Testing Free English Anti-Malware On Non-English Threats 78
An anonymous reader writes "Brazilian technology news site O Globo posted an interesting comparison on how free anti-malware behaves against non-English threats (Google translation of Portuguese original). By using a database of over 3000 samples from Brazil's Security Incident Contact Center, the numbers are quite different from all US anti-malware reviews. While Avira achieved the best score, 78%, Microsoft Security Essentials stopped less than 14%. This can be a headache for some large multinational corporations, whose IT departments deploy US anti-malware on the entire network, but have network segments outside US with many 'unknown' threats roaming around. I wonder what the results would be in other countries."
Wait... (Score:1)
So it can be as simple as getting your malware translated into another language?
What about (Score:3)
Re: (Score:3)
In my experience, the vendor makes more difference than whether you get the paid or free version.
Generally the free version is for home use only, whereas the paid version is for commercial use and comes with support.
However, some vendors offer more frequent updates with the paid versions than with the free versions. This might play a role here, but probably not; chances are the location of the R&D lab and the language spoken by the virus submitters makes a larger difference.
Re: (Score:2)
Still, some vendors get left out entirely. I use ESET. Since they don't have a free version, they weren't included. I'd like to know how they measure up, though... hell, whoever's testing could just install their 30-day trial and not even have to buy it.
Re: (Score:2)
But ... it's a fairly safe assumption that the people doing the study were doing it for some commercial purpose (even it were only trapping of advertising victim's eyeball-seconds). So that would render them ineligible for most non-commercial-use versions of most software that I've read the EULAs for (yes, someone does read the damned things, even if incompletely and inconsistently ; [Henry 6 P2, A4S2, get it said and
Re: (Score:1, Insightful)
A free program that uninstalls your OS is a virus, not a security program.
You are hilarious though, don't let anyone tell you otherwise.
Re: (Score:1)
fixed that for you
Re: (Score:1)
Actually no it isn't, but nice try.
A virus needs some sort of self-replicating mechanism - if it simply disabled the host OS then it would basically kill itself. I'd categorize it as malware if it didn't announce that it was going to trash my OS, but it's no more than that.
Re:They don't even remove the biggest US threat (Score:5, Interesting)
Actually the installer for OS/2 (warp iirc) would do a virus scan before installing and would come up with the messge
"windows found, remove: (y/y)?"
so someone at IBM shares your sense of humor... or maybe it was you?
Re: (Score:2)
What if it saves all your data to the cloud (best encryption), uninstalls your broken OS, installs a better OS, ports all your settings and themes over (as close as possible, given proprietary format angst) and then presents you with a better deal overall?
What sort of definition would one give to that sort of virus, Vir.Benev.BashScript? ;-)
SB
Re: (Score:2)
I believe Secunia is calling this one antifoidulous.pebkac.2011A.
Re: (Score:3)
Devil's advocate here:
I beg to differ, especially with Windows 7. Windows has its issues, but its security features are on par with everyone else.
The problem oftentimes is with the third party developers which don't allow the OS to enforce DEP, much less ASLR. Heck, Microsoft was accused of acting like a tyrant because they decided to force programs to have a separate user/admin priv model, just like every other mainstream OS out there.
Of course, Windows has problems, but saying it is fundamentally insecu
Re: (Score:2)
Security "features" of a typical desktop OS is not what makes it secure -- it's what annoys the user while pretending to make the computer less vulnerable. UAC and antivirus are "security features", and so are Window Firewall, ACLs, etc.
What makes OS secure is secure design and lack of vulnerabilities, Windows has none of that and never will.
Re: (Score:2)
Agreed. There are "features" which constitute little more than security theater, like the annoying firewalls of times past.
However, there are true security features that operating systems must have.
UAC can be debated. In reality, UAC is a good thing, although how MS got a patent on a "graphical sudo" is beyond me.
There are features that are needed, and not theater though. A couple:
1: Filesystem encryption, either file by file like AIX's EFS, Window's EFS, EncFS/FUSE, raw image level like TrueCrypt, LUKS
Re: (Score:2)
UAC can be debated. In reality, UAC is a good thing, although how MS got a patent on a "graphical sudo" is beyond me.
It may be a "good thing" for Microsoft, considering what a disaster it was before and what a slightly lesser disaster it is with that. In reality, when security is concerned, "if you have to ask, the answer is no". Please note that Linux desktops mostly moved from sudo to PolicyKit, and use password prompts not to verify if potentially security-breaking operation is started by an authorized user but to check if the user really wants to perform an administrative operation, so he won't just press OK. I expect
Re: (Score:2)
Heck, Microsoft was accused of acting like a tyrant because they decided to force programs to have a separate user/admin priv model, just like every other mainstream OS out there.>
They started that back in about '95. By Vista, they'd given up asking nicely. It was as bad as the MS-DOS tricks that continued until XP came out.
Re: (Score:2)
No centralised update system, you can only update ms stuff centrally, third party apps are left out in the cold.
no, in an enterprise setting you can setup your own WSUS server and you can push msi centrally. And you can create your own msi to update application like firefox.
Most of your arguments are outdated; you are resorting to FUD just like ms did between 1998-2008
please mod me down I suffer from ADD today (Score:2)
please mod me down I suffer from ADD today, I did not read the part about nessus and WSUS....
Re: (Score:2)
Yes, windows is fundamentally insecure.
WPAD, UPNP, and Shatter attacks. End of story. Microsoft happily releases patch after patch to hide the most apparent symptoms, but the disease continues merrily along.
Interesting... (Score:5, Interesting)
What does surprise me, though, about these results, is that they suggest a fairly high level of geographic discrimination in the customization and targeting of malware. My (naive) expectation would have been that, aside from trivial stuff like trying to get the language of your spam/phishing/social engineering emails correct, the market for good exploits, well-crafted viruses, and so forth would be a fairly global one. Also, given that some malware attempts to propagate itself, rather than being delivered by a bugged website or other external mechanism, I would expect a fair amount of "splash" from malware spreading to any vulnerable hosts it can find, not bothering with any sort of geolocation, or from expats who live in country A, but still visit websites from home country B.
I would have expected a much more homogeneous(from the perspective of the mechanics of the exploit mechanism, evasion techniques, and payload) worldwide population of malware.
Re: (Score:2)
Re: (Score:2)
Most malware does not spread by looking for vulnerable hosts. Ever since they turned on the firewall by default in Windows XP and especially now that most people have routers with a built in firewall that technique has long been abandoned.
Instead most viruses use some social engineering to spread. Fake emails sent to contacts of the infected user, free crapware downloads, browser exploits and so on.
These kinds of tests are not that useful when evaluating AV software. The focus is on prevention of infection
Blacklisting is a losing battle (Score:2)
This only proves what people have been saying since day 1: fighting malware via blacklisting is a losing battle.
Eventually some company will come up with a business plan which is the opposite: if you are interested to run an application, you can pay them to do a security review on it. If the company worked on a "we do the review once $X dollars have been raised" basis, popular applications would be reviewed for small change per user, and niche applications would be expensive to have reviewed.
Unfortunately,
Re: (Score:2)
uh, something like an "app store", perhaps?
Re: (Score:2)
How about not just "app stores", but a repository system?
The OS can include the app store, a place for OS updates, and a well secured repo for F/OSS software. The updating programs can grab a list of packages, see what needs updating, then grab those via curl or wget. Further repos can be added by the user, assuming they click through a dialog that one can't just walk into Mordor, other repositories may not be trustworthy, do at own risk, etc.
Oh, of course, all install packages (RPM, MSI, installp, .deb,
Re: (Score:1)
Repositories have served the F/OSS community well for over a decade, and have proven to be historically clean (with an exception here and there, of course that gets fixed posthaste.) I just wish Apple and Microsoft would build this in, and not just "App Store or install manually" functionality.
Can you imagine how badly people would complain about Microsoft abusing their monopoly if they did any such thing?
Not to mention you forget the biggest problem...getting developers to go along. Given how many unsigned packages and programs I have, even some from relatively high profile open source groups, and well...I don't see it happening.
See, most people don't get the reason why Microsoft lets Windows be so vulnerable and even crotchety. It's not because they can't do things better, but because they ca
Re: (Score:1)
"Can you imagine how badly people would complain about Microsoft abusing their monopoly if they did any such thing?"
They could complain all they want but since other OS have this feature Microsoft would not be abusing the monopoly position in any manner. If anything they're keeping with the state of software distribution.
Re: (Score:2)
The good news is Windows 8 (from a previous /. article) is getting an "App Store". What it will be like when it gets released, who knows. However, it is a step in the right direction.
Re: (Score:2)
Re: (Score:1)
> uh, something like an "app store", perhaps?
Interesting, I hadn't thought of the relationship to that existing model.
The answer is: not really, because
Re: (Score:2)
Re: (Score:3)
This idea is so insanely bad and competition-murdering that I'm surprised Microsoft hasn't quietly spun off some security firm to make this happen.
Re: (Score:2)
I love how the default in your head is this anti-MS fantasy, yet what he describes is more or less the very real Apple app store.
Re: (Score:3)
This bears no resemblance to the Apple App Store. Apple doesn't audit for security, they audit for boobies and giving the user the ability to run software they didn't audit for boobies and take 30% of.
Re: (Score:3)
What antivirus/antimalware is good at is stopping the stuff after the first wave, and the companies get updates out. However, the blackhats know this, so they know their moneymaking is during the 0 day wave, before Patch Tuesday and the Malicious Software Removal Tool is run.
True resistance to malware requires a defense in depth philosophy, and until recently, this was not implemented in a significant fashion. For example, the usual setup of Windows XP would give Admin rights to any process by default tha
Re: (Score:3)
Re: (Score:3)
This makes me wonder about having NICs with an embedded firewall OS. Of course, this can be a target for remote flashing of malware, but this can be minimized with both signatures, and having a DIP switch that has to be physically pressed before a write to the OS can be done.
With the NIC handling the IDS/IPS capability, as well as being able to handle enterprise network configurations, the OS can be isolated and happily think it is receiving a DHCP address while in reality, an enterprise server has it on a
Re: (Score:2)
It would certainly be trivial to put a firewall on a NIC. I'd rather shrink the firewall to a dongle, though, and let it hang out of the back of the system. That shouldn't be too difficult.
Re: (Score:1)
The whole halting problem thing is largely mitigated by the fact that we only execute code pages that are marked as executable and that they're write only. I'd agree there's a whole world of "evil-code(TM)" out there though - p-code based systems that emit code on the fly. I think these are the ones you want to audit and subject to intense scrutiny. Alas there is no simple way to take a piece of code and prove that it does X and ONLY X; at least not for anything more than "Hello World!".
I think our short te
Re: (Score:1)
> their computer got nerfed and their bank account is empty and "OMGITSYOURFAULT!!1!oneone!1 ....
> the Windows model is pretty much dead outside the enterprise
Personally I don't use Windows for anything financial or for sensitive personal information, but I have a feeling that the problems with Windows which I understand you are assuming will cause consumers to stop using it will end up being "fixed" in a different way, where personal liability for the kind of losses you are talking about is limited b
Re: (Score:2)
What about the other way around? (Score:3, Interesting)
Even with such a blatant language mismatch most users simply won't notice anything wrong with their systems until it bites them really hard.
Re: (Score:2)
Yeah, it's quite hard to imagine for even 100% clueless people to fall for e-mails from Joe saying 'here... look at the funny movie attached' if they don't know a single Joe personally, and none of their friends would even think of commenting on a funny picture in english.
Re: (Score:2)
I don't know what language you speak, but a lot of software (even some commercial ones) have a half assed Hungarian localisation. So I have a lot of mixed language software on my computer.
Re: (Score:2)
A few corrections (Score:5, Informative)
O Globo is one of the biggest newspapers on the country. But it is not a technology news site as the summary implies. Although yes, this was posted on the tech area of the site, it is hardly the focus of the newspaper.
Regarding the testing itself. This is just a report on a test made by an external firm (www. clavis.com.br) which was commissioned by the site. The test focused on the quality of free antivirus only. With implications that the issue lies in the fact that they are free, not that all antivirus are plagued by these issues (I will let you decide on what was the exactly aim of the article). Besides that, the test is devoid of crucial information. The database they used is a great one, the CAIS is maintained by our best scientific network, RNP (site in English: http://www.rnp.br/en/ [www.rnp.br]), so I trust the info there. But nowhere does it say that the threats are in Portuguese.
They used a list of 3.269 threats among virus, trojan horses, spywares, keyloggers, and etc. We don't know how many of each. Before the article they praise pay security suites, because they are a suite and not an antivirus only. There is no data on these threats, nor how many of each type, how old each one was, nor how they have threats which are not on the known list of each antivirus. Much less the language of the code.
Let me repeat it: NOTHING on the test implies that antivirus have a problem with non-English threats. It only said that those antivirus had that percentage of correct matches on either Heuristics or non-threads. But we don't know the exactly content of the database or the code used to test it. Much less the quality of the test.
Again: Language was not a part of the test!!!
Re: (Score:2)
While the article follows the journalistic tradition of bad statistics reporting, your vehemence is misplaced. Maybe you work for M$ :)
Funny, but no. My vehemence is just to reiterate that they tested the "quality" of free antivirus against an unknown sample of threads. Which is completely different than what the summary tried to paint.
Re: (Score:1)
Perfect. Please move quickly to the chamber-lock, as the effects of prolonged
exposure to the button are not part of this test.
Re: (Score:2)
Not to mention, Avira is a German company, and a German product. That they provide an English localization does not make it "English Anti-Virus" software.
Mentioned antivirus (Score:2)
With implications that the issue lies in the fact that they are free, not that all antivirus are plagued by these issues (I will let you decide on what was the exactly aim of the article).
Yup.
It's strongly tuned to make reader buy commercial antivirus.
For a start, it only mentions popular commercial antiviruses which happen to have a free version. /. entry and mentionned elsewhere in this discussion), has better chance to get covered.
It does not mention the freesoftware ClamAV, for example, which could have been a nice addition. Specially because ClamAV accepts lots of community input in its database. So malware more frequent in some less marketed countries (like suggested by the
Jumping to conclusions (Score:1)
Re: (Score:3)
I don't see any multinational company doing this because of what you said (no ability to manage/audit workstations), plus the EULA would be violated as MSE is for personal/home use and defines it.
This is what Forefront is for. Forefront is essentially MSE, but it has enterprise-level features, as well as that MS advertised that a few years ago that it can deter zombie invasions. Just the fact that the undead won't be attacking the workplace alone makes Microsoft's offering worth getting on an enterprise l
Re:Jumping to conclusions (Score:5, Informative)
Comodo (Score:3)
But I would like to know whether they tested with Comodo in the "auto sandbox" setting [comodo.com]. Since the virus would run sandboxed, it should not matter what the language was.
I am thinking of switching from MSSE to Comodo, and if they tested it and it failed then Comodo would not be an option for me.
English only program behaving (Score:1)
Silence
Do you speak English?
Silence
(This time with Hand gestures and really loud) Do YOOOOOO SPEEEAAAAAAAKKKKK Englissshhhh?
One world... (Score:2)
Thanks to the Internet, there is no reason that malware written in one place cannot easily spread across the world...
anti-malware == selling rocks (Score:1)
anti-malware, about as much use as selling rocks ...
I've noticed this problem with spam (Score:2)
Not exactly the same thing, but I've been getting a lot of spam in Greek for some reason -- and I have no idea how to filter it out (I could just capture any message with a common Greek word, but it's... gibberish to me). It's clearly spam, and probably all from the same sender, because the formatting is always similar, though of course the links vary.