Anti-virus is a Poor Substitute for Common Sense

[safeguy]

Anti-virus is a Poor Substitute for Common Sense

A new study about the (in)efficacy of anti-virus software in detecting the latest malware threats is a much-needed reminder that staying safe online is more about using your head than finding the right mix or brand of security software.

Last week, security software testing firm NSS Labs completed another controversial test of how the major anti-virus products fared in detecting malware pushed by malicious Web sites: Most of the products took an average of more than 45 hours — nearly two days — to detect the latest threats.

The two graphs below show the performance of the commercial versions of 10 top anti-virus products. NSS permitted the publication of these graphics without the legend showing how to track the performance of each product, in part because they are selling this information, but also because — as NSS President Rick Moy told me — they don’t want to become an advertisement for any one anti-virus company.



That’s fine with me because my feeling is that while products that come out on top in these tests may change from month to month, the basic takeaway for users should not: If you’re depending on your anti-virus product to save you from an ill-advised decision — such as opening an attachment in an e-mail you weren’t expecting, installing random video codecs from third-party sites, or downloading executable files from peer-to-peer file sharing networks — you’re playing Russian Roulette with your computer.



Some in the anti-virus industry have taken issue with NSS’s tests because the company refuses to show whether it is adhering to emerging industry standards for testing security products. The Anti-Malware Testing Standards Organization (AMTSO), a cantankerous coalition of security companies, anti-virus vendors and researchers, have cobbled together a series of best practices designed to set baseline methods for ranking the effectiveness of security software. The guidelines are meant in part to eliminate biases in testing, such as regional differences in anti-virus products and the relative age of the malware threats that they detect.

NSS was a member of the AMTSO until last fall, when the company parted ways with the group. NSS’s Moy said the standards focus on fairness to the anti-virus vendors at the expense of showing how well these products actually perform in real world tests.

“We test at zero hour, and we have a huge funnel where we subject all of the [anti-virus] vendors to the same malicious URLs at the same time,” Moy said. “Generally, the other industry tests are testing days weeks and months after malware samples have been on the Internet.”

David Harley, an AMTSO board member and director of malware intelligence for NOD32 maker ESET, didn’t quibble with the core findings in the NSS report, but rather what he called the lack of transparency in NSS’s testing methodology.

“My quarrel with NSS is that they’re trying to quantify that Product A is better than Product B on the basis of an uncertain methodology,” Harley said. “I’m not quarreling with the proposition that the industry misses a lot of malware. That’s incontrovertible, when every day we’re dealing with close to 100,000 new malware samples. In fact, that sort of level of detection that NSS is talking about — 50 to 60 percent right out of the gate — sounds realistic to me.”

For all of its hand-wringing about results from outside testing firms, the anti-virus testing labs are starting to move in the direction of more real-time testing, said Alfred Huger, vice president of engineering at upstart anti-virus firm Immunet.

“People have to understand that anti-virus is more like a seatbelt than an armored car: It might help you in an accident, but it might not,” Huger said. “There are some things you can do to make sure you don’t get into an accident in the first place, and those are the places to focus, because things get dicey real quick when today’s malware gets past the outside defenses and onto the desktop.”

Article and images courtesy of Krebs on Security

I under-lined those lines which I find interesting...and I applause Alfred Huger for saying that...although (off-topic) I must question his team's decision to include Ask toolbar with Immunet Free (and which got me totally annoyed)

[LunarWolf]

I just found out that a lot of people don't have common sense and even a tiny knowledge on the dangers of the internet. (my teachers).

[leofelix]

Interesting indeed.
In my Country when facing such cases we are used to say "He discovered the hot water"
It means that there is nothing new.
and common sense ain't so common

[hellnoire]

I just found out that a lot of people don't have common sense and even a tiny knowledge on the dangers of the internet. (my teachers).

Why do you think I'll be making a Java app that tries to test and teach people about common sense computer practices next year? (assuming I'm doing Java in school, that is)

[Boyfriend]

Anti-virus is not Substitute for Common Sense, but complimentary to it. Always use some sort of anti-virus protection for good opinion about unknown files. If anyone surf few clean predetermined sites only, then common sense is more than enough, if he keep all installed software + windows updated.

[safeguy]

I guess the message is clear among the few of us here but there are still many out there who simply haven't get it yet...

Anyway, I'm curious as to know what the products A to J are...such a big gap for what is termed as "the commercial versions of 10 top anti-virus product"...I find that the NSS tests are really interesting...even though they "are selling this information" and "they don’t want to become an advertisement for any one anti-virus company", I think they ought to inform the rest of us at least as to which 2-3 products were at the bottom...

[sujay]

People have to understand that anti-virus is more like a seatbelt than an armored car: It might help you in an accident, but it might not,

Best part..
And safeguy Immunet teal ultimately have removed the Ask Toolbar..

[safeguy]

I know sujay..I've read about it...but the fact remains the same...their decision to include it previously was just plain stupid...whether they like to hear it or not. And claming it off as a 'bug' in some installers where the user has no choice at all...how convincing could that be? Perhaps they're speaking the truth but how many would believe them unless of course, you are a loyal supporter or fanboy.