back to article Security vendors cry foul over exploit tests

Anti-malware vendors have launched a counter-attack on a study questioning the effectiveness of internet security suites, suggesting that the methodology in tests carried out by vulnerability notification firm Secunia was fundamentally flawed. As previously reported, Secunia tested a selection of 12 internet security suites …


This topic is closed for new posts.

Like testing ABS brakes by pushing a car over a cliff

Except thats exactly what an attacker will be trying to do...

Anonymous Coward

If you are only going to employ one

anti-virus defence then updating is the one.

Beyond patches that is the one that tends to buy you the most time.

Though you know, that is only true currently, there could be an attack vector based on that principle, so defence in depth is a better proposition.

And there is no way the security vendors can win, the market for security is much smaller than the market for compromise.

Now if the security companies were to fire their project managers and make it more lucrative for people to switch sides who knows.

Crackers do it without management :)

Thumb Down

Straw Man

>Kristensen responded: "It seems quite odd that the AV-vendors are so busy claiming that they can detect literally anything malicious when executed."

[ citation needed ]


The Freebie PSI-Secunia Product

Actually works fairly well if you want to find out which of your installed apps is outdated for patches. It runs too often in my opinion though, 1x/24hr should be enough but I understand why they run more often.

Many people don't see the elephant in the room-- when your application is auto-updated, how do you know the auto update is valid? Eh? Crack one update path to millions of copies of one app and you would be the instant hairy chested king of the bot herders!

Silver badge

System security

First line of defense: BKAC

Second: Stateful firewall

Third: Secure-by-design OS

Forth: Up-to-date patches

Fifth: BKAC

Anti-malware products are bandaids on broken systems ... Seriously, think about it ... if the malware can get itself loaded onto the machine in question, that's half the badguy's battle ... and trust me, if a scanner can scan the malware, it's already on the system.

Anonymous Coward

Both sides have valid responses

But to be totally sure, just blocks ports 1024 through 65535, I could almost guaratee that would prevent just about all hacking attempts, however it would not stop route kits, such as Windows or Linux or maybe any other O Ring system.


Re: Like testing ABS brakes by pushing a car over a cliff

Yup, more like testing ABS brakes by pressing the pedal on a dodgy surface.

If attacking a machine protected by a 'security suite' isn't a fair test of the software's efficacy, what is?

Anonymous Coward

Research shows...

that av software is actually more like a seatbelt. Seatbelts save lives no-one disputes that, ut as I understand it this guy is trying to say that seatbelts do not make you invincible on the road. He's showed that when two cars are rammed into each other at 100mph then the drivers will DIE, seatbelt or not. Sooo... just as you won't drive recklessly at a 100mph (or 70 for that matter) just 'cause you have a seatbelt on you wouldn't do the equivalent with a pc on the interwebz just 'cause you have av software.

Gold badge
Gates Horns

@Johan Hartman

To take your fine analogy a shade further, if your PC is a car and your AV software is a seatbelt, does this mean that Windows is 8 pints of wifebeater?


You expect people to do what?

Approx 30% of all net browsers make my live miserable on a daily basis by continuing to use IE6.

If people can't even keep the most basic and regularly attacked internet application up to date, what hope do we have that we can trust them to keep the rest of their machine 'secure' through updates?


Stupid tests give worthless results

After reading the Panda blog, what Securina did was write a bunch of exploits and see if they were found using existing signatures. Securina did not actually run their own exploits!!!

If you want to test behavior blocking, then the exploit needs to be run. It is all too easy to change the signature of something, especially if it is hand-written machine language.


re: Stupid tests give worthless results

If you can only detect an exploit when it runs (and not when it turns up in something), why the FUCK is it running all the time???


antivirus is worse then a virus....

Using anti virus products is like driving with your foot on the brakes, just in case you might have an accident you will already be half stopped.

Think about all the time and wasted CPU/HDD/RAM used to protect you from something that is fairly unlikely to get you. The only way to get a virus really is from going to dodgey pr0n sites or downloading dodgey applications or opening a dodgey email attachment.

You are much better off patching your system and not employing any active aggressive security system. Be smarter in your habits and reduce the chances of getting infected.

Stop viruses at the gateway/router, install a simple linux router (smoothwall or similar) and offload all that crap from your computer.

Personally i rather have a virus once every 3 years and reinstall then 3 years of slow computing...


@antivirus is worse then a virus - no, it isn't, that's meaningless hyperbole.

>"Using anti virus products is like driving with your foot on the brakes,"

Or you might compare it to sticking within the speed limit, so that you know your stopping distance is less than the visible distance ahead.

Or you might compare it to having sex with a condom on, to avoid catching a disease.

Or then again, you might just not bother with the stupid and inaccurate metaphors altogether.

>"Think about all the time and wasted CPU/HDD/RAM "

WTF? About 7% cpu or something - and that's only /during/ file access. A few megabytes here and there, when DRAM and HDD space are trivially cheap.

>"You are much better off patching your system and not employing any active aggressive security system."

Right, so you think that patching your system protects you against viruses? You're an idiot. Patching your system protects you against EXPLOITS. Viruses are just plain old executables, and most of them do /not/ get into your system by breaking in.

>"install a simple linux router (smoothwall or similar) "

THINK about what you're saying. You complain about wasting a few cpu cycles and some ram and disk storage - and your so-called solution is to buy a whole new machine? You really need to put down the crack-pipe, because that DOES NOT MAKE SENSE!

>"i rather have a virus once every 3 years and reinstall then 3 years of slow computing"

Well, I'd rather just use a decent AV software that doesn't slow down my computer, but then I'm not an idiot with a chip on my shoulder.

IT Angle

Fools Gold

...catching a disease.

- Or like not having sex with that infected person? Being a little more careful, right?

-- How many viruses do you get in a single day? week? month? year? tell me the truth, and how many would have infected you if you were a bit more careful?

...trivially cheap.

- HDD overhead, not usage

-- So its ok to read a file twice? every file/directory you open, scan scan..? breaking in.

Nice misquote there, I said; you cannot get a virus (99.999999%) of the time without some user action, "press OK, YES INSTALL", I suggested that you are better off being careful/smart about what you click on then be a fool and let you AV pre-click everything for you.


I am saying; If you still want to be protected, you are better off using an old PC as a firewall/gateway. Plus you will learn something.

..chip on my shoulder.

You tell me the AV that you use that isn’t slowing your computer down? I find that a hard to believe statement. As inherently you will get some overhead.

Do you agree with the following statement?

"You are better off having a locally installed and always on antivirus suit on you computer. Instead of a fully patched system (free to patch), with a locally available, non intrusive antivirus system (CLAMwin( also free)) and a firewall/gateway/proxy (again free) with built in active scanning and protection / filtering +many more features?(also free)"

My point is that installing AV on your computer is not the most efficient use of your CPU/HDD/RAM, I am saying you gain almost nothing by having an intrusive, aggressive and heavy application. I do agree that using another computer just for security may seem to be OTT but that fact remains that you are better off stopping viruses at the gateway then on your PC.

Running a computer with no AV is like getting a new computer.

Feel free to use AV, feel free to pay (one way or another).

This topic is closed for new posts.