LONDON, 18 JUNE 2010 - New research has further confirmed the difficulties security software companies are having keeping up with an explosion in malicious software programs on the Internet.
Security software from major vendors can take an average of two days to block a Web site designed to attack a computer visiting it, according to the latest report from NSS Labs, which tested security software suites against fresh malware released on the Internet.
"The magnitude of these findings should be noting short of an alarming wake-up call for the security industry," according to the report.
NSS Labs does independent security software testing. Unlike many other testing companies, it does not accept money for vendors for performing the tests, a stance that the company's president Rick Moy says results in more accurate evaluations.
NSS Labs developed a test that mimics how average people browse the Web, finding potentially malicious Web sites and then visiting them with a Web browser. They then record how and when -- or if at all -- security software block the threats. The latest test was run 24 hours a day for nine days.
"We've done testing like the bad guys do," Moy said. "If you're not testing like the bad guys, what's the point? We go out to the live Internet and find out what is circulating on malicious campaigns in real time."
Enterprises are most at threat from fresh customized malware. Security companies share malware samples, but if no company sees or detects the malware, it could quietly circulate and potentially infect machines, stealing data. Even if it is undetected for a short period of time, it still is enough a window to infect a corporate network. As many as 50,000 new malicious programs are detected every day.
NSS Labs has chosen to reveal the worst-performing vendors of the 10 products they tested. NSS Labs puts the suites in three categories: "recommend," which means a product performed well and should be used in an enterprise; "neutral," which means a product performed reasonably well and should continued to be used if it is already in use; and "caution," which means the product had poor test results and organizations using it should review their security posture.
NSS Labs rated AVG's Internet Security Business Edition and Panda Security's Internet Security as "caution." The full results are contained in NSS Labs' report, "Endpoint Protection Products Group Test Report, Socially-Engineered Malware," which costs US$495. Also covered in the report are Eset, F-Secure, Kaspersky, McAfee, Norman, Sophos, Symantec, Trend Micro.
Some security software vendors employ reputation systems in order to detect a malicious Web site, which usually involves checking a database of blacklisted Web sites. Those systems, however, are not widely used and are immature, NSS Labs said. Overall, it took vendors an average of 45.8 hours to block a site, if it was blocked at all, according to the report.
Sign up for Computerworld eNewsletters.