Tuesday, December 27, 2011

August through November 2011 AV-comparatives.org Whole Product Dynamic Test

AV-Comparatives has released the Whole Product Dynamic Test for the August through November timeframe. The top five products are listed below. The top five products in the March through June timeframe – Symantec, F-Secure, BitDefender, G Data, and Trend Micro. All of these were in the top 10 in the latter half of the year.

August through November Results AV–comparatives.org Whole Product Dynamic Test

1. 99.5 – Symantec
2. 99.4 – BitDefender
3. 99.1 - Kaspersky
4. 98.9 – Qihoo
5. 98.8 – Trend Micro

Of the above, only Trend Micro did not receive the Three Star Advanced Rating. F-Secure and G Data did, however. PC Tools and Webroot were at the bottom for the latter half of the year. They received the not so coveted “Tested” designation.

To see complete results for the latter half of the year (17 vendors), go to http://www.av-comparatives.org/en/comparativesreviews/dynamic-tests

The burning question for 2011 – How many toothpicks does it take to safely surf Facebook?

About AV-comparatives.org

AV-Comparatives is an Austrian Non-Profit-Organization, which is providing independent Anti-Virus software tests free to the public. Free is a good thing.


Wednesday, December 21, 2011

Avast Software Files for $200 Million IPO

Avast Software filed for an initial public offering (IPO) of $200 million in common shares on December 20. They plan to use the proceeds for working capital and general corporate purposes. Avast is based out of Prague in the Czech Republic.

Avast said it may also use some or all of the money raised to invest in complementary companies, products or technologies. For the six months ended June 30, Avast reported a profit of $23 million. This is an increase from $4.4 million during the same period last year. Revenue jumped 87% to $37.9 million.

UBS Investment Bank and Deutsche Bank Securities are the lead underwriters on the deal. This initial public offering has been in the rumor mill for a while.


In August 2010, growth equity investor Summit Partners invested $100 million for a minority stake in Avast. http://www.avast.com/pr-growth-equity-investor-summit-partners-invests-100-million-in-avast-software.


Results in 3rd Party Tests - Avast Has Mixed Results

In testing, Avast has been all over the place. In November, they came in 11th in the www.av-comparatives.org test for “Proactive Detection of New Malware”. They came in last in the av-comparatives October-November “Whole Product Dynamic Test”. G Data and Kaspersky came in first and 2nd, respectively. They came in 16th in this test for the 2nd half of 2011. They came in 8th in the August “On-demand Detection of Malicious Software” test. They scored above 90% and 80% respectively for Reactive Detection and Proactive Detection in the “RAP Averages Quadrant Apr-Oct 2011”. They’ve received VB100 awards for all tests entered in 2010 and 2011.


OPSWAT Security Industry Market Share Leader

In the OPSWAT December 2011 report on “Security Industry Market Share Analysis”, Avast is listed as the antivirus worldwide security industry market share leader, with a 15.9% share. Avast claims on their web site that they they protect 142 million active and 187 million registered users.


Ultimately, it'll be interesting to see how an Avast IPO fairs. Other security vendors are supposedly in the pipeline to go public.

Monday, December 19, 2011

Juniper Networks Slaps Patent Suite on Palo Alto Networks - December 19

Juniper Networks is suing Palo Alto Networks cofounders Nir Zuk and Yuming Mao for patent infringement. PAN’s cofounders left Juniper in 2005 to start PAN. Zuk and Mao are accused of willful infringement of six patents Juniper Networks acquired when they purchased NetScreen in 2004. If you can’t win in the marketplace, see if there’s some way to gain a win in the courtroom. Whether this will delay an IPO (initial public offering)by Palo Alto Networks is hard to tell.


To borrow heavily from William Congreve, "Hell hath no fury like a company scorned from the Gartner leaders quadrant or feeling violated about patent infringement."

Palo Alto Networks and Check Point Technologies are the only two companies in the Leaders quadrant in the December 14, 2011 Gartner Magic Quadrant for Enterprise Network Firewalls. Juniper Networks is one of four in the Challengers quadrant.

Hewlett-Packard is in a somewhat embarrassing portion of the Niche Players quadrant. Hewlett Packard CEO Meg Whitman may need to have a serious talk with the security group at Hewlett Packard about this. The lower left hand corner is not “coveted”.

There’s a misconception, perhaps foisted upon prospects by vendors, that the only companies to consider purchasing solutions from are in the Leaders quadrant of a Gartner Magic Quadrant. A good document from Gartner to read is “Magic Quadrants and MarketScopes: How Gartner Evaluates Vendors within a Market”. It’s written by Gartner analyst Charles Smulders, ID: G00154752

A few sentences from the document - “To evaluate vendors in the Leaders quadrant only and ignore those in other quadrants is risky and thus discouraged.” Use a Magic Quadrant to narrow your list of choices, but don't base your decision only on the model. Talk to the Gartner analyst who created the research for more details."


Read the above sentences to any vendor who flashes a Garner Magic Quadrant from his slide deck during a presentation!

Wednesday, December 14, 2011

AV-Comparatives Malware Removal Test 2011

AV-Comparatives (www.av-comparatives.org) has released their Malware Removal Test December 2011. This test focused on the malware removal/cleaning capabilities of the products. Nothing to do with detection rates or protection capabilities. According to the organization, the report is aimed towards home users. Ten samples were used in the test with scoring done based on removal of the malware and how convenient it was to do the removal. Scales of A-D were used for this. In colloquial terms, how well is the malware (files, etc) cleaned up? Eighteen products were tested. The antivirus products were used.


Four Companies Receive The Top Three Star Rating

Products from only four vendors received AV-Comparatives advanced 3 star rating. In order, these were - BitDefender, PC Tools, Kaspersky, and Symantec. BitDefender scored 92 points. Low score overall was 52 points.

BitDefender's business security product was named CRN's 2011 Product of the Year in a recent article.


Four vendors received two stars and ten vendors, one star. You’ll have to check out the report for the complete listing!

The report also contains a nice table providing links to some of the Free Removal-Tools for specific malware available from these vendors and whether a boot disk is available. Definitely worth checking out, and making copies as appropriate.

The vendors in the Malware Removal Test, alphabetically: Avast, Avg Technologies, Avira, BitDefender, Eset, F-Secure, G Data, K7, Kaspersky, Mcafee, Microsoft, Panda, PC Tools, Qihoo, Sophos, Symantec, Trend Micro, and Webroot.

About AV-Comparatives

AV-Comparatives is an Austrian Non-Profit-Organization, which provides independent Anti-Virus software tests free to the public.

Go to the AV-comparatives website for complete details about the organization, the many tests they perform, and to download copies of test reports.


Tuesday, December 13, 2011

CRN - The 15 Best Products Of 2011 - BitDefender in Security

CRN has come out with their 15 best products of 2011. In the area of security, BitDefender Security: BitDefender Business Solutions Version 3.5. This isn't an in depth slide show. Light reading.


We liked this product’s ability to install anti-virus and security software across the network, even on unmanaged computers where there is not an installation ofhttp://www.blogger.com/img/blank.gif Active Directory. Also: Bitdefender’s approach is a two-fer: It’s targeting SMBs with this product but also has begun engaging VARs more aggressively. It’s a good product with channel opportunity.


How Has BitDefender Performed in 2011 in
the Test and Review World?

4 stars out of five from Neil Rubenking and PC Magazine http://kensek.blogspot.com/2011/08/best-internet-security-suites-2012-pc.html for Best Internet Security Suites 2012

Above 90% in reactive and above 80% in proactive detection in Virus Bulletin’s Rap Average Quadrant http://www.virusbtn.com/vb100/latest_comparative/index

9 for 10 in the last ten Virus Bulletin VB100 Awards

Scored 16.0 out of 18.0 in www.av-test.org August test on Windows XP platforms http://www.av-test.org/en/tests/test-reports/sepoct-2011/

8 out of 12 on www.av-comparatives.org November Retrospective Test Static Detection Test for New and Malicious Software. A number of vendors declined to participate in this test. Worth reading the details. http://kensek.blogspot.com/2011/11/av-comparatives-anti-virus-comparative.html

BitDefender was not in the top 10 in OPSWAT’s Latest Market Share Report (showing that quality and share do not necessarily go hand in hand http://kensek.blogspot.com/2011/12/december-2011-opswat-report-on.html

They scored 5th out of 17 in the latest www.av-comparatives.org Whole Product Dynamic Test http://www.av-comparatives.org/en/comparativesreviews/dynamic-tests

Monday, December 05, 2011

Former HP Chairwoman Patricia Dunn Dies after Cancer Battle

Patricia Dunn, the former chairwoman of Hewlett-Packard (NYSE:HPQ)'s board who became a controversial figure in the company's "pre-texting" scandal, died Sunday at the age of 58 after a long battle with cancer.

This pre-texting at Hewlett Packard took place during the Hurd era. It was a big deal in the business press. Mark (I did not date that woman) Hurd, CEO at the time, admitted that he had approved the investigator’s tactics of using “pre-texting” to search for leaks among board members. Pre-texting the practice of presenting oneself as someone else in order to obtain private information. In colloquial terms, telling a lie about whom you are to get info.

This was one of the major incidents illustrating how far Hewlett-Packard had strayed from the HP Way and the ideals of their founders. Other tactics used included “tracking e-mails” and surveillance of reporters. Not pretty. Congress ultimately declared the practice of pre-texting illegal.

Hewlett Packard has come a long way since then. The family culture that HP had is probably gone forever, though. In fact, it may not be a successful culture for today’s business world. An interesting book came out about Hewlett Packard and this era in 2010 - "The Big Lie: Spying, Scandal, and Ethical Collapse at Hewlett Packard" by Anthony Bianco.

Sympathy to the family.


December 2011 OPSWAT Report on Worldwide Security Industry Market Share

OPSWAT Inc. has published their December 2011 report on “Security Industry Market Share Analysis”. The data OPSWAT used was collected between November 16, 2010 and November 15, 2011. It's worthwhile to check out the detailed report.

Worldwide Security Industry Market Share Leaders – Companies

• Avast Software – 15.9% (1st in September Report)
• Avira- 12.1% (3rd in September report)
• AVG Technologies – 11.3% (2nd in September report)
• Eset- 10.1%
• Symantec – 9.1%

Worldwide Market Share Leaders - Product

• Avast Free Antivirus - 11.5% (1st in September report)
• Avira Antivir Personal - Free – 10.1% (3rd in September report)
• Microsoft Security Essentials – 9.3% (2nd in September Report)
• AVG Antivirus Free - 6.4%
• Eset Nod32 Antivirus - 6.63%

North America Vendor Market Share

Symantec (15.9%), AVG Technologies, Microsoft, and Avast were the leaders (stats for the top 10 are in the report). These were the only vendors with over 10%. Microsoft (by far), Kaspersky, and Avira were the big gainers in year over year in North America vendor market share. Eset plummeted.

North America Product Market Share

The top 4 vendors in order were Microsoft (13.3%), Avast, AVG, and Norton. Microsoft was the only product with over 10% (stats for the top 10 are in the report).

Global Market Share versus Ability to Detect Malicious Software, and Overall Quality

Below is a table combining December market share, test rankings from an AV-comparatives.org Q3 test and an AV-tes.org test Q3 certification test.

G Data topped the AV-comparatives.org test, AV-Comparatives on Demand Detectiohttp://www.blogger.com/img/blank.gifn of Malicious Software – September 2011. http://kensek.blogspot.com/2011/09/av-comparatives-on-demand-detection-of.html

BitDefender topped the AV-test.org test yet. For the BitDefender test, I totaled the scores for Protection, Repair, and Usability. AV-Test Product Review and Certification Report – Q3-2011. http://kensek.blogspot.com/2011/10/av-test-product-review-and.html

Note that there was no relationship between market share and performance. Hence the need to look at test organization results and reviews by knowledgeable individuals. The number of “likes” on a Facebook fan page is not a substitute. The largest vendors aren't always the best vendors from either the perspective of usability or protecting your network there were ties in the results).

Large Number of Vendors but Consolidated Industry

Ten vendors were listed by name in the worldwide market share data, Avast, Avira, AVG, Eset, Symantec, Microsoft, Kaspersky, Mcafee, Panda, and Trend Micro. These comprised 87% of the market. In North America, seventy-one different antivirushttp://www.blogger.com/img/blank.gif vendors and 238 antivirus products were detected in this latest report. Eighty-one vendors and 353 products were detected worldwide. Quite an effort by OPSWAT.


The OPSWAT report also contains information about Windows Operating System Deployments, and Backup (client and vendor) market share.

OPSWAT market share reports are available at http://www.opswat.com/media/reports. The report contains details on how the data was captured.

OPSWAT was founded in 2002. OPSWAT provides software engineers and IT professionals with development tools and data services to power manageability and security solutions. www.opswat.com


AV-Comparatives is an Austrian Non-Profit-Organization, which provides independent Anti-Virus software tests free to the public. www.av-comparatives.org


The AV-TEST Institute is a leading international and independent service provider in the fields of IT security and anti-virus research.

Sunday, November 27, 2011

PC Magazine Best Products of 2011 - Best of the Year – Security

PC Magazine has released their best products of 2011, best of the year 2011 compilations. The compilation has their Gold and Silver products for approximately 20 categories, providing a paragraph of detail for each product. In the security category, below are some of the Gold recipients.

• Antispam – Cloudmark DesktopOne Basic
• Antivirus –Webroot SecureAnywhere Antivirus
• Security Suite – Norton Internet Security 2012

All the above (obviously), received Editors Choice designations. To view details about the security Gold and Silver recipients, as well as recipients in the other categories for PC Magazine Best Products of 2011 go to http://www.pcmag.com/article2/0,2817,2396200,00.asp

More comprehensive reviews for the Gold and Silver recipients and their competitors can be viewed on pcmag.com. For a listing of a number of PC Magazine Best Internet Security Suites 2012 and Best Antivirus Software 2012, sorted by the number of stars received, go to http://kensek.blogspot.com/2011/08/best-internet-security-suites-2012-pc.html and http://kensek.blogspot.com/2011/08/best-antivirus-software-2012-pc.html , respectively.

AV-Comparatives Anti-Virus Comparative Retrospective Test - November 2011

AV-Comparatives has released their Anti-Virus Comparative Retrospective Test (static detection of new/unknown malicious software) – November 2011. Twelve vendors were included in the test. In general, the company’s antivirus 2012 products were used, not the internet security suite 2012 products.

Seven vendors received advanced (3 star) ratings In Av-comparatives November test. In order, these were G Data, Avira, Eset, Kaspersky, F-Secure, and BitDefender. These all received 3 star ratings in the previous test, as well. http://www.av-comparatives.org/images/stories/test/ondret/avc_retro_nov2011.pdf .

Advanced Plus (3 star ratings) were received by 10 vendors in August, G data, Avira, Panda, F-Secure, BitDefender, Kaspersky, ESET, Avast, McAfee, and Trend Micro. http://www.av-comparatives.org/images/stories/test/ondret/avc_od_aug2011.pdf .

The table below combines a couple of results. The November test results for proactive detection of new malware (first two columns) and the Q3 AV Comparative test rankings. Note that the order in the table below doesn't match the order for the three star rankings, which take other factors into account.

The November test evaluated only the offline heuristic/generic detection of the products against unknown/new malware, without the need to execute it or to submit it against anything else.

According to AV-Comparatives, a number of vendors declined to participate in the test. “In their opinion (the vendor), their product’s real-life capabilities are not adequately represented in the retrospective test to the absence of a live Internet connection or because URL blocking is not considered.” See page 4 of the report for additional details.

AV-Comparatives is an Austrian Non-Profit-Organization, which provides independent Anti-Virus software tests free to the public.

Go to the AV-comparatives website for complete details about the organization, the many tests they perform, and to download copies of tests.

Monday, November 21, 2011

October 2011 AV-comparatives.org Whole Product Dynamic Test

The top five products in the AV-Comparatives.org and the "Whole Product Dynamic Real World Test” - October 2011 has some major antivirus and internet security suite vendors switching positions. Only two of the top five from September remained in the top five. The top ones – G Data, Kaspersky, Qihoo, Symantec, and BitDefender. Webroot, PC-Tools, and Avast were the “bottom” performers, rounding out the bottom three. Avira was the top free performer. Blahopřeji.

October Results AV–comparatives.org Whole Product Dynamic Test

1. 99.6 – G Data
2. 99.6 – Kaspersky
3. 99.6 - Qihoo
4. 99.6 – Symantec
5. 99.4 – BitDefender

“Compromised” was the tiebreaker in the above.

September Results Whole Product Dynamic Test

1. 99.7 – BitDefender
2. 99.0 – F-Secure
3. 98.8 – Trend Micros
4. 98.7 – McAfee
5. 98.7 - Symantec

To see complete results for October (twelve more vendors), go to http://www.av-comparatives.org/en/comparativesreviews/dynamic-tests and view the monthly report. More important though, are results over a period of time. You can play with the interactive report.

And the Next Security IPO is…

You know what it means in the United States when holiday decorations start appearing in malls. Thanksgiving is just around the corner, and the IPO rumor mill starts up again. November 17 blog - And the next IT security IPO is… http://blogs.the451group.com/techdeals . What do you believe the prospectus (sic) are?

About AV-comparatives.org - www.av-comparatives.org

AV-Comparatives is an Austrian Non-Profit-Organization, which is providing independent Anti-Virus software tests free to the public.

Friday, November 18, 2011

San Francisco Tech-Security Conference – November 17

It was a full day of talks and a 50-company exhibitor room for attendees at this security event. Presentations were given by McAfee, Cyber-Ark, Axway, Centrify, WatchGuard, Netgear, Blue Coat, Invincea, and Endace.

The slick security award has to go to Invincea. They are a venture-backed software company. They provide desktop security to companies with Invincea™ Browser Protection. www.invincea.com Invincea™ Browser Protection shields PC users against all types of Web-borne threats by moving desktop Web browsers into a controlled virtual environment. Invincea creates a fully isolated browser environment to help deliver PC protection. The product automatically detects and terminates a threat in real time and disposes the tainted environment. It than restarts a new one.

SC Magazine loves the product. Peter Stephenson in the January issue of SC Magazine wrote, “What we liked: Ease of use, small footprint and very creative use of a virtual machine to contain the browser and keep the malware out of the computer” The company also has a Document Protection solution. Invincea is still a privately held company. No hints about an upcoming IPO. Let’s hear it for virtual machine technology. This goes well beyond what McAfee SiteAdvisor and AVG LinkScanner offer in protection.

It’s always interesting to talk to vendors while others are running around getting their “qualify for the drawings” card initialed. Some random observations:

Say “NGFW” and security companies will respond “Palo Alto Networks.” Other companies are offering the technology, but for the time being, Next Generation Fire Wall is Synonymous with Palo Alto Networks. They weren’t at this event, by the way, (cheapskates) while Fortinet, Websense, Blue Coat and SonicWall were.

Netgear presentation bite – “Experts believe Scareware is one of the payloads that make attackers the most money.” They pushed the layered defence (sic) strategy. Gartner gives them #1 share in the sub $5k market share and #4 in the sub $25k.

Invincea - “Polymorphics will make signatures obsolete.” “$398B of research has been put at risk because of China and Russia.” “Asking our users to make the correct decision every time is a complete pipe dream.” The presenter also showed a slide from a Cyveillance study showing that F-Secure Kaspersky and Nod32 (Eset) were the quickest for Day 1 Anti-Virus “Effectiveness”.

WatchGuard – Stated that surveys of employees have shown that they spend 3 hours daily, on average, at work on personal related web surfing. Much of their presentation focused on how their product delivers granular web application control.

Axway – Considers using the cloud to perform file transfer still to be not quite fully secure. He also quoted a Ponemon Institute that the average cost of a data breach is $202 per record or$6.6M per breach. They’re in the Leader’s Quadrant (Gartner) for Managed File Transfer, Business to Business Integration, and Email Encryption.

The primary focus of the presentations was on education/knowledge sharing with only a few slides at the end being devoted to product pitches. These presentations weren’t deep dives into the company’s technologies. For the most part stats tossed out were current.

Antivirus, antimalware vendors mentioned as being “under the hood” for different vendors’ products: Commtouch, Kaspersky, Sophos, AVG. Present at the show - Eset (showing some older studies, dudes), Kaspersky, McAfee, and Sophos.

Now About Those Tchotchkes

A marketing professional at a leading edge consumer software company believes that a company's standing on the innovation scale is directly related to the creativity of their tradeshow giveaways. That said – pens, stress balls, more pens, breath mints, more breath mints, an environmentally friendly shopping bag, a squishable car shaped stress ball, a year subscription for the company’s internet security suite, something to clean your mobile phone screen, pens with a blinking red ball at the top.

The most useful tchotchke – Tectia and their aluminum sport water bottle. Winner on the cool scale - some kind of battery power multi colored LED spinning fan “thing”. A quite optimus giveaway by Blue Coat. The most impressive giveaway at the end of the day - a $700 WatchGuard appliance.

The most attended presentation was the last one. Attendees had to be present and had to have had their gift drawing card initialed by participating vendors to be eligible for the drawings. Hence, the occasional mad dash of individuals to get those puppies signed.

About the Organizers

These events are put on by www.dataconnectors.com . It appears that about 50 of these are scheduled to take place in 2012.

Tuesday, November 15, 2011

Cyber Security Smackdown – Organized Crime vs. Agile Start-ups - VLAB

Great panel discussion put on by VLAB (MIT/Stanford Venture Lab) on November 15. The topic: Cyber Security Smackdown – Organized Crime vs. Agile Start-up. Part of the event description - Most organizations are unaware they have been hacked until it is too late. Just as the Mafia at the turn of 20th century changed the law enforcement landscape, black hat hacking has become a profitable, illegitimate business that harms individuals, companies, and national security. McAfee estimates that global cyber crime cost corporations and individuals over $1 trillion annually.

Some sound bites that came out of the discussion:

• IPv4 versus IPv6 – With respect to the “volume” of IP addresses that can theoretically be connected to the internet: Think of a golf ball versus the size of the sun.
• There are two kinds of companies when it comes to their preparedness for being hacked. Those who have been compromised and those that are still unaware of how vulnerable they are.
• Wells Fargo thought that one of the apps they had created for customers was just sitting out there until they hired one of the panelist’s companies. They then found that the app had been downloaded several million times. Kind of surprising that “someone” in the IT group didn’t realize this.
• Antivirus companies have been failing in protecting their customers. The solution(s) for protecting companies will not come from developers these companies.

Interestingly enough, Trend Micro Executive Eva Chen had a Q&A with CRN (www.crn.com) in March 2004. Chen stated in response to a question about security management, “The other thing we are thinking about is outbreak prevention. We always say we are in the antivirus business. But I was so frustrated that I called our CEO, Steve Chang, and said we've been lying to our customers for 10 years. We call ourselves antivirus, but we have never prevented a virus from hitting our customers'" http://www.crn.com/news/channel-programs/18841262/crn-interview-eva-chen-trend-micro.htm.

• Companies need to look at any agreements they have with companies such as Microsoft, Amazon, etc. regarding security. In general, these sites have a statement regarding keeping your company protected: they aren't responsible for security lapses. But, they can hold your company responsible if they suffer damages because of the relationship.
• Question from the audience – “How can a company with a low budget stay protected?” Answer, “Try to maintain a very low profile.”
• Social engineering or gaining an entrée through an internal employee is how many cyber criminals get into a company.
• More than a few developers are good guys during the day and bad guys at night (colloquial restatement.

What does this mean with respect to security? Don't slash that budget. Look to some of the smaller companies. Read your agreements with the larger companies you are doing business with and may be relying on for protection.

Panelists for the discussion:

Jeffery Carr - Carr is the author of "Inside Cyber Warfare: Mapping the Cyber Underworld" (O'Reilly Media 2009). He is also the founder and CEO of Taia Global, Inc., a boutique security-consulting firm for Global 2000 companies.

Mike Eynon - Eynon is the Co-Founder, President of Silver Tail Systems, has substantial experience in building fraud detection and prevention tools for some of the highest traffic, and fraud targeted websites on the internet. Before co-founding Silver Tail Systems, Mike managed payment risk at PayPal, as well as fraud policy at eBay. www.silvertailsystems.com

Ali Golshan - Golshan is the Co-founder & Chief Architect at Cyphort. Golshan has over 12 years of experience in Security, Virtualization, and Data Mining using Probabilistic Pattern Matching. http://cyphort.com/ . Currently in stealth mode.

Marc Goodman -Marc Goodman is the Founder and Chairman of the Future Crimes Institute. Additional information is available at www.marcgoodman.net.

Jacques Benkoski - Benkoski joined US Venture Partners in 2005. Before joining USVP, Benkoski was President and CEO of Monterey Design Systems from 1999. Synopsys (SNPS) acquired the company in 2004.

About VLAB www.vlab.org

The MIT/Stanford Venture Lab (VLAB) is the San Francisco Bay Area chapter of the MIT Enterprise Forum, a non-profit organization dedicated to promoting the growth and success of high-tech entrepreneurial ventures by connecting ideas, technology and people.

Wednesday, November 09, 2011

Time for Hewlett Packard to (wo)man Up on the WebOS Deal

After moving over from a board member position to take on the CEO role on September 22, Meg Whitman and Hewlett Packard moved relatively quickly on deciding what to do about their $40 billion plus PC/laptop division. They hedged their bets and decided to keep it around for a while. Must have been a difficult choice! Admittedly, margins are slipping in this business.

The next burning issue on the plate is what to do with Palm and WebOS. This acquisition took place in spring 2012 to the tune of about $1.2 billion. Then in the intervening months, Hewlett Packard, introduced a tablet, decided to get rid of the tablet and have a fire sale, and then decided to keep the tablet around for a while with an OS from Microsoft. So much for my decision to use these tablets as coasters.

For the time being, Whitman and Hewlett Packard have decided to do “nothing” about WebOS. Do nothing is always easier and much more reversible than sell. It doesn't rank high on the daring scale, though. A couple of potential suitors, including Oracle(?) have been mentioned.

It probably makes no sense to have two tablets running on two different OS’s. That’ll confuse the public and the investor marketplace. Assuming HP’s fiscal year is the same as the calendar year, they have less than two months to sell the company (if that’s their decision) and let it hit the 2011 books.

Great article on “Behind the Woes at H.P., Wall St. Banks Lurk”.

According to the article, it turns out that Hewlett Packard has paid out about $81 million in fees to investment bankers related to the acquisitions they have made over the last two years.

That’s how much Hewlett-Packard is estimated to have paid out in fees to its investment bankers in the last two years for advising it on a series of acquisitions including ArcSight and 3Par (premium of 242%!). According to the article, Hewlett-Packard’s market value has fallen by more than $40 billion during this period of time.

With respect to the decision to keep the PC division, “The costs and the risks of separation are simply greater than any value we could create,” Ms. Whitman said by way of explanation.

Meanwhile, the shareholders are losing out. One redeeming thing about the above; Whitman is taking a base salary of $1 for the upcoming year. Any further pay will be in bonuses and stock appreciation.

Best Antivirus Software - Readers Choice Awards 2011 – Antivirus.about.com

Mary Landesman and About.com have announced their Readers Choice Awards for Antivirus, Internet Security Suites, and Free Antivirus. The complete text and link to the article is below. These are popularity contests and don’t reflect the ability of the software to actually stop anything (though one would think that that’s what readers are interested in). For example, Rubenking of PC World tends to like Norton for their internet security suite. Comodo did win a www.download.com popularity context. The folks at Avira have to be pleased with the results below. No details on the number of participants, whether people could vote more than once, etc.


Best Windows Antivirus for 2011

• GFI VIPRE Antivirus: 44%
• Avira AntiVir Premium: 28%
• ESET NOD32 Antivirus: 18%
• ZoneAlarm Antivirus: 6%
• Norton AntiVirus: 3%

Best Internet Security Suite for 2011

Some surprises in this table.

• Comodo Internet Security: 42%
• Panda Global Protection: 26%
• ESET Smart Security: 25%
• Kaspersky Internet Security: 4%
• Norton Internet Security: 3%

Best Free Antivirus

• Avira AntiVir Personal: 62%
• Avast! antivirus: 13%
• Microsoft Security Essentials: 10% (how did they do this?)
• AVG Free: 9%
• Panda Cloud Antivirus: 6%

People looking at the above, may want to look go to www.virusbtn.com , www.av-test.org, and www.av-comparatives.org prior to making a purchase decision or downloading. Alternatively, look at relevant blogs on this site! Go to www.kensek.blogspot.com to view results from these blogs, including tables showing the rankings of the antivirus and internet security suite products for 2012 that PC World has tested and reviewed, cross tabbed against some of the test organization's results. It is well worth reading Rubenking's reviews after looking at the rankings. http://kensek.blogspot.com/2011/08/best-internet-security-suites-2012-pc.html . There are also reviews on www.download.com by Rosenblatt.

Tuesday, November 08, 2011

SC Magazine Awards 2012 Finalist Selections

SC Magazine has begun announcing their SC Magazine Awards 2012 Finalist selections. They are stretching the announcement out over a brief period on this web site. http://www.scmagazineus.com/finalists/section/2386/

Best Anti-Malware Gateway Finalists

• Cisco for Cisco Web Security
• McAfee for McAfee Web Protection
• SonicWALL, Inc for SuperMassive E10100
• Symantec Corporation for Symantec Web Gateway 5.0
• Websense, Inc. for Websense TRITON Security Gateway Anywhere

Best Anti-Malware Management (client-based, typically software only) Finalists

• Bit9, Inc. for Bit9 Parity Suite
• ESET for ESET Smart Security
• GFI Software for GFI VIPRE Antivirus Business
• IBM for IBM Tivoli Endpoint Manager
• Sophos, Inc. for Sophos Endpoint Security and Data Protection v9.7

Best Data Leakage Prevention (DLP) Finalists

• CA Technologies for CA DLP
• NextLabs for NextLabs Enterprise Data Protection
• Symantec Corporation for Symantec Data Loss Prevention
• Trustwave for Trustwave DLP
• Websense, Inc. for Websense Data Security Suite.

Best Web Content Management Product

• Barracuda Networks, Inc. for Barracuda Web Security Flex
• Cisco for Cisco Web Security
• McAfee for McAfee Web Protection
• Sophos, Inc. for Sophos Endpoint Web Protection
• Websense, Inc. for Websense Web Security Gateway Anywhere

Best Mobile/Portable Device Security

• Good Technology for Good for Enterprise
• IronKey for IronKey Enterprise Management Service
• McAfee, Inc. for McAfee Enterprise Mobility Management (McAfee EMM)
• Sophos, Inc. for Sophos Mobile Control
• Symantec Corporation for PGP Whole Disk Encryption from Symantec

There are a total of 32 awards that will be given out by SC Magazine. These include Readers Trust awards, Excellence awards, Professional award, and Editor’s Choice award. Winners will be announced at an awards dinner on February 28, 2012. This will coincide with RSA Security Conference in the US.

Readers Trust Awards winners for 2011 can be seen at http://www.scmagazineus.com/winners/section/2075/ Danica Patrick must be pleased. Go Daddy won a Best Security Team award last year.

For more information, go to http://www.scmagazineus.com/finalists/section/2386/

Friday, November 04, 2011

October 2011 – Virus Bulletin RAP Averages Quadrant, April 2011 through October 2011

Virus Bulletin has released their latest RAP Averages Quadrant, representing April 2011 through October 2011 data. The top 10 (some eyeballing necessary) Bkis, Coranti, TrustPort, BullGuard, Qihoo, F-secure, G Data, Kaspersky, Nifty, and eScan. Bkis, Coranti, and TrustPort were the obvious top three. All of these achieved greater than 90% on Reactive Detection and Proactive Detection. Avira and Check Point came close but didn’t make the top 10 as they did for the previous quadrant. Bkis, Coranti, and TrustPort held the top three spots for another quarter. Congrats!

Below is a grid mapping this latest RAP test with av-comparatives.org On Demand Detection of Malicious Software 2011 Test. http://kensek.blogspot.com/2011/09/av-comparatives-on-demand-detection-of.html shortly.

Not all of the top ten in the Virus Bulletin Rap Averages Quadrant. However, there does seem to be a loose relationship where the better performers in the Virus Bulletin test were also the better performers in AV-comparatives.org . Kind of interesting. And, you won't read about the below on either of the two sites. Perhaps a case could be made to IPO these analyses! Or maybe get a free visit to one of the Virus Bulletin conferences.

What’s with Kingsoft solutions? They’ve consistently been in the lower left hand corner of the grid with around 15%/20% with respect to Reactive/Proactive Detection. They’re down there again. In their case, consistency is bad.

The relative performance of vendors can best be viewed by looking at the RAP Averages Quadrant chart at http://www.virusbtn.com/vb100/latest_comparative/index Subscribers to Virus Bulletin's publications have access to more details on the results.

This test measures products' detection rates across four distinct sets of malware samples. The first three test sets comprise malware first seen in each of the three weeks prior to product submission. These measure how quickly product developers and labs react to the steady flood of new malware emerging every day across the world. A fourth test set consists of malware samples first seen in the week after product submission.

AV-Comparatives is an Austrian Non-Profit-Organization, which provides independent Anti-Virus software tests free to the public.


Virus Bulletin focuses its efforts in three main areas: a monthly magazine, an annual conference and bimonthly product certification. Virus Bulletin started in 1989 as a magazine dedicated to providing PC users with a regular source of intelligence about computer malware, its prevention, detection and removal, and how to recover programs and data following an attack.


Thursday, November 03, 2011

AV-Comparatives.org Anti-Phishing Test August 2011 Mapped Against Malicious Software Detection

Av-Comparatives.org has published their first Anti-phishing test 2011. The results are from August and so contain a combination of 2011 and 2012 products. The sample size was under 1000 so some people may complain that this was a bit on the low side. The top 10 finishers are listed below. The range from best to worst was pretty broad: 98.6 for Webroot at the top and 76.3 for Qihoo in the 19th position. TrustPort, which is usually one of the top products for Virus Bulletin’s RAP test, came in 18th at 76.9.

AV-Comparatives.org Anti-Phishing Results 2011

1. Webroot - 98.6
2. eScan - 97.3
3. McAfee - 96.7
4. Bullguard - 96.1
5. Bitdefender - 94.4
6. Trend Micro - 92.8
7. F-Secure - 92.1
8. Symantec - 89.4
9. Avira - 89.1
10. K7 - 88.7

There was no real correlation when Anti-Phishing results were mapped against AV-Comparative.org’s On Demand Detection of Malicious Software August 2011 Test. Eeeek. One would hope the better products would rise to the top in both tests. Maybe next time.

A major whoops to TrustPort who finished 18th at 76.9%. Also, TrustPort and Bullguard have consistently been top performers in Virus Bulletin RAP Average Quadrant http://kensek.blogspot.com/2011/08/august-2011-virus-bulletin-rap-averages.html . McAfee and K7, not so much.

AV-Comparatives is an Austrian Non-Profit-Organization, which provides independent Anti-Virus software tests free to the public.

Go to their website for complete details about the organization, the many tests they perform, and to download copies of tests.

Saturday, October 29, 2011

AV-comparatives.org Whole Product Dynamic Test – September 2011

The top five products in the AV-Comparatives.org and the "Whole Product Dynamic Real World Test” for September has some major antivirus and internet security suite vendors performing not so well. The top five for September were BitDefender, F-Secure, Trend Micro, McAfee, and Symantec. Avira and K7 dropped out of the top 5. K7 dropped to fourth from the bottom, while Sophos, WebRoot, PC-Tools cannot be smiling, rounding out the bottom three. Avira was the top “free” vendor. This test may not greatly effect revenues, but there are bragging rights in these tests;).

September Results Whole Product Dynamic Test

1. 99.7 – BitDefender
2. 99.0 – F-Secure
3. 98.8 – Trend Micros
4. 98.7 – McAfee
5. 98.7 - Symantec

August Results Whole Product Dynamic Test

1. 99.5 – Trend Micro
2. 99.0 – Symantec
3. 98.4 – Avira
4. 98.4 – BitDefender
5. 97.9 – K7

To see complete results for September (twelve more vendors), go to http://www.av-comparatives.org/en/comparativesreviews/dynamic-tests and view the monthly report. More important though, are results over a period of time. For a one quarter write-up http://www.av-comparatives.org/images/stories/test/dyn/wpdt2011_1_en.pdf

The 2012 versions of antivirus and internet security suites have been rolling out of the last couple of months. These will probably be incorporated into the test bed, replacing the 2011 versions. This test group continues to innovate in their testing. Go to their website to check out the anti-phishing test (to be covered another time).

Go to http://www.av-comparatives.org/en/comparativesreviews/dynamic-tests to play with the interactive table. You can also modify the time period and view results.

About AV-comparatives.org - www.av-comparatives.org

AV-Comparatives is an Austrian Non-Profit-Organization, which is providing independent Anti-Virus software tests free to the public.

Friday, October 21, 2011

AV-Comparatives Anti-Phishing Test – August 2011

AV-Comparatives released their Anti-Phishing Test in August. This is a new test. Most of the products tested were Internet Security Suite 2011 solutions. Hopefully, this test will be duplicated now that many of the leading Internet Security Suite 2012 solutions have been released. http://www.av-comparatives.org/images/stories/test/phishing/antiphishing2011.pdf . 19 internet security products were in the test.

Anti-Phishing Test 2011

Top 10 products in order, were, in terms of percentage:

1. 98.6 – Webroot
2. 97.3 – eScan
3. 96.7 – McAfee
4. 96.1 – Bullguard
5. 94.4 – BitDefender
6. 92.8 – Trend Micro
7. 92.1 – F-Secure
8. 89.4 – Symantec
9. 89.1 – Avira
10. 88.7 – K7

Look for this to be cross-tabbed against some other test results shortly. A major whoops to TrustPort who finished 18th at 76.9%. Also, TrustPort and Bullguard have consistently been top performers in Virus Bulletin RAP Average Quadrant http://kensek.blogspot.com/2011/08/august-2011-virus-bulletin-rap-averages.html . McAfee and K7, not so much.

AV-Comparatives is an Austrian Non-Profit-Organization, which provides independent Anti-Virus software tests free to the public.

Go to their website for complete details about the organization, the many tests they perform, and to download copies of tests. This includes a September 2011 Corporate Comparative report that runs over 100 pages!

Friday, October 07, 2011

Oracle Settlement of False Claim Lawsuit Could Top $200 Million

“In what will shape up to be the largest False Claims Act settlement ever collected by the General Services Administration, software maker Oracle Corp. and Oracle America will pay $199.5 million plus interest to the agency, according to a Justice Department Oct. 6 news release”. This is from an October 7 news story. http://www.govexec.com/dailyfed/1298/120798t1.htm

You can bundle the software with hardware. You can bundle the software with consulting fees. You can bundle it with support fees. But in the end, when it comes to GSA pricing, the federal government gets favored nation’s status. Well, the myth of the $600 government hammer notwithstanding. That came down to cost allocation and is another story. http://www.govexec.com/dailyfed/1298/120798t1.htm

In software pricing and licensing agreements, there’s list price. There’s street price. There’s a negotiated price. And then there’s the GSA Price List. It appears as if the courts decided that Oracle had licensed software to someone else for lower than GSA pricing.

From a competitive standpoint, if you want to know the lowest a competitor can go, check out the GSA price list. The government alleged that some customers had received higher discounts than they had received. That wasn’t a good thing.

The payday for a former Oracle employee because of the Federal False Claims act will be $40 as his portion of the settlement. That’s even larger than what Hewlett Packard paid Hurd to go away.

In an interesting comment, a company spokeswoman told the Federal Times in an email that "strong controls" would have insured government customers received fair prices. Colloquially, this could almost be translated to “someone in government should have paid more attention.”

To be fair to businesses, sometimes the press can be unclear on the concept of software licensing and pricing. It’s common for software companies to have a tiered licensing structure. With tiered licensing, prices decrease at greater tier levels. Assume that a company wants to purchase some internet security software. Let’s say that between 150 and 199 units, the price is $25 each. At 200 units, the unit price decreases to $20. Doing the math, it turns out that for anything greater than 160 units, they should purchase 200 licenses. Why? Because they’ll essentially get 40 licenses for free.

Years ago, the press vilified a company in CA for selling the state government more licenses for than they needed. But, it could have actually made economic sense for them to do that.

The above is probably “too much information”. But, it’s a useful example.

If you want to learn more about GSA pricing, go to https://www.gsaadvantage.gov/advantage/main/start_page.do

So, Oracle pays the fine for not providing the Federal Government favored nation’s status. The whistle blower receives $40 million. Now he can buy an island and have his own nation.

Tuesday, October 04, 2011

AV-Test Product Review and Certification Report – Q3-2011

During July and August 2011, AV-Test (www.AV-Test.org) tested 25 internet security products in the areas protection, repair and usability. The highest score possible in each category was 6.0. The test was on Windows 7. Six company’s products failed the test by failing to achieve a score of 11 or greater. The companies with the top four scores and the avg score of the three categories are below:

5.5 - BitDefender: Internet Security Suite 2011
5.2 - F-Secure: Internet Security 2011
5.2 - Panda: Internet Security 2011
4.8 - Kaspersky: Internet Security 2011
4.8 - AVG: Internet Security 2011
4.8 - Security Coverage SecurityIT Plus

McAfee, PC Tools, and Webroot were among the companies whose products failed to receive certification.

The table below combines several things. The ranked score for AV-Test.org ‘s August/September test, the ranked score for the Q2 test running on Windows XP, and the Q3 Av-compratives.org overall data detection rankings from their for On Demand Detection for Malicious Software. The caveat for this column is that the test used vendors’ antivirus 2011 products. AV-test.org used internet security suite 2011 products for the most part. There are blanks where products were not tested for particular tests.

What Does it All Mean?

In addition to reading comprehensive product reviews, you should look at the details for the above tests. Also, read the product reviews for the products you’re interested in. Don’t rely on Facebook Fans’ thumbs up. A different digit may be raised, should their laptops catch something.



Thursday, September 29, 2011

AV-Comparatives on Demand Detection of Malicious Software – September 2011

AV-Comparatives has released their latest On Demand Detection of Malicious Software report – September 2011. Twenty vendors were included in the test.

Advanced Plus (3 star ratings) were received by 10 vendors, G data, Avira, Panda, F-Secure, BitDefender, Kaspersky, ESET, Avast, McAfee, and Trend Micro. Advanced (2 star ratings) were achieved by TrustPort, Qihoo, eScan, AVG Technologies, Symantec, and Microsoft. http://www.av-comparatives.org/images/stories/test/ondret/avc_od_aug2011.pdf.

The top ten products in their April report for detection rate were in order, from G Data, TrustPort, Avast, Panda & F-Secure (tie) Qihoo, BitDefender, Avira & ESET (tie), and eScan This differs slightly from their 3 star ratings as you'll see in the report. http://www.av-comparatives.org/images/stories/test/ondret/avc_od_feb2011.pdf

The table below combines several results. The second column is the ranking from the September report for total detection rate. The third column is the same but for the April report. The fourth column is for AV-Comparatives Whole Product Real World Dynamic Test in August. The last column is the score for PC Magazine’s Internet Security 2012 reviews. Probably these scores will be used for Best Internet Security Suites 2012 for PC Magazine.

What Does the Table below Mean?

With respect to the on Demand Detection tests, with the exception of McAfee; there was a consistency of performance among the top five vendors. There seems to be little relationship between the Whole Product Real World Dynamic test and the On Demand Detection tests. PC Magazine’s ratings didn’t correlate with any of the three tests. However, PC Magazine’s scores are for much more than detection of malware. They are for a total product review. For more details on PC Magazine’s testing go to http://kensek.blogspot.com/2011/08/best-internet-security-suites-2012-pc.html

AV-Comparatives is an Austrian Non-Profit-Organization, which provides independent Anti-Virus software tests free to the public.

Go to their website for complete details about the organization,the many tests they perform, and to download copies of tests. This includes a September 2011 Corporate Comparative report that runs over 100 pages!

Wednesday, September 28, 2011

Wandering Around SecureWorld Expo, Securing the Endpoint

SecureWorld Expo came to the Bay Area during the week of September 20, and was pretty well attended. This conference will make a few more North America stops bfore the end of the year: http://www.secureworldexpo.com/. Among the sponsors were ESET, Websense, and Palo Alto Networks. Fortinet was also one of the exhibitors. There were a number of other internet security and security vendors,as well.

ESET’s booth people didn’t have a lot to say about Microsoft’s recent announcement that they would be putting endpoint security into the next version of Windows. Nor did they have anything to say about McAfee’s announcement about their DeepSafe technology, announced a week earlier at the Intel Forum.

According to a press release about the forum, “With the announcement of this new DeepSAFE technology, McAfee and Intel are working to change the industry by combining the power of hardware and software to create much more sophisticated ways to prevent attacks. Cybercriminals know how to evade current operating systems-based security, demanding a new paradigm – security beyond the operating system.” http://www.mcafee.com/us/about/news/2011/q3/20110913-01.aspx One would think that internet security vendors would be a little bit concerned about how both of these could affect their revenues.

You’ll Have to Figure Out Which Vendor Said What

I had the opportunity to chat with the booth people at Fortinet, Palo Alto Networks, Websense, and SonicWALL. Three of the vendors discussed the application control technologies contained within their products. One of the vendors wouldn’t criticize the other vendors directly, but they stated that their product was still essential because the other vendor’s products presented a potential single point of security failure. One of the other vendors talked about how their Next Generation Firewall (NGFW) differed from traditional firewalls. They also discussed their single scan technology and felt that one of the other vendor’s products at the show was more of a UTM, with extra bolted on technology.

The vendor with the “UTM, with extra bolted on technology” stated that they were, in fact, offering Next Generation Firewalls, that scaled up to enterprise strength, and in fact, was faster than the other company's NGFW solutions were. Not quite a corporate smackdown but interesting, nonetheless.

Securing the Endpoint – The Battle Continues

The room was reasonably full for the panel discussion “Securing the Endpoint – The Battle Continues”. The session was primarily a Q&A with customers on the panel. There weren’t vendors on the panel. Comments made by the panel weren’t extraordinary but there was a breadth of security savvy in the event attendees. Some of the comments made – Multiple layers of security are essential. If you make use of a malware gateway appliance, don’t use the same malware software as you use on the desktop. The growth of people wanting to connect their devices, whether smartphones, home laptops, or tablets, is making securing the network more problematic. It’s essential that employees be retrained in security annually. One of the panel attendees also felt the internet security/antivirus software on his company’s network was probably capturing only 30% of what hit it. Given that, he felt that the software was overpriced.

Monday, September 26, 2011

The Meg Whitman Era Begins at Hewlett Packard

There are some great articles in Channelnomics detailing what’s been happening at Hewlett Packard most recently. The “Anatomy of a Meltdown” chronicles the events since mid-August. http://channelnomics.com/2011/09/25/hp-anatomy-meltdown-recovery/ Being in Silicon Valley, you do get more of a sense of the flavor and history of the not so positive transformation of Hewlett Packard, beginning with the hiring of Carly Fiorina (acquired Compaq, wrecked the culture, $45 million parachute). She was followed by Mark Hurd (good eye for the bottom line, and grew the business, around a $20 million parachute). Then Leo Apotheker from SAP (probably the less said, the better), and now Meg Whitman.

Hopefully the Meg Whitman era won’t parallel what happened with Apple when Steve Jobs, recruited Sculley from Pepsi Cola. During the recruitment process, Jobs asked Sculley: "Do you want to spend the rest of your life manufacturing colored water or do you want to change the world?" Scully came to Apple, Jobs got pushed out. Sculley had 10 year tenure and grew revenue from $800 million to $8 billion before he was pushed out (and supposedly never really learned to use a Mac). Nonetheless, the company wasn’t in fantastic shape when he departed. Sculley never bonded with the engineers. Anyone remember the Lisa?

Whitman lacks a technology background. This will be a strike against her at Hewlett Packard. Call it a slight hurdle to overcome.

She made an interesting statement during her first interview with the press upon being named CEO.

"I have run a large company -- not obviously as large as HP, but I have run a very large company," she said. "While I don't have years of experience in an enterprise business, I bought a lot of software. I was one of the largest enterprise customers in Silicon Valley."

"That's like saying, 'I've bought an iPhone, so I can run Apple Inc." said Whitmore at Deutsche Bank.

Whitman joined Hewlett-Packard's board in January following her failed bid to become California's governor last year. During her campaign, she spent roughly $142 million of her own money. Cost per vote for the campaign, $46. That was a relative bargain. Her cost per vote to win the primary was $76 per vote. For a billionaire, Whitman can be just plain folks and seen at south bay restaurants with her significant other on weekends.

Before eBay, Whitman worked as an executive at the toy company Hasbro, the floral service FTD Inc., footwear maker Stride Rite Corp. and Walt Disney Co.

eBay made some acquisitions during Whitman’s tenure. Their acquisition of Skype proved to be an expensive $2.6 billion venture that didn’t pan out.

Whitman has said that a decision on what Hewlett Packard will do with their $40 billion PC division by the end of the year. Perhaps they’ll come to a final decision on the HP TouchPad well before then. I need another one to complete my coaster collection.

Saturday, September 24, 2011

An Interesting Time in the Internet Security Suite and Antivirus World

So, Intel announces that they are going to be putting more security on their chip with software supplied by wholly owned subsidiary McAfee. This has to be interesting to the EU. At the same time, McAfee failed the most recent test by AV-test.org. Look for DeepSafe later this year http://online.wsj.com/article/BT-CO-20110914-708402.html

Microsoft has started writing about Windows 8 and how they plan to add more security to the software. Can you say Microsoft Security Essentials? Microsoft Security Essentials has acquired nice market share on the www.opswat.com market share reports, but they have not been receiving stellar reviews. I asked ESET employees about this at a recent security show. They didn’t have anything in particular to say.

PC Magazine has been busy for the last couple of months since consumer internet security vendors have been releasing their paid and free antivirus 2012 and internet security 2012 solutions.

You look at downloads on www.download.com and the number of downloads from the top free vendors has dropped by “a lot”. There are a number of reasons for this, including switching where the downloads are coming from, to different servers, fewer malware attacks, less product churn, more upgrades... AVG Technologies and Avast are within 56k downloads on this site for the week ending September 17.

It’s hard to tell how the internet security suite vendors feel about reviews from www.download .com. Doing a search on the first 10 under “Free Antivirus” based on downloads last week: Two 5 star reviews, PC Tools and Threatfire, four 4.5 stars, AVG Antivirus Free Edition 2012, Avast Free Antivirus, Avira Antivir Personal, and Panda Cloud Antivirus Free Edition are up there. Some paid versions seem to have worked their way in. You’ll have to read the extensive reviews to determine how one 4.5 star product is better than another. It's worth the effort.

Of course, you can’t tell a lot from an internet security provider’s fan page. The fans have never met a like button they could not hit.

It will probably be another month or two before av-comparatives.org will release a test involving the 2012 products.

Avast, F-Secure, McAfee, Sophos, and Webroot (alphabetical order) cannot be happy about how they finished in www.av-test.org ‘s Whole Product Dynamic Tests for the month of August. Trend Micro, on the other hand, has to be quite pleased.

Some of the antivirus and internet security vendors are respectfully not participating in some third party tests. I would conjecture on this in more detail in that they disagree with the test methodology but my humble budget does not include paying for a food tester.

UK publication PC Pro (www.pcpro.co.uk) hasn’t done a lot with 2012 internet security and antivirus products yet. Perhaps in a few months.

Over the past year, reviewers have started to incorporate more data from www.av-test.org, www.av-comparatives.org and www.virusbtn.org . Imitation is the sincerest form of flattery. This must be purely coincidental ;). Cross-tabs and combining results from multiple test organizations can be enlightening.

So what does the above mean, besides that there's a reason not to have had caffeinated coffee at Starbucks after 8pm? Time to spend some musings in other areas like virtual appliances, higher level strategies, why HP has hired Meg Whitman, the recent SecureWorld expo, and will Intel’s Dave Dewalt make an appearance at McAfee’s event in Vegas (you can probably take that one to the bank, baby!). Theatre reviews written recently won’t be ported to this blog.

Tuesday, September 20, 2011

Information Security and Techtarget Readers' Choice Awards 2011 Announced

Information Security announced their Readers’ Choice 2011 Awards on Monday. More than 1,500 voters participated in the survey. The nice thing about surveys is that companies can’t go and encourage their Facebook fans to vote early and often. The Chicago way.

In the category of Best Antimalware

• Gold - Eset NOD32
• Silver - Trend Micro OfficeScan
• Bronze - McAfee Total Protection for Endpoint - Enterprise Edition


As a sanity check on the Reader’s selections for Best Antimalware:

Eset and McAfee received a VB100 award in the August 2011 test. Trend Micro didn’t participate. http://www.virusbtn.com/vb100/archive/summary

Eset received 2 stars in the AV-comparatives.org May Anti-virus Comparative Retrospective Test. Neither McAfee nor Trend Micro participated.


Eset and Trend Micro were certified in the AV-test.org Q2 test on Windows XP. McAfee failed to receive certification. http://www.av-test.org/en/tests/test-reports/quarter-22011/

The products tested above may not be the exact ones that were voted on for Reader’s Choice. Nonetheless, the results of these tests are probably a good acid test for the quality of the company’s products overall.

Bravo to Eset for being part of all three tests. The complete list of categories that companies received awards for are listed below as is the link to the article.

• Best Antimalware Products 2011
• Best Authentication Products 2011
• Best Intrusion Detection/Prevention Products 2011
• Best Identity and Access Management Products 2011
• Best Messaging Security Products 2011
• Best Mobile Data Security Products 2011
• Best Network Access Control Products 2011
• Best Policy and Risk Management Products 2011
• Best Secure Remote Access Products 2011
• Best SIM Products 2011
• Best Unified Threat Management Products 2011
• Best Vulnerability Management Products 2011
• Best Web Application Firewalls 2011
• Best Web Security Products 2011


Saturday, September 17, 2011

AV-comparatives.org Whole Product Dynamic Test – August 2011

The top five products in the AV-Comparatives.org and the "Whole Product Dynamic Real World Test” for August has some major antivirus and internet security suite vendors performing not so well. The top 5 for the month were Trend Micro, Symantec, Avira, BitDefender, and K7.

1. 99.5 – Trend Micro
2. 99.0 – Symantec
3. 98.4 – Avira
4. 98.4 – BitDefender
5. 97.9 – K7

To see complete results for August (twelve more vendors), go to http://www.av-comparatives.org/en/comparativesreviews/dynamic-tests and view the monthly report. More important though, are results over a period of time. For a one quarter write-up http://www.av-comparatives.org/images/stories/test/dyn/wpdt2011_1_en.pdf K7 has improved a lot in the August results.

To see an older table of the AV-Comparatives.org Whole Product Dynamic Test and AV-Test.org Certification Test Combined, go to http://kensek.blogspot.com/2011/07/av-comparativesorg-whole-product.html . The 2012 versions of antivirus and internet security suites have been rolling out of the last couple of months. These will probably be incorporated into the test bed, replacing the 2011 versions.

Go to http://www.av-comparatives.org/en/comparativesreviews/dynamic-tests to play with the interactive table. You can also modify the time period and view results.

About AV-comparatives.org - www.av-comparatives.org

AV-Comparatives is an Austrian Non-Profit-Organization, which is providing independent Anti-Virus software tests free to the public.

Monday, September 12, 2011

October 12 - Editors Choice PC Magazine – The Wisdom of Crowds

Neil Rubenking from PC Magazine has named his Editors Choice awards for best Free Antivirus 2012, paid best Antivirus 2012 and best Internet Security Suites 2012 solutions.

• Free Antivirus – AVG Free Anti-Virus 2012, AVG Technologies
• Paid Antivirus – Norton Antivirus 2012, Symantec
• Paid Antivirus – Webroot SecureAnywhere Antivirus 2012
• Internet Security – Norton Internet Security 2012, Symantec

To see PC Magazine’s rankings of the Best Antivirus 2012 and Best Internet Security 2012 solutions, go to http://kensek.blogspot.com/2011/08/best-antivirus-software-2012-pc.html and http://kensek.blogspot.com/2011/08/best-internet-security-suites-2012-pc.html respectively . Additions will be made to these sites.

Go to http://www.pcmag.com/article2/0,2817,2392456,00.asp for the Norton Internet Security review.

Go to http://www.pcmag.com/article2/0,2817,2393678,00.asp for the Webroot SecureAnywhere Antivirus review.

An ouch for AVG Technologies is a false positive in the latest VB100 tests from Virus Bulletin. http://www.virusbtn.com/vb100/archive/summary . Nice streak of 21 VB100 awards in a row prior to the August test, though.

Wisdom of Crowds - James Surowiecki – You Have to Remember the Conditions

“The Wisdom of Crowds: Why the Many Are Smarter than the Few and How Collective Wisdom Shapes Business, Economies, Societies and Nations” is a great book written by James Surowiecki. In the book, he argues that “under the right circumstances, groups are remarkably intelligent, and are often smarter than the smartest people in them."

This may work for crowds designing internet search engines, guessing the weight of a wild boar, or guessing the number of jelly beans in a jar. It may not work for selecting the best antivirus or internet security solution. There are four conditions from Surowiecki not mentioned by people for this to work. The “wise” crowds need:

(1) diversity of opinion
(2) independence of members from one another
(3) decentralization
(4) a good method for aggregating opinions

Fan pages on internet security solution providers don’t represent a diversity opinion in selecting a “best internet security solution” or "best antivirus solution". Gazillions of the fans have never met a like button they wouldn’t push. They’ve self selected onto a fan page. You could argue that they are decentralized. However, they are receiving constant reinforcement from their fellow Facebook friends on the wisdom of their decisions. Avoiding buyer’s remorse is another topic. Internet surveys on voting for the best solution are a popularity contest with people able to “dial in” multiple times.

In the end, should one need surgery, want advice on an automobile, or want advice on the best internet security, it may be best to rely on the wisdom of a relative few qualified pundits who are given free reign to express their opinions. Web sites that list “Top 10 Somethings” may not be the most objective if participation requires pay to play.

Another great book – “How We Decide” by Jonah Lehrer.

Saturday, September 10, 2011

September 2011 OPSWAT Report on Worldwide Security Industry Market Share

OPSWAT Inc. has published their report on “Security Industry Market Share Analysis” September 2011. The results may not match the results published by the vendors themselves. The data OPSWAT used was collected between May 16 and August 15, 2011.

Worldwide Security Industry Market Share Leaders – Companies

• Avast Software – 16.6% (1st in June report)
• AVG Technologies – 12.9% (2nd in June report)
• Avira – 10.8% (3rd in June report)
• Microsoft – 10.6%
• Symantec – 8.9%
• Eset – 8.4%

Avast had a 4% plus gain versus June. Avg Technologies had a slight gain while Avira dropped.

The table in the OPSWAT document lists the top 15. Other companies in the top 15 in the worldwide market share table include, Microsoft, Eset, Symantec, Kaspersky, McAfee, and Panda.

Worldwide Market Share Leaders - Product

• Avast Free Antivirus - 12.0% - (was 3rd in June report)
• Microsoft Security Essentials – 10.3% (was 1st in June report)
• Avira Antivir Personal - Free – 9.1% (was 2nd in June report)

AVG Technologies - 4th at 7.9%, ESET - fifth at 5.3%, AVG 10 - 6th at 4.4%

Both Avast and AVG have a pair of products in the table where the data above came from. The top three product market share leaders in North America – Microsoft, Avast, and AVG Technologies .

Avast is promoting 134 million active users and 171 registered users http://www.avast.com/en-us/about on their site. Avira and AVG are both promoting just under 100 million. Each company varies in how they count active users.

The OPAWAT report also contains information about Windows Operating System Deployments, and Instant Messenger market share.

Large Number of Vendors but Consolidated Industry

According to OPSWAT, global, the top 15 vendors have about 93% of the market. The top 5 had just under 60%. OPSWAT market share reports are available at http://www.opswat.com/media/reports . The report contains details on how the data was captured.

For some information on the OPSWAT June Report http://kensek.blogspot.com/2011/06/june-2011-opswat-report-on-worldwide.html


OPSWAT was founded in 2002. OPSWAT provides software engineers and IT professionals with development tools and data services to power manageability and security solutions. www.opswat.com

Belated McCredit to a Prior McAfee Campaign

Taking a journey on the hot tub time machine. The time - mid 2000’s. Internet security provider McAfee embarks on a “Power of M” campaign. The campaign was “designed to communicate how the company has evolved from its beginnings as a provider of anti-virus software, to becoming a global leader in comprehensive security, to a current leadership position in security risk management. “ “M” is everywhere. Needless to say, someone at a high level disagrees with the campaign. Banners disappear, flags disappear. Even some employees seem to disappear as everyone disavows knowledge of the campaign.

Returning the hot tub time machine to 2011. In a September issue of the Wall Street Journal, with the tag line “Safe Never Sleeps” is a half page advert, with the McAfee “M” dominating the ad. Sometimes things just go in circles. Look for “leader in intrusion prevention” sometime in the near future ;)

Wednesday, August 31, 2011

McAfee Total Protection 5.0 Beta –McAfee Beta

McAfee has McAfee Protection 5.0 still in beta. You can learn more about the product and register to download at http://beta.mcafee.com/betamcafee

What's New With McAfee Total Protection?

• Improved Threat Detection:
• CleanBoot Tool:
• McAfee Anti Theft
• Improved Performance:
• MTP installation time has been reduced
• Improved On Demand Scan (ODS) performance.
• Home Network offer a larger list of Devices to identify on its drop-down list. Devices such as; Network Switches, PDA's, Smart Phones are now available to choose from.
• Parental Controls accumulate statistics in a Security Report
• Parental Controls now offers Improved Time Restriction capabilities
• Online Demand Scans now prompt the user to scan external drives
• Quickclean/Shredder now includes additional options when cleaning up files
• Improved key-logger protection

With respect to last year's McAfee Total Protection

McAfee didn't participate in AV-Comparative.org's May Retrospective test.

They did receive a VB100 award in the Virus Bulletin August Test http://www.virusbtn.com/vb100/archive/summary

Their solution came in next to last in av-comparative.org's "Whole Product Real World Dynamic Test" May-June http://www.av-comparatives.org/images/stories/test/dyn/wpdt2011_1_en.pdf

They failed certification on av-test.org's q2 test http://www.av-test.org/en/tests/test-reports/quarter-22011/

Not a McStellar performance.

Internet Security Suites 2012 and the Super Suites - Everything but the Kitchen Sync

First, there was Antivirus. Followed by Antivirus Plus. Followed by Internet Security Suites. Then the Super Suites, which are faster, protect you from things you never know you had to be protected from, improved your “online experience” and would get you great seats for the World Cup and World Series. Well, maybe not the latter.

For example, the Super suite for BitDefender - Total Security, adds File Shredder, File Encryption, Tune-Up, and a Safe Backup versus the internet security suite - http://www.bitdefender.com/solutions/antivirus-comparison.html

For Kaspersky - Pure Total Security – adding management, password management, encrypted data vaults, password manager, and more versus the internet security suite! http://usa.kaspersky.com/products-services/home-computer-security/pure

For Panda -Panda Global Protection – adding tune-up, file shredding, file encryption versus the internet security suite - http://www.pandasecurity.com/usa/homeusers/solutions/

The links above lead to the respective product comparison grids and have 2012 products out.

Not to be outdone, Norton has two Super suites. Norton 360™ and Norton 360 Premier Edition.

Other Super Suites

Trend Micro Titanium Maximum Security, McAfee Total Protection, Zone Alarm Extreme Security, G Data Total Security (2012 out) http://www.gdata-software.com/home-security/ , TrustPort Total Protection (2012 out) http://www.trustport.com/en/products/trustport-total-protection#comparison This list isn’t comprehensive.

So, visit the grids, choose from the smorgasbord of functionality you are looking for. The permutations are many! Parental Guidance is another feature frequently thrown in, as is Game Mode. Or a small handful of features that are a subset of another product the company sells.

As of August 24, companies that had their Internet Security 2012 Suites released (and most likely, their Super suites are BitDefender, Zone Alarm, Kaspersky, G Data, Panda, TrustPort, and Outpost.


Saturday, August 27, 2011

Best Antivirus Software 2012 - PC Magazine - Best Antivirus For 2012

September 12, 2012 update - The link below leads to a blog about Antivirus 2013 solutions. The blog below is a relatively comprehensive listing of Antivirus 2012 solutions.


 The great thing about Neil Rubenking and PC Magazine Antivirus best antivirus software 2012 and best internet security suite reviews in general is that he is thorough. He does his homework. He discusses the changes from the previous year rather than just doing a “feature” list. And his style is both detailed and entertaining.

Antivirus solutions provide “basic” protection. For more comprehensive protection, you should take a look at security vendors’ internet security suites, or their power internet security suites. These contain even more features, or bloatware, depending on your own personal beliefs. When looking at pricing, note that some of the licenses are for one user, others are for three. Pairing up with a bud or two can save you some $ for a Starbucks card.

Summary Scores - Best Antivirus Software 2012 - Best Antivirus for 2012

In the table below, products are listed numerically, highest to lowest, and reverse alphabetical order for consistency.

Webroot SecureAnywhere Antivirus and Norton Antivirus 2012 received the Editors' choice designation from PC Magazine and Neil Rubenking. AVG Antivirus Free Edition received this designation for free antivirus.

4.5 - Webroot SecureAnywhere Antivirus2012 - Editors Choice
4.5 - Norton Antivirus 2012-Editors Choice
4.0 - AVG Antivirus Free 2012 - Editors Choice
4.0 - Avira Free 2012
4.0 – BitDefender Antivirus Plus 2012
3.5 – Panda Cloud Antivirus 1.5 Free Edition
3.5 – Kaspersky Anti-Virus 2012
3.5 – G Data Antivirus 2012
3.5 - McAfee Antivirus 2012
3.0 - F-Secure Antivirus 2012
3.0 – Zone Alarm Antivirus + Firewall 2012
3.0 - PC Antivirus Pro 2012
3.0 – Panda Antivirus Pro 2012
3.0 – Output Antivirus Pro 7.5
3.0 - Bullguard Antivirus 12http://www.blogger.com/img/blank.gif
2.5 – TrustPort Antivirus 2012
2.5 – Trend Micro Titanium Antivirus+ 2012

It’s definitely worthwhile going to the detailed multi-page reviews and to examine Neil Rubenking’s anti-phishing, anti-malware, and anti-malware removal charts for the products he has reviewed so far for PC Magazine.


To see a list of Best Internet Security Suites 2012, go to http://kensek.blogspot.com/2011/08/best-internet-security-suites-2012-pc.html .

From www.Kensek.blogspot.com , you can also see compilations of other reviews and tests, blogs merging the results of product reviews and performance tests from multiple publications, etc.