Secunia exploits security suites flaws

A new report (PDF) from Secunia is raising awareness about the need to patch vulnerabilities and block malware from desktops.

The report found that "security vendors do not focus on vulnerabilities." And while Symantec Norton Internet Security 2009 bests the 11 other suites tested, Secunia found that Symantec "detected a mere 64 out of 300 exploits, or less than one-fourth, leaving 236 exploits undetected." Overall the dozen products all received an "F" on the report.

The Secunia test departed from the traditional testing done by organizations such as AV-test.org and AV-comparatives.org, which use collections of malware to demonstrate the on-demand and heuristic capabilities of the security products. Secunia used exploits--not viruses and worms--to demonstrate the need for users to patch vulnerabilities as well as have a good firewall, antivirus, and other anti-malware protection. The company said exploits are what criminals are most likely to use these days, and faulted the tested security vendors who said their products could protect against any threat.

Secunia did single out one product, Kaspersky Internet Security, as providing a vulnerability scanner, yet Kaspersky also did poorly on the test.

But Alex Eckelberry of Sunbelt Software criticized Secunia's report as being a "useless test." And others, too, have criticized the metholodgy used.

There is a move within the security industry to standardize malware testing. The newly formed Anti-Malware Testing Standards Organization states that there is a "global need for improvement in the objectivity, quality, and relevance of anti-malware testing methodologies." The group is currently soliciting opinions on two papers, one for testing best practices and the other for fundamental principals for malware testing.

[goodspeed8701]

This is a good reason why i dont use anti virus on my vista.

[skrubol]

I don't on my gaming machine either. I just have to remember to be careful where I go on that machine, and always pass downloads through another machine.
Windows Updates + Common sense > Antivirus

[malynj]

They appear to have only tested the consumer versions of antivirus products. There are vendors who sell HostIPS products on the corporate side, as well as other behavior monitoring/blocking programs, that would be a better fit for this test. AV is primarily signature detection only by nature. HostIPS and other behavior programs would be the area of software that is intended to protect against known exploits regardless of signature detection. AV vendors should begin including HostIPS type technology in their products, but currently the vendors sell these as separate standalong products. If the goal of this testing was to change the nature of the features bundled with AV products, they should have included the HostIPS-type products in the tests, then shown that these products should be bundled together with the AV products to better protect the consumer.

[eiverson]

Secunia rightly points out that signature-based-ONLY defenses are inadequate in a world where malware-makers are increasingly altering the signatures of their wares systematically. More here on that:

http://www.securitynowblog.com/endpoint_security/secunia_report_signature-based_antivirus_misses_most_unknown_malware

As for host intrusion prevention system (HIPS) products being the answer. I would caution people to consider that the medicine can be as bad as the illness it seeks to prevent. Its very important that one balance usability and security when considering answers.