Thursday, August 16, 2012

NSS Labs - Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?

NSS Labs released an interesting analysis brief on  August 15 – “Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?”  NSS Labs conducted testing on thirteen consumer antivirus (AV) products.  The goal was to see how well the products  repelled attacks on systems not yet patched for a pair of current vulnerabilities.  Those used  in the test were the CVE-2012-1875 and CVE-2012-1889 vulnerabilities.  According to NSS, exploitation of either of these   can result in  remote code execution by the attacker.  Very bad for the user!  Look for an upcoming “Consumer Endpoint Group Test”  by NSS Labs in the near future. 

The Analysis Brief Top Scorers  Were

To cut to the chase, only four companies scored 100% on the test.  In alphabetical order, these were Avast, Kaspersky, McAfee, and Trend Micro. 
Two companies had products scoring 75%, ESET and Norton (I’m not listing all the  results to encourage people to register and download the free report).  No vendor scored 0% on the test with their tested product.  However, five of the products scored 25%.  One of them is based in Redmond, WA, however.  The cone of shame for all at the bottom. 

A Pair of the Recommendations

Two of the five recommendations of the study:   (1) Do not rely purely on AV software to protect your system.  Install HIPS (Host Intrusion Protection) or an Internet Security Suite as well.  (2) People utilizing Facebook, Gmail or other services that utilize HTTPS  need to have AV (at minimum) on their system.  Note that the first recommendation was install an Internet Security suite.   

In general, the products tested were  the vendor’s home Internet Security product.  It’s somewhat disappointing that BitDefender wasn’t included.  BitDefender tends to be near the top in any testing done by Av-comparatives and AV-test ( and ).

The tested  products - Avast Internet Security 7, AVG Internet Security 2012, Avira Internet Security 2012, CA Total Defense Internet Security Suite, ESET Smart Security 5, F-Secure Internet Security 2012, Kaspersky Internet Security, McAfee Internet Security 2012, Microsoft Security Essentials, Norman Security Suite Pro, Norton Internet Security 2012, Panda Internet Security 2012,  and Trend Micro Titanium + Internet Security.

At seven pages, the test is a good read.  The report is additive to the testing reports by the organizations listed above, as well as those performed by Virus Bulletin . Go to these other sites to view additional test reports.  These are much superior to counting Facebook fan "likes"!  The wisdom of crowds doesn't always rule. 

NSS Labs, founded in 1991,  provides independent security research and testing.  They also provide subscription based information services and consulting.  

1 comment:

Anonymous said...

My Panda Internet Security tells me about security vulnerabilities so there's no issue with missing Microsoft patches.