Thursday, December 17, 2015

AV-Comparatives Real World Protection Test – August to November 2015

Kaspersky and BitDefender topped twenty companies in AV-Comparatives Real World Protection Test, August to November 2015. These companies finished in the top two, receiving three stars. Both had only one compromised file. Six other companies received three stars over the test period.  Eight of the twenty companies in the test received two stars. Default settings were used for all products.

Trivia question – which North America based malware company received three stars?

Four companies merit the Hall of Shame award for the period, garnering one or zero stars. From the bottom up, ThreatTrack Vipre, Lavasoft, Quick Heat and BullGuard.   Banished to a timeout corner   for being in triple digits for wrongly blocked files – Mcafee, ThreatTrack, and Lavasoft.

An informative graphic in the report depicts the range of protection over the four-month period for each product. The top products were extremely consistent, which is what you would want in a security solution.  The bottom products, less so. 

Not all results are being provided because there is no charge for the report. It can be downloaded at You can also learn more about the test methodology in the fourteen-page report.  The products tested ranged from free antivirus to internet security suites.  Kudos to AV-Comparatives for detailing some of the statistics methodologies used in compiling their report. Your eyes won’t glaze over as you read about this.

As always, the top products may not be top in terms of number of “likes” they’ve received on their respective Facebook pages.  In  the denouement, should one give more weight to independent third party testing, or a fan club?

An interesting article to read by Adam Winn at San Francisco based OPSWAT,  ( Sorry Symantec - Antivirus is Not Dead .  Today’s antivirus/malware protection utilizes more than just pattern files and heuristics.

Hall of Shame and timeout corners are not part of AV-Comparatives’ formal designations. You can learn about the organization at

The trivia question answer – none.  McAfee and Fortinet received two stars.

Sunday, December 06, 2015

McAfee Going Away as a Brand?

Will 2016 by the  year that the McAfee brand will disappear from the public consciousness, or as a SKU, anyway?  If so, it will be the end of an era that began with McAfee’s founding in 1987. 

About McAfee

Wikipedia has published  a history of McAfee. Some of the below has not made it into that history (or was edited out).

At one point in time, during its growth phase, McAfee actively sold off firms that it did not see as being among the top three in their niche.  One of their sales (when they had the Network Associates name), was the data encryption company PGP (Pretty Good Privacy) which they had originally acquired in 1997, to  some of the founders of PGP. This was probably a whoops. In  2010, Symantec purchased this company, the same year Intel acquired McAfee.

To encourage use of their desktop product, McAfee aggressively gave away trial versions (remember CD’s?) of their endpoint product, causing some of their competitors to refer to the company as “McAfree”.

In the late 1990's, Trend Micro sued McAfee (and ultimately other, for patent infringement) "We are not just in it for the royalty," said Trend Micro's general counsel Bob Lowe. "Our main goal is having the products be prevented from being sold."  Nonetheless, the suit ended with a cross-licensing agreement.

The “rumor mill” had it that one McAfee executive used to keep a firearm in his desk.

In April 2003, after purchasing Intrusion Prevention company Intruvert for $100M, the company’s repositioned itself on its website as an intrusion prevention company. In fact, Barron’s in 2005 referred to McAfee as a leader in intrusion prevention  

On January 4, 2006, the Securities and Exchange Commission filed suit against McAfee for overstating its 1998–2000 net revenue by $622 million. Without admitting any wrongdoing, McAfee simultaneously settled the complaint, and agreed to pay a $50 million penalty and rework its accounting practices.  

Several executives left McAfee in the mid 2000’s in part because of an investigation related to back dating of options. The execs were exonerated.  The  CEO resigned at this time, for other reasons, and, went outside the company for a new CEO.

On August 19, 2010, Intel announced that it would buy McAfee for $48 a share in a deal valued at $7.68 billion. There was some push back from the European Union as they felt this deal would give Intel an unfair advantage in desktop security,  but the deal did go through.

On January 6, 2014, Intel CEO Brian Krzanich announced during the Consumer Electronics Show the name change from McAfee Security to Intel Security.  He stated that the McAfee red shield logo would remain and the firm would continue to operate as a wholly owned Intel subsidiary.

On the consumer side over the years, McAfee has been battling Symantec on the paid front. Market share? Around 12th in the October OPSWAT market share report. Mixed results in AV-Comparatives testing. They haven't been tested by Virus Bulletin in several years. 

Jumping Forward to 2015

October 28, 1915- Search Cloud Security - Intel Pulls Plug on McAfee SaaS Security Products

Intel Security will stop selling McAfee SaaS Endpoint and SaaS Email Protection and Archiving. Although new sales will stop in 2016. Existing customers can continue renewing their subscription and receiving support until Jan. 11, 2019, Intel Security said in its notices. Depending on certain subscription types, limited support will be available for some services until 2021.

October 29 - 2015 Channelnomics - McAfee  Brand Will Stay for Now

McAfee as a brand still holds a lot of equity for Intel Security, Lisa Matherly, and Intel VP of worldwide partner programs, marketing & operations, told Channelnomics at Intel Security's Focus 15 event in Las Vegas. 

"There is a lot of equity in the McAfee brand and there is some association with security with the Intel brand, but not as strong as the McAfee brand," Matherly pointed out. "So that's really what we're trying to do - bridge that and introduce the Intel security brand, start associating the security there, but also leverage what we have in the McAfee brand for the product portfolio. She added that the future of the McAfee brand is uncertain now and will be driven by the market.

November 5, 2015 - Intel Security Confirms Divestiture of McAfee NGFW, Firewall Enterprise Businesses in Memo to Partners 

In a memo to partners, Intel Security confirmed its divestiture of its McAfee Next-Generation Firewall and McAfee Firewall Enterprise businesses to Raytheon/Websense

So, pieces are being sold. Other pieces are being end of lifed. Other pieces are being retained though the word "McAfee" appears to be going away. 

Other Firms to the Rescue

 Since these announcements,  Mimecast and Sophos have leapt to the rescue, offering special pricing for users of some McAfee products.

Mimecast - You need a new solution offering both similar features and a smooth migration path – without worrying about a financial burden.

Sophos Promo - We Can Help Today. McAfee retired its email security and archiving products, and now you are scrambling to find an alternative. However, we have good news. Sophos’ solutions will help you turn an annoying replacement project into an upgrade opportunity. And we can do it right now.

Hold, hold onto those McAfee CD’s, tee shirts, and trade show giveaways. It may be the end of an era but they may be worth something on eBay.

One question (beyond the scope of this piece), is whether Intel should have even purchased McAfee in 2010  years ago? They are keeping some of the components. At the time (and even currently) large companies are purchasing jumping onto the security bandwagon to strengthen their security offerings or get into the business.
Also beyond the scope of this piece is any discussion of John McAfee, McAfee’s founder,  who filed to run for president in early September!

Another discussion - worthy of it's own post, will be the future of desktop/endpoint security since pundits' views on this cross the spectrum as to the solution's viability.

Tuesday, November 10, 2015

AV Comparatives Performance Test – Impact of Security Software on System Performance Report October 2015

AV Comparatives has released their Performance Test – Impact of Security Software on System Performance Report. Nineteen products were tested. Eleven products received three stars.  The top three products were in order,  Avira, Avast, and Kaspersky.   Congrats to these three!  Products tested were a combination of free and paid, antivirus, and internet security suites.  The hall of shame award for this test  goes to Fortinet and ThreatTrack; both received one star.  Windows 10 systems were used during the test.

Note that this test doesn’t test  an ability to protect against malware. For that, you would have to look at other tests by AV-Comparatives. In a tie-breaking situation between a few products that performed equally well at stopping and removing malware, the performance test could be a tiebreaker. 

To access the and download the report:  used  the performance testing suite PC Mark 8 Professional, to measure system impact for the  test.

Monday, November 09, 2015

Security Predictions for 2016 or “Let the internet security prognostication begin”

It’s that time of the year, when security pundits make their security predictions and comment on trends for 2016. Of course, it would be great if the pundits who came out with predictions for 2015 came out with a report card in early 2016. 

Trying to predict the future is like trying to drive down a country road at night with no lights while looking out the back window - Peter Drucker

Consolidation in the Security Sector
Look for continued security consolidation as some of the larger vendors utilize the strategy that it is quicker and easier to buy a technology to broaden their security portfolio than to develop the technology internally. At the same time, some larger companies will sell off their (incomplete) portfolio of security products to focus on other sectors. There are rumors, for example, about SonicWall being put on the market by Dell.  Of course, FireEye rumors are making the rounds after their Q3 results.

Look for other vendors to analyze the market, do a make/buy analysis and then license missing technology from smaller, more agile, companies.  

“If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.” – Bruce Schneier

Bubble Will Burst on Some Newly Public Security Vendors
At some point in time, companies have to generate cash and after working through the wonders and options of tax accounting, companies have to show a bottom line profit.  Look for investors getting tired of “but we’re going after market share” and selling their stock. For others, shorting activity will increase.  An offshoot of this is that these companies will become less expensive to acquire. Happiness is positive cash flow.

Splitting (breaking?) of Humpty Dumpty. Symantec and Hewlett Packard
Symantec has retired their vision (several years old) of becoming a widely diversified company (begun by John Thompson) and is splitting/divesting into security focused Symantec, and back up and recovery, SDN, and governance focused Veritas. Hewlett Packard has split into two companies. HP Inc.   holds the printing and personal systems side of the business, selling printers, scanners, displays, personal computers (laptop, desktop, and tablets),  and the supplies and services associated with them.  Hewlett-Packard Enterprise will handle the hybrid cloud, servers, storage, converged systems, networking, management software, and the services necessary to run an enterprise.    They are both Fortune 100 companies, the latter led by Meg Whitman, and the former by Dion Weisler.  Not bad for a company that began in a garage in Palo Alto, selling to Disney.

One of these splits will work out much better than the other one.   That one being….Symantec. HP Enterprises, and HP, Inc. are still battleships.   

Life is a Breach
There will be at least one major security breach, for a number of reasons.  Some companies have still not gotten the memo about cybercriminals, thinking, “It can’t happen to us” and are being slow in their investments.  There are a number of bright cybercriminals out there. They design their own methods of attack.  They may rent use of a botnet as part of their attack strategy.  If the CIO/CEO want to maintain their title, look for full transparency, accepting the blame, laying out the groundwork to prevent this from happening again (hopefully), and protecting their customers. Classic disaster recovery procedure, often not followed.

Cybercriminals Will Broaden Their Target Base
Cybercriminals will increase the number of vertical markets they go after and the size of the typical breach will be smaller. The number of breaches (reported anyway) will decrease. From a CSO Online article - Jody Westby, CEO of Global Cyber Risk, “it is the data that makes a business attractive, not the size – especially if it is delicious data, such as lots of customer contact info, credit card data, health data, or valuable intellectual property.”

The Identity Theft Resource Center (ITRC) reported in October that there has been 606 data breaches recorded through October 13, 2015, and that more than 175 million records have been exposed.    The top 4 sectors with respects to incidents, business (39%), health care (36%), banking (10%), and government (8%) 68% of the records exposed were in the health care sector. There were over 780 data breaches in 2013.

We Will Continue to be Our Own Worst Enemy
“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.”- Kevin Mitnick

 A warning from your browser not to visit that site?  A found thumb drive?  New pictures of (fill in the name of your favorite celebrity) on the web or as an attachment to your email.  These are the internet equivalent of wet paint signs. Some people just have to check for themselves. More security aware companies will do more than have people look at a slide presentation on security and take a quiz once a year. They’ll send their own employees phishing emails, among other tactics.

The Wisdom of Crowds
James Surowiecki, in the book “The Wisdom of Crowds”, speculated that large groups of people are smarter than an elite few, no matter how brilliant–better at solving problems, fostering innovation, and coming to wise decisions. In 2016, market share of consumer AV/Malware purchases will probably still continue to be more a reflection of how many “likes” a product receives, rather than how they are reviewed by a PC Publication,  or test organizations AV-Comparatives, or AV-Test. Scary. Whom are you going to trust? Your doctor or your Facebook friends?

A  Growing use of Something Other Than Passwords
The top 20 list of passwords for 2016 may not vary greatly from 2015, look for more people to use some sort of biometrics or Multi-factor Authentication (MFA), to enhance the security of their devices. This will occur in businesses more quickly than in the consumer marketplace. According to an article in CNET at the beginning of the year, the top 10 passwords of 2014 were 123456, password, 12345, 12345678, QWERTY, 1234567890, 1234, baseball, dragon, and football. If your password looks anything like this, or is your pet’s name, change it immediately. There are a number of articles on creative ways of making up passwords or using different figures you can draw on your keyboard. At minimum, consider reading a few articles and select a method that works for you.

Showtime” - The Government or a Large Security Vendor will take the Offensive
At some point in time, negotiations just aren’t cutting it.  Look for a concerted attack against some cybercriminals, whether they’re independent, being treated with benign neglect in their native country, or being subsidized.  This is despite any negotiations taking place with some countries on an international level. Sometimes the best defense is a good offense.  “The Darknet: Is the Government Destroying 'the Wild West of the Internet?” is a November Newsweek article that’s an interesting read.

Government Takes the Lead in Sharing of Information between Security Vendors
The bragging right for many security companies is how quickly they identify and react to threats, and update their existing customers almost immediately.  They are not going to want to share this information with competitors as quickly.  Look for the government to be the driver in information sharing. One question that arises – how open will this table be for all security vendors or will it be a selective group?   “Senate passes cybersecurity information sharing bill despite privacy fears.” Washington Post, October 27.   

The News of the Death of Endpoint Security Has Been Greatly Exaggerated
To paraphrase a quotation by American humorist Mark Twain.  The reliance of AV/malware products on signature files to detect threats has been declining for years. The endpoint   is the last line of defense. Technologies relying on heuristics are not the whole solution. Look for endpoints to use such techniques as artificial intelligence and machine learning, whether powered at the endpoint or in the cloud to lead the way. Despite statements by Symantec and others, do not look for AV/malware protection provided at the endpoint either installed their or involving technology in the cloud to disappear anytime soon.

Who will be Among the Top New Innovative Security Companies in 2016?
Good question.

On November 3, SINET announced their top 16 innovators (revenues under $15 million) for 2015. These companies were:  Bayshore Networks, Inc., BehavioSec, Gurucul Solutions, Lastline, Netskope, Onapsis, Inc., Palerra, Inc., PFP Cybersecurity, Pindrop Security,  QuintessenceLabs, RedOwl Analytics, Secure Islands,  SecurityScorecard, Sqrrl Data, Inc., TaaSera, Inc., Vectra Networks, Inc., You may be hearing from these companies over the course of 2016. Gartner and others will be coming out with their lists.

A mantra for 2016, “Friends don’t let their friends be mindless about security.”

Monday, October 26, 2015

CompTia Survey - 17% of people would put a found USB stick in their laptop. Ouch or fantastic?

In a  CompTia survey  written about by Softpedia in “One of the Biggest Security Risks: Naive People Connecting Lost USBs to Their PCs”,   an interesting statistic came up.  As part of the study, 200 USB sticks were left in high traffic locations in US cities.  20% (forty) were picked up and 17% were connected to people’s laptops.  According to the article, The USB sticks used in the experiment contained a text file, which included instructions asking the user to send an email to a specific address, or to click through a trackable URL.

The reporter found the 17% figure worrisome.  I’ll take a contrarian view.

At RSA San Francisco 2013, we conducted a security survey, gathering 300 responses.  78% of those responding said that they had once found a USB and plugged it into their laptop!   68% of those surveyed had been involved in a security breach, either at home, or in their office.

While 17% is a frighteningly high number, that is a 61%% drop from what I found just two and a half years earlier!

A found USB stick is an internet equivalent of coming across  a “Wet Paint” sign. You just have to check it out yourself. We are our own worst enemies. More training is need. 

For an interesting read on the use of infected USB sticks for good, Google and read about Stuxnet, a 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant. 

Sunday, October 18, 2015

The Pareto Principle and the Pursuit of Perfect Internet Security – a Parable

Not so long ago, a bright security professional and a firm believer of the Pareto Principle, was tasked with designing and implementing an impregnable security solution for his company’s internet. He did his research and arrived at what he thought was an accurate total cost of $4M. Just prior to striding into his manager’s office for approval, he had a quick discussion about the project with a recent new hire reporting to him about the project.

“I’d be careful,” she advised. “At my last company, we found that each major phase cost 50% more than the previous phase. We had several discussions about ‘risk profiles’ and ‘perfect protection’ before getting buy-in on deliverables and budget on a less ambitious result.” 

The bright security professional thanked her and said, “I’m quite confident in my projections and will stake my job on this project. In fact, I will bring it in under budget.”

So, the bright security professional met with his somewhat parsimonious manager, and guaranteed the results. “In fact,” he said, “the first phase of the project will get us 80% there for only $800k."  The manager said, “Fine, but go over budget on this and your next position will have you saying, ‘Would you prefer a grande or a venti latte?’” and with that, the project was approved.

At the completion of the project, how much under budget was the confident security professional?

First, the Pareto Principle is named after economist Vilfredo Pareto (1848-1923), From Investopedia, “The principle states that, for many phenomena, 20% of invested input is responsible for 80% of the results obtained. Put another way, 80% of consequences stem from 20% of the causes. Also referred to as the "80/20 rule".”

The answer is – the individual left to “pursue other opportunities” when he found himself having exhausted the budget, told his manager  that he now felt that 100% was unobtainable and that  it would cost an additional $2.5M to get to 97.5% protection.

How did this happen?

Earlier, a factor (chosen by me) added by the wise new hire was that each phase of the project was that each phase of the project was going to cost 50% more than the previous phase.

Phase 1 - $800k spent (total $800K) to reach 80% of perfection

Phase 2 - $1.2M spend (total $2M) to reach 90% of perfection

Phase 3 - $1.8M spent (total $3.8M) to reach 95% of perfection

Phase 4 – Plug pulled on project. The estimate was $2.7M (total $6.5M) to reach 97.5% of perfection and you never reach 100%

Some morals of this parable

·         100% is tough, if not impossible, to achieve

·         Know your risk profile and your company’s risk profile when working on security projects

·         Know how to make coffee drinks

Thursday, October 15, 2015

AV-Comparatives File Detection Test – September 2015

Av-Comparatives prolific team of writers and testers has released their File Detection Test – September 2015. Nine products received three stars. Avira and BitDefender topped the 21 products in the test.   Their false positive rate was only 0.2%. Other companies receiving three stars, in alphabetical order, were Bullguard, Emisoft, eScan, ESET, Kaspersky, Lavasoft, and Panda.  You can download the report  to see the actual order.

ESET, Microsoft, and Panda had zero false positives The hall of shame award for this test goes to AVG Technologies with a false positive rate 32 times larger Avira and Bitdefender, at 6.5%, (139 false positives).

About the AV-Comparatives  File Detection Test

The awards for the File Detection Test were based on a combination of detection rates and false positives.   The File Detection Test assesses the ability of antivirus programs to detect malicious files on a system. It can identify malware attacks from sources other than the Internet, and it  can identify  malicious files already present on the system.

 “With more than 130000 samples in the test, AV-Comparatives uses one of the largest sample collection worldwide to provide statistically valid results”, according to AV-Comparatives’ Andreas Clementi.

ABC Award for the  File Detection Test

The ABC award (Avoids Being Compared) goes to Symantec. The File Detection Test  is one of the core tests the organization performs. Companies cannot choose which of these core tests to be in. It's all or none.  The ABC award is not part of AV-Comparatives’ test   program!

The document can be downloaded at:    

The  file detection rate of a product is only one aspect of a complete anti-virus product. AV-Comparatives also provides a whole-product dynamic “real-world” protection test, as well as other test reports that cover different aspects/features of the products.  For those interested, you can easily do a deep dive into individual company’s historical performances on tests or sign up for the newsletter.   Check them out.  Other documents are available for download from the AV-comparatives website  ( ) website.