Test of 16 Anti-Virus Products Says None Rates "Very Good" 344
An anonymous reader writes "AV-Comparative recently released the results of a malware removal test in which they evaluated 16 anti-virus software solutions. The test focused only on the malware removal/cleaning capabilities, therefore all the samples used were ones that the tested anti-virus products were able to detect. The main question was if the products were able to successfully remove malware from an already infected/compromised system. None of the products performed at a level of 'very good' in malware removal or removal of leftovers, based on those 10 samples."
Sign of the times... (Score:3, Interesting)
Despite this being Slashdot, when I first saw the headline about "anti-virus" products, I immediately thought "stuff like Tamiflu".
No Joke (Score:5, Interesting)
It used to be that the virus got a hold of the system, maybe did a little damage or had a little fun. Sometimes it was pretty funny. Such as screwing with the mouse.
Then things started to get a little more serious. The virus would insinuate itself into the system folder and maybe IE. They stated doing tasks. Thus rose the botnets.
Then it became big business for people. The spreading of spam and fake anti-virus (that wanted you to purchase the "full version" so that you'd get rid of the virus they said you had) was the order of the day. They started blocking access to the run box, the task manager, and sites that might be able to help you (online virus scanners). They started killing the AV programs. They also replaced the explorer.exe and iexplore.exe files. Hell, they even go after Firefox, Chorme, and Opera.
They really get their hooks into in and don't want to let go because it means money. Big money. So I'm not surprised that AV programs are having a tough time getting rid of them. It hasn't been kiddies out for fun for a long time. Now it's all about professional programmers out to make an ill gotten buck.
Re:Security... (Score:4, Interesting)
Here's another analogy for you: don't rely on the police to catch the robbers. Use houses with locks on them and learn how to use it.
Re:No Joke (Score:5, Interesting)
Ain't that the truth.
The kicker? Most of the infections I deal with on a regular basis are coming from AD BANNERS. I have literally had people get a brand new machine, sit down at it, open IE8 and browse to one of the major sports news sites (ESPN, TSN, MLB, NFL, etc.) and get IMMEDIATELY infected by a banner ad!
There are few things worse than giving someone a brand new machine, and before you've even been able to get back to your cube and sit down your BB is buzzing and you are being told to get back there because they have a virus! ARGH!
Honestly, it's gotten so bad that with most of the fake AV viruses we just freaking wipe the stupid PC immediately. Format and re-image and done. It's faster and easier.
Re:if mearly loading a website compromises my (Score:3, Interesting)
Re:Security... (Score:3, Interesting)
it's certainly appropriate to debate the effectiveness of these methods
I completely agree, but some people seem to think security software is going to prevent anything from happening to their computer. I don't think a seat belt, crumple zones etc are going to prevent anything from happening to me regardless of what I do. Or for that matter what another driver does. Why should I refuse to learn anything about using a computer?
Re:Security... (Score:3, Interesting)
Using it right now. It found a suspected trojan in my half life 1 install. It looked like a false positive, but who knows. I quarantined the file anyways. It was for opposing force. Anyone else have this detection? What was interesting was that it said it listed it as active. I was kind of surprised by this. Since I long lost my half life cds, it was a pirated copy, but usually they embed trojans in the installer exe or the cracked exe, which all tested out to be fine. Security essentials seems pretty good though and is relatively lightweight. I agree that it is about time that microsoft starts getting a lot more serious about security and vista/win7 and now this seems like steps in a good direction.
Re:Security... (Score:4, Interesting)
It's not a question of being or not being totally effective, you can make that argument from any direction and arrive at the same answer. No product is 100% effective. It looks like this review was just saying that none of the products tested met their expectations.
So that either means that their expectations were unreasonable, or all the tested products stink.
Or a combination of the two. That's where my money is. Regardless of topic, security is best handled from the inside, where your footing is solid and attacks only come from one direction. Problem is, the inside is not secure. At that point you require extraordinary external security, which either means you need to be very good at it yourself, or you have to find someone that's top-notch to make up for the problem. It's no surprise that so many of these products didn't fair well, they're defending the castle while standing outside the walls. And since you're already starting out with a handicap and are going against experts and people motivated by money, if you want the job done right, you're best to do it yourself. The human element of unpredictability along with knowing what's safe and what's not safe is the best defense, not software. If you're a computer noob, there simply isn't a "very good" solution, as this review basically concludes.
Re:Sign of the times... (Score:4, Interesting)
They took 16 flu shots from companies that produce flu products, and used several flu strains that all companies advertise their products for (influenza C, H1N1, H1N2, H3N1, H3N2, and H2N3). The study focused on creating the necessary antibodies and 'cleaning the system' from the flu. Unfortunately, none of them rated 'very good'.
If you have a dark sense of humor, read on.
399234 test subjects were used, and 4735 deaths recorded.
Re:Security... (Score:3, Interesting)
Unless things have changed since I took the test to get a driver's license it doesn't ask how often you should change the oil in your car. But somehow most (not all) people figure that out. There are however still people who ignore their check engine light until their car dies and there will always be people who run shady software no matter how many times you make them enter in a password. Education is still important.
I use Windows and Linux and I trash them both because I know how to fix it. I don't know much about my car so I change my oil when the speedometer matches the number on the little sticker on my windshield and get maintenance when the manual says to.
Too sum up, all of the education and safegaurds in the world will not prevent sheer stupidity. However, education and safeguards are still worthwhile pursuits. There is an area between expert and completely ignorant.
Re:Security... (Score:3, Interesting)
It's really not. If other houses on your street don't bother with locks, a lock is all you need unless you have a dedicated adversary.
Re:No Joke (Score:3, Interesting)
Don't be so sure -- there have been plenty of cases the last few years with major websites being duped into pushing out malware.
For eample, the New York Times pushed out trojans recently: http://www.scmagazineus.com/New-York-Times-inadvertently-sold-ad-space-to-hackers/article/148990/ [scmagazineus.com]
Another one (a little longer back) revolved around
http://www.dailykos.com/story/2006/1/1/235748/4675 [dailykos.com]
Now, hey may not have done so intentionally, but plenty of big, mainstream websites have indeed been caught unwittingly pushing out trojans and malware over the last few years. It's really not that far-fetched. These are just two examples, there have been plenty more over the years.
Re:Security... (Score:5, Interesting)
The trouble is when you invite a guest into your house, there is no guest room that _you_ can easily use, so you have to invite him into your personal room. The design of the house is such that you cannot usefully interact with the guest while the guest is in a different room from you.
This means he has full access to your personal room. The geeks who don't understand the real world will say "Ah, but OS XYZ is secure because the "maintenance personnel only" room is locked and unaccessible". But who the fuck cares? You keep most of your stuff and valuables in your personal room! Insurance can take care of recreating the maintenance room stuff - not hard since the stuff in there is the same for every house of that model. They'll never be able recreate your personal documents.
This is changing a bit with Vista and Windows 7, but it's still not good enough IMO. As for Linux, I don't see much help with what I'm talking about for the average desktop user yet. Apparmor is not "desktop ready" yet, and SELinux is barely even ready for average admins.
This test of AV products is like inviting a crook/spy into your whole house, closing your eyes and letting him mess it up (plant bugs if he wants etc), and then get someone to try to clean everything up and restore stuff back to what it was.
Yes it can be done in many cases. But it's foolish to expect the clean up to be 100% in all cases.
If you really want to do that, you use a special house. Then you invite the crook into that special house. Then when he's done, you press a button and the house reverts back to its original state.
Re:Security... (Score:4, Interesting)
>If the person doesn't use the tape measure properly, and saws the wood too short, there isn't any magic that can fix the problem.
Use the other end of the piece of wood?
Worked for me many times :o)
"Measure twice, cut once"
Test results are not exactly meaningful (Score:2, Interesting)
It was nice to see how various products did on the simple tests. However, several serious mistakes were made in the test methodology.
First, 10 virus samples for the test cannot give a statistically meaningful result. At least 31 different samples are necessary, as people who have had testing statistics and quality control education would know.
Second, and even worse, the tests were not performed under real world conditions. No system has ever been shown to have only one infection in the real world. The testing should have included detection / removal on systems with all malware installed. This is what real world users see.
Third, the "cleaned" systems should have been retested to see if infection would repeat under supposedly "cleaned" conditions. If the registry entries blocked reinfection (I seriously doubt it), then that would be seen. This would not have been a valid complaint if they had not brought it up in their article. (courtroom trial rules)
Fourth, with the anti-malware product running and protection fully enabled, would any of the malware be blocked from installing, or even downloading? This would not be a valid complaint if they only chose products which have no preventative methods (firewall, sandbox operation). Products which do not ahve adequate protective behavior are worse than worthless to the public, as they would have the idea that they are safe when using the product. That is the whole purpose of these products, to make the user believe he is in some way safe. But he is seriously not safe.
Fifth, using only non-damaging malware samples is also unrealistic. Performance against damaging malware is very important, and was untested. Performance against one small, safe, variety of malware does not indicate anything about the anti-malware product's usefulness to the public.
Sheesh, I could probably go on for a while, but I give up. We have surpassed the three strikes rule quite a bit already. This post is just an advertisement for AV-Comparative. Did someone get paid for this post? They should have.
Comment removed (Score:3, Interesting)