Thursday, September 29, 2011

AV-Comparatives on Demand Detection of Malicious Software – September 2011

AV-Comparatives has released their latest On Demand Detection of Malicious Software report – September 2011. Twenty vendors were included in the test.

Advanced Plus (3 star ratings) were received by 10 vendors, G data, Avira, Panda, F-Secure, BitDefender, Kaspersky, ESET, Avast, McAfee, and Trend Micro. Advanced (2 star ratings) were achieved by TrustPort, Qihoo, eScan, AVG Technologies, Symantec, and Microsoft.

The top ten products in their April report for detection rate were in order, from G Data, TrustPort, Avast, Panda & F-Secure (tie) Qihoo, BitDefender, Avira & ESET (tie), and eScan This differs slightly from their 3 star ratings as you'll see in the report.

The table below combines several results. The second column is the ranking from the September report for total detection rate. The third column is the same but for the April report. The fourth column is for AV-Comparatives Whole Product Real World Dynamic Test in August. The last column is the score for PC Magazine’s Internet Security 2012 reviews. Probably these scores will be used for Best Internet Security Suites 2012 for PC Magazine.

What Does the Table below Mean?

With respect to the on Demand Detection tests, with the exception of McAfee; there was a consistency of performance among the top five vendors. There seems to be little relationship between the Whole Product Real World Dynamic test and the On Demand Detection tests. PC Magazine’s ratings didn’t correlate with any of the three tests. However, PC Magazine’s scores are for much more than detection of malware. They are for a total product review. For more details on PC Magazine’s testing go to

AV-Comparatives is an Austrian Non-Profit-Organization, which provides independent Anti-Virus software tests free to the public.

Go to their website for complete details about the organization,the many tests they perform, and to download copies of tests. This includes a September 2011 Corporate Comparative report that runs over 100 pages!

Wednesday, September 28, 2011

Wandering Around SecureWorld Expo, Securing the Endpoint

SecureWorld Expo came to the Bay Area during the week of September 20, and was pretty well attended. This conference will make a few more North America stops bfore the end of the year: Among the sponsors were ESET, Websense, and Palo Alto Networks. Fortinet was also one of the exhibitors. There were a number of other internet security and security vendors,as well.

ESET’s booth people didn’t have a lot to say about Microsoft’s recent announcement that they would be putting endpoint security into the next version of Windows. Nor did they have anything to say about McAfee’s announcement about their DeepSafe technology, announced a week earlier at the Intel Forum.

According to a press release about the forum, “With the announcement of this new DeepSAFE technology, McAfee and Intel are working to change the industry by combining the power of hardware and software to create much more sophisticated ways to prevent attacks. Cybercriminals know how to evade current operating systems-based security, demanding a new paradigm – security beyond the operating system.” One would think that internet security vendors would be a little bit concerned about how both of these could affect their revenues.

You’ll Have to Figure Out Which Vendor Said What

I had the opportunity to chat with the booth people at Fortinet, Palo Alto Networks, Websense, and SonicWALL. Three of the vendors discussed the application control technologies contained within their products. One of the vendors wouldn’t criticize the other vendors directly, but they stated that their product was still essential because the other vendor’s products presented a potential single point of security failure. One of the other vendors talked about how their Next Generation Firewall (NGFW) differed from traditional firewalls. They also discussed their single scan technology and felt that one of the other vendor’s products at the show was more of a UTM, with extra bolted on technology.

The vendor with the “UTM, with extra bolted on technology” stated that they were, in fact, offering Next Generation Firewalls, that scaled up to enterprise strength, and in fact, was faster than the other company's NGFW solutions were. Not quite a corporate smackdown but interesting, nonetheless.

Securing the Endpoint – The Battle Continues

The room was reasonably full for the panel discussion “Securing the Endpoint – The Battle Continues”. The session was primarily a Q&A with customers on the panel. There weren’t vendors on the panel. Comments made by the panel weren’t extraordinary but there was a breadth of security savvy in the event attendees. Some of the comments made – Multiple layers of security are essential. If you make use of a malware gateway appliance, don’t use the same malware software as you use on the desktop. The growth of people wanting to connect their devices, whether smartphones, home laptops, or tablets, is making securing the network more problematic. It’s essential that employees be retrained in security annually. One of the panel attendees also felt the internet security/antivirus software on his company’s network was probably capturing only 30% of what hit it. Given that, he felt that the software was overpriced.

Monday, September 26, 2011

The Meg Whitman Era Begins at Hewlett Packard

There are some great articles in Channelnomics detailing what’s been happening at Hewlett Packard most recently. The “Anatomy of a Meltdown” chronicles the events since mid-August. Being in Silicon Valley, you do get more of a sense of the flavor and history of the not so positive transformation of Hewlett Packard, beginning with the hiring of Carly Fiorina (acquired Compaq, wrecked the culture, $45 million parachute). She was followed by Mark Hurd (good eye for the bottom line, and grew the business, around a $20 million parachute). Then Leo Apotheker from SAP (probably the less said, the better), and now Meg Whitman.

Hopefully the Meg Whitman era won’t parallel what happened with Apple when Steve Jobs, recruited Sculley from Pepsi Cola. During the recruitment process, Jobs asked Sculley: "Do you want to spend the rest of your life manufacturing colored water or do you want to change the world?" Scully came to Apple, Jobs got pushed out. Sculley had 10 year tenure and grew revenue from $800 million to $8 billion before he was pushed out (and supposedly never really learned to use a Mac). Nonetheless, the company wasn’t in fantastic shape when he departed. Sculley never bonded with the engineers. Anyone remember the Lisa?

Whitman lacks a technology background. This will be a strike against her at Hewlett Packard. Call it a slight hurdle to overcome.

She made an interesting statement during her first interview with the press upon being named CEO.

"I have run a large company -- not obviously as large as HP, but I have run a very large company," she said. "While I don't have years of experience in an enterprise business, I bought a lot of software. I was one of the largest enterprise customers in Silicon Valley."

"That's like saying, 'I've bought an iPhone, so I can run Apple Inc." said Whitmore at Deutsche Bank.

Whitman joined Hewlett-Packard's board in January following her failed bid to become California's governor last year. During her campaign, she spent roughly $142 million of her own money. Cost per vote for the campaign, $46. That was a relative bargain. Her cost per vote to win the primary was $76 per vote. For a billionaire, Whitman can be just plain folks and seen at south bay restaurants with her significant other on weekends.

Before eBay, Whitman worked as an executive at the toy company Hasbro, the floral service FTD Inc., footwear maker Stride Rite Corp. and Walt Disney Co.

eBay made some acquisitions during Whitman’s tenure. Their acquisition of Skype proved to be an expensive $2.6 billion venture that didn’t pan out.

Whitman has said that a decision on what Hewlett Packard will do with their $40 billion PC division by the end of the year. Perhaps they’ll come to a final decision on the HP TouchPad well before then. I need another one to complete my coaster collection.

Saturday, September 24, 2011

An Interesting Time in the Internet Security Suite and Antivirus World

So, Intel announces that they are going to be putting more security on their chip with software supplied by wholly owned subsidiary McAfee. This has to be interesting to the EU. At the same time, McAfee failed the most recent test by Look for DeepSafe later this year

Microsoft has started writing about Windows 8 and how they plan to add more security to the software. Can you say Microsoft Security Essentials? Microsoft Security Essentials has acquired nice market share on the market share reports, but they have not been receiving stellar reviews. I asked ESET employees about this at a recent security show. They didn’t have anything in particular to say.

PC Magazine has been busy for the last couple of months since consumer internet security vendors have been releasing their paid and free antivirus 2012 and internet security 2012 solutions.

You look at downloads on and the number of downloads from the top free vendors has dropped by “a lot”. There are a number of reasons for this, including switching where the downloads are coming from, to different servers, fewer malware attacks, less product churn, more upgrades... AVG Technologies and Avast are within 56k downloads on this site for the week ending September 17.

It’s hard to tell how the internet security suite vendors feel about reviews from .com. Doing a search on the first 10 under “Free Antivirus” based on downloads last week: Two 5 star reviews, PC Tools and Threatfire, four 4.5 stars, AVG Antivirus Free Edition 2012, Avast Free Antivirus, Avira Antivir Personal, and Panda Cloud Antivirus Free Edition are up there. Some paid versions seem to have worked their way in. You’ll have to read the extensive reviews to determine how one 4.5 star product is better than another. It's worth the effort.

Of course, you can’t tell a lot from an internet security provider’s fan page. The fans have never met a like button they could not hit.

It will probably be another month or two before will release a test involving the 2012 products.

Avast, F-Secure, McAfee, Sophos, and Webroot (alphabetical order) cannot be happy about how they finished in ‘s Whole Product Dynamic Tests for the month of August. Trend Micro, on the other hand, has to be quite pleased.

Some of the antivirus and internet security vendors are respectfully not participating in some third party tests. I would conjecture on this in more detail in that they disagree with the test methodology but my humble budget does not include paying for a food tester.

UK publication PC Pro ( hasn’t done a lot with 2012 internet security and antivirus products yet. Perhaps in a few months.

Over the past year, reviewers have started to incorporate more data from, and . Imitation is the sincerest form of flattery. This must be purely coincidental ;). Cross-tabs and combining results from multiple test organizations can be enlightening.

So what does the above mean, besides that there's a reason not to have had caffeinated coffee at Starbucks after 8pm? Time to spend some musings in other areas like virtual appliances, higher level strategies, why HP has hired Meg Whitman, the recent SecureWorld expo, and will Intel’s Dave Dewalt make an appearance at McAfee’s event in Vegas (you can probably take that one to the bank, baby!). Theatre reviews written recently won’t be ported to this blog.

Tuesday, September 20, 2011

Information Security and Techtarget Readers' Choice Awards 2011 Announced

Information Security announced their Readers’ Choice 2011 Awards on Monday. More than 1,500 voters participated in the survey. The nice thing about surveys is that companies can’t go and encourage their Facebook fans to vote early and often. The Chicago way.

In the category of Best Antimalware

• Gold - Eset NOD32
• Silver - Trend Micro OfficeScan
• Bronze - McAfee Total Protection for Endpoint - Enterprise Edition

As a sanity check on the Reader’s selections for Best Antimalware:

Eset and McAfee received a VB100 award in the August 2011 test. Trend Micro didn’t participate.

Eset received 2 stars in the May Anti-virus Comparative Retrospective Test. Neither McAfee nor Trend Micro participated.

Eset and Trend Micro were certified in the Q2 test on Windows XP. McAfee failed to receive certification.

The products tested above may not be the exact ones that were voted on for Reader’s Choice. Nonetheless, the results of these tests are probably a good acid test for the quality of the company’s products overall.

Bravo to Eset for being part of all three tests. The complete list of categories that companies received awards for are listed below as is the link to the article.

• Best Antimalware Products 2011
• Best Authentication Products 2011
• Best Intrusion Detection/Prevention Products 2011
• Best Identity and Access Management Products 2011
• Best Messaging Security Products 2011
• Best Mobile Data Security Products 2011
• Best Network Access Control Products 2011
• Best Policy and Risk Management Products 2011
• Best Secure Remote Access Products 2011
• Best SIM Products 2011
• Best Unified Threat Management Products 2011
• Best Vulnerability Management Products 2011
• Best Web Application Firewalls 2011
• Best Web Security Products 2011

Saturday, September 17, 2011 Whole Product Dynamic Test – August 2011

The top five products in the and the "Whole Product Dynamic Real World Test” for August has some major antivirus and internet security suite vendors performing not so well. The top 5 for the month were Trend Micro, Symantec, Avira, BitDefender, and K7.

1. 99.5 – Trend Micro
2. 99.0 – Symantec
3. 98.4 – Avira
4. 98.4 – BitDefender
5. 97.9 – K7

To see complete results for August (twelve more vendors), go to and view the monthly report. More important though, are results over a period of time. For a one quarter write-up K7 has improved a lot in the August results.

To see an older table of the Whole Product Dynamic Test and Certification Test Combined, go to . The 2012 versions of antivirus and internet security suites have been rolling out of the last couple of months. These will probably be incorporated into the test bed, replacing the 2011 versions.

Go to to play with the interactive table. You can also modify the time period and view results.

About -

AV-Comparatives is an Austrian Non-Profit-Organization, which is providing independent Anti-Virus software tests free to the public.

Monday, September 12, 2011

October 12 - Editors Choice PC Magazine – The Wisdom of Crowds

Neil Rubenking from PC Magazine has named his Editors Choice awards for best Free Antivirus 2012, paid best Antivirus 2012 and best Internet Security Suites 2012 solutions.

• Free Antivirus – AVG Free Anti-Virus 2012, AVG Technologies
• Paid Antivirus – Norton Antivirus 2012, Symantec
• Paid Antivirus – Webroot SecureAnywhere Antivirus 2012
• Internet Security – Norton Internet Security 2012, Symantec

To see PC Magazine’s rankings of the Best Antivirus 2012 and Best Internet Security 2012 solutions, go to and respectively . Additions will be made to these sites.

Go to,2817,2392456,00.asp for the Norton Internet Security review.

Go to,2817,2393678,00.asp for the Webroot SecureAnywhere Antivirus review.

An ouch for AVG Technologies is a false positive in the latest VB100 tests from Virus Bulletin. . Nice streak of 21 VB100 awards in a row prior to the August test, though.

Wisdom of Crowds - James Surowiecki – You Have to Remember the Conditions

“The Wisdom of Crowds: Why the Many Are Smarter than the Few and How Collective Wisdom Shapes Business, Economies, Societies and Nations” is a great book written by James Surowiecki. In the book, he argues that “under the right circumstances, groups are remarkably intelligent, and are often smarter than the smartest people in them."

This may work for crowds designing internet search engines, guessing the weight of a wild boar, or guessing the number of jelly beans in a jar. It may not work for selecting the best antivirus or internet security solution. There are four conditions from Surowiecki not mentioned by people for this to work. The “wise” crowds need:

(1) diversity of opinion
(2) independence of members from one another
(3) decentralization
(4) a good method for aggregating opinions

Fan pages on internet security solution providers don’t represent a diversity opinion in selecting a “best internet security solution” or "best antivirus solution". Gazillions of the fans have never met a like button they wouldn’t push. They’ve self selected onto a fan page. You could argue that they are decentralized. However, they are receiving constant reinforcement from their fellow Facebook friends on the wisdom of their decisions. Avoiding buyer’s remorse is another topic. Internet surveys on voting for the best solution are a popularity contest with people able to “dial in” multiple times.

In the end, should one need surgery, want advice on an automobile, or want advice on the best internet security, it may be best to rely on the wisdom of a relative few qualified pundits who are given free reign to express their opinions. Web sites that list “Top 10 Somethings” may not be the most objective if participation requires pay to play.

Another great book – “How We Decide” by Jonah Lehrer.

Saturday, September 10, 2011

September 2011 OPSWAT Report on Worldwide Security Industry Market Share

OPSWAT Inc. has published their report on “Security Industry Market Share Analysis” September 2011. The results may not match the results published by the vendors themselves. The data OPSWAT used was collected between May 16 and August 15, 2011.

Worldwide Security Industry Market Share Leaders – Companies

• Avast Software – 16.6% (1st in June report)
• AVG Technologies – 12.9% (2nd in June report)
• Avira – 10.8% (3rd in June report)
• Microsoft – 10.6%
• Symantec – 8.9%
• Eset – 8.4%

Avast had a 4% plus gain versus June. Avg Technologies had a slight gain while Avira dropped.

The table in the OPSWAT document lists the top 15. Other companies in the top 15 in the worldwide market share table include, Microsoft, Eset, Symantec, Kaspersky, McAfee, and Panda.

Worldwide Market Share Leaders - Product

• Avast Free Antivirus - 12.0% - (was 3rd in June report)
• Microsoft Security Essentials – 10.3% (was 1st in June report)
• Avira Antivir Personal - Free – 9.1% (was 2nd in June report)

AVG Technologies - 4th at 7.9%, ESET - fifth at 5.3%, AVG 10 - 6th at 4.4%

Both Avast and AVG have a pair of products in the table where the data above came from. The top three product market share leaders in North America – Microsoft, Avast, and AVG Technologies .

Avast is promoting 134 million active users and 171 registered users on their site. Avira and AVG are both promoting just under 100 million. Each company varies in how they count active users.

The OPAWAT report also contains information about Windows Operating System Deployments, and Instant Messenger market share.

Large Number of Vendors but Consolidated Industry

According to OPSWAT, global, the top 15 vendors have about 93% of the market. The top 5 had just under 60%. OPSWAT market share reports are available at . The report contains details on how the data was captured.

For some information on the OPSWAT June Report


OPSWAT was founded in 2002. OPSWAT provides software engineers and IT professionals with development tools and data services to power manageability and security solutions.

Belated McCredit to a Prior McAfee Campaign

Taking a journey on the hot tub time machine. The time - mid 2000’s. Internet security provider McAfee embarks on a “Power of M” campaign. The campaign was “designed to communicate how the company has evolved from its beginnings as a provider of anti-virus software, to becoming a global leader in comprehensive security, to a current leadership position in security risk management. “ “M” is everywhere. Needless to say, someone at a high level disagrees with the campaign. Banners disappear, flags disappear. Even some employees seem to disappear as everyone disavows knowledge of the campaign.

Returning the hot tub time machine to 2011. In a September issue of the Wall Street Journal, with the tag line “Safe Never Sleeps” is a half page advert, with the McAfee “M” dominating the ad. Sometimes things just go in circles. Look for “leader in intrusion prevention” sometime in the near future ;)