.
Re: Why test only with 2000 ?
When they do a batch they compare the offerings on the same platform - in this case they will did 2000, back in August they did XP - it at least gives a level playing field in that all AV is running on same platform
Stone Fox asked about Symantec (Norton).... Last time they failed this test was September 1999.
No Avast!, none of the open source antivirus programs... and yet a bunch of antivirus I have never heard of.. this is less than useful.
Symantec (Norton) AV... of course it does a good job of crushing viruses and other nasties... After you've installed Norton AV your system has no memory, CPU time or anything else left to run viruses so, like magic, you're protected.
I find the results hard to believe
First, that sorry McAfee and sorrier Norton passed is beyond belief. I've used Trend Micro for years and it has saved my rear end. I have customers who use Norton and McAfee and their computer is riddled with malware. If Norton is still working at all.
I think this is a case of lab performance and not real-world performance. Apparently Norton and McAfee are like the "practice players", they do good in a lab but poor when it counts the most.
What about the...
Oh wait a minute. I don't run a cycle-hogging, always updating, spend-for-it-year-after-year anti-virus package.
As far as is known there are no live viruses in the wild to catch!
At least not for me...
Running a Leopard in Alaska
(Not tryin to start a flame war, just makin a comment wondering why everyone puts up with such a virus laden experience.)
Its really not that bad unless you do stupid things
I know people who go 4 years without any hint of a virus, simply because they don't visit risky sites, pirate software, open attachments ...
One of those people has a new boyfriend and suddenly two virus infections in 3 days. He has a mac at home.
Apparently when a mac user is told he needs to download a software player to view porn files, the player doesn't work.
So guess what he did the first time he got his hands on a Windows PC.
Mage: If user education was ever going to work - don't you think that it would have worked by now?! For every moron you manage to train, hundreds of new ones appear. :-( The average user has the intelligence of a chimp - and I'm probably offending the chimps; they can be pretty smart sometimes.
Stone Fox: Norton passed: http://www.virusbtn.com/vb100/archive/results?vendor=VE4 But remember what I told you - *any* test results based on the WildList are pretty much meaningless.
Ash: Without commenting on the quality of NOD32, I must stress again that *any* AV test results based on WildList detection are flawed. An AV program might be good - but passing such a test is no proof of that and vice versa.
Dave Morris: The Avast! results are there: http://www.virusbtn.com/vb100/archive/results?vendor=VE9 You folks really should learn the names of the companies that make your favorite AV products. :-) As far as the open source ones (like ClamAV) - they are total crap. They haven't been tested, because their authors *know* how crappy they are and that they will fail even such mediocre tests and *refuse* to submit them to VB for testing. Remember, VB tests only products submitted to them for testing by their producers - not just any random AV products of VB's choice.
Wade Burchette: McAfee's product is quite good, actually. But you're right to doubt the results in general. Let me stress it again - *any* AV test results that are based on the WildList are flawed and bear no resemblance with the real quality of the products tested.
John Boyarsky: There's plenty of malware in-the-wild for your beloved Mac. For instance, just recently several Mac sites were plagued by a Trojan horse - it's the one that David Wilkinson is referring to:
VB100 subscription required
In The Register article it is mentioned that the information source at www.virusbtn.com needs only free registration. When I registered it turned out that I also needed a subscription of 150 $ per year.
"simply because they don't visit risky sites, pirate software, open attachments ..."
Agree 100%, no risky sites on my PC either.
Anytime I have to visit a site I consider "risky", it gets done in a virtual environment. That way, if the worst happens, I can close the virtual PC and copy/paste a backup hard drive image file which fixes the problem in seconds.
There is no such thing as safe site
>Anytime I have to visit a site I consider "risky", it gets done in a virtual environment. That way, if the worst happens, I can close the virtual PC and copy/paste a backup hard drive image file which fixes the problem in seconds.
Unfortunately there is no such thing as safe site.
Almost all sites run advertisements from one of the big banner ad companies (or whatever you want to call doubleclick).
@ Vesselin Bontchev, Doctor "Whole Economies" returns
Now there's a name I haven't seen in "the wild" for a long time. Weren't you predicting that "whole economies" would get destroyed by computer viruses in "5-10 years" five years ago?
I'm still waiting.
And, yes, I have to agree: Any tests based on "the wildlist" are flawed. But not for the reasons you may believe. Win2K could catch all of the things in the list before the fact, after all... if you let it.
@Jarno - safe site
No such thing as a safe site? Over 2 billion web sites, and all at risk? I don't think my bank website is (I mean theirs, not a phished one). My web site at home, on my own server seems pretty safe right now. El Reg is usually ok... ibm.com is pretty good too.... shall I go on?
@Wade Burchette - Norton
"I think this is a case of lab performance and not real-world performance. Apparently Norton and McAfee are like the "practice players", they do good in a lab but poor when it counts the most."
Agreed - I've lost count of the number of PCs I've encountered with Norton Internet Security loaded (and set to update automatically) yet riddled with viruses and other malware - and not an alert in site. Combine that with the way it reduces all but the latest PCs to a crawl (how about >5 minutes to boot? Less than 1 once Norton was removed) and I'm beginning to think Norton's a nasty joke someone's playing on unsuspecting PC users.
@Phil Rigby - safe site
Unfortunately Jarno is right, there really is no such thing as a safe site. Many of the most recent successful exploits have been based on malicious iframes inserted into innocent, and what most people would believe to be "safe" sites. Try googling (although Google results aren't so safe either) "iframe" and "Bank of India", "The Italian Job" or even "Superbowl".
The only anti virus vendors that people should be considering are those that offer real-time, in-the-cloud, categorisation of sites based on some kind of reputation database instead of relying solely on definition files that are, by necessity, behind the game.
Trend Micro for example may have failed the Wild List test. But I would bet my shirt that the all-round protection they offer with their Web Reputation services far exceeds the competition.
@Rik - Safe Sites
There are such things as safe sites. You cannot possibly tell me with a straight face that every possible site on the net I visit could be/has been compromised. Fair enough, there is a slight possibility that maybe a site could possibly maybe have been ha><or3rd at some point, but to blanket-cover all the net and say that is simply wrong.
Part of these security issues you allude to is down to SysAdmins not knowing how to secure Apache. Or IIS. (But IIS and security in the same sentence...)
I'm not going to go down the Windows -v- Linux -v- Mac route, but in the 4 years I've been on Linux I've never had a virus. Yes I go to warez sites, porn sites and P2P (hell I am a guy after all) but I don't worry about it. I don't have to. I use fake email accounts, anonymizers and an OS that (so far) can't be easily exploited by malicious code that I inadvertently download.
Bottom line is, if you must use Windows, get AVG or Sophos installed and a decent malware package and you'll be ok. If you switch to Linux/Mac, you won't need to worry about it for a couple of years more.