General discussion


This little Gem arrived today & I found it Interesting

By HAL 9000 Moderator ·
Vista anti-malware products fail virus tests Virus Bulletin tests looked at 37 different Vista-based security programs and found 17 failed, including big name products from McAfee, Sophos, and Trend Micro

It's fortunate that Vista-specific malware is still in its infancy because a new test of anti-malware products running on the platform has found that many don't work as well as they should.

The latest independent Virus Bulletin tests looked at 37 different Vista-based security programs to see which could manage to reach the level of threat detection required for VB100 Certification. Out of 37 tested, 17 failed the tests, including big-name products from McAfee, Sophos, and Trend Micro.
Before users rush to de-install Vista products from those companies, the VB100 sets an incredibly high detection bar of 100 percent of a subset of malware defined by a malware collection known as the WildList. Programs must also, using default settings, avoid false positives -- false flagging files as malware infected when they are in fact innocent.

While McAfee, Sophos, and Trend detected 99.99 percent of the WildList, other programs fell some way short of this "almost" status. Doctor Web reached only 95.21 percent, and Security Coverage PC Live managed a hopeless 84.35 percent. Microsoft's own oft-criticized Windows Live OneCare and Forefront Client Security both hit the VB100 100 percent mark.
"It is disappointing to see so many products tripping up over threats that are not even new -- computer users should be getting a better service from their AV vendors than this," said Virus Bulletin tester-in-chief John Hawes.

"With the SP1 upgrade promising a raft of improvements to performance and functionality of the platform, we are likely to see a significant upturn in the number of people installing it on their desktops, and it is therefore imperative that anti-malware vendors are able to provide solid protection on the platform," he said.

Three programs were so problematic that they couldn't, for a variety of reasons, be
made to run properly, and were ditched from the full tests, while some working products struggled to run in a stable fashion on Vista. The tests were done before the SP1 update appeared.

A few months ago, Virus Bulletin lifted the stone on Windows 2000 anti-malware performance and found a few unwelcome creepy-crawlies underneath.

But do the VB100 tests tell the whole story? As has been noted before by Techworld, they don't test programs against the best the criminal world has to throw at the average Windows install, Vista or not. The danger posed by many rootkits, Trojans, and malware based on specific and usually unpublished vulnerabilities, is all left up to conjecture. This is where a good element of today's threat comes from, but they aren't easy to package up into tests.

Thus far, Vista's defense has been the relative trickiness of programming malware for it and the fact of its slow uptake. Neither factor will protect it indefinitely.
Techworld is an InfoWorld affiliate
By John E. Dunn, Techworld April 04, 2008

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

the scary part is

by Jaqui In reply to This little Gem arrived t ...

that it's not as serious an issue

the hack fest that happened a week and a bit ago has the Macbook AIR as LESS SECURE than Vista.

Collapse -

..<NT> DP

by sleepin'dawg In reply to the scary part is
Collapse -

You can't blame anyone for being a bit paranoid about security.

by sleepin'dawg In reply to the scary part is

It's only a matter of time before someone will penetrate your systems; one way or another. Just because you're paranoid doesn't mean that someone isn't out to get you. You can talk about ethics until you're blue in the face but every now and then, someone will try to test their skills against the system, not so much out of malice but out of curiosity.

I know someday my systems will become infected. I don't lose any sleep over it because I've done my best to minimize the consequences and I take all the avilable possible precautions but, as I say, it's just a matter of time. I figure that if it can be done it will be done and like all the rest of us, I'll just have to muddle through it as best I can.

I notice your link to Paul Mah's blog. I find most of his stuff overly melodramatic alarmist and worse, usually four to six weeks, if not months, too late or out of date. Maybe it's due to his location but I do find that I'm usually already aware of most things he writes about and after a while he just becomes tedious and/or repetitive. Usually I'll give his stuff a little glance and then delete it. Haven't really learned anything new from him. In fact when I do acquire new things it's usually from people such as yourself and Col as well as a few others.

Paul Mah = Needlessly Boring Plagarist

Dawg ]:)

Collapse -


by Jaqui In reply to You can't blame anyone fo ...

I can't argue the point about Paul's normal entries.
The pwn-to-own even wasat the end of March this year, here in Vancouver. here, the tipping point origin for paul's content on the subject:

Collapse -

a Thanks to you...

by dawgit In reply to This little Gem arrived t ...

For forwarding the info. It seems that they went into the details of what is going on and not just looking for headlines. Info like that I'd like to see more often. Again, a Thanks to you Col. -d

Related Discussions

Related Forums