- HTTP Evasion & Compression
- HTML Obfuscation
- Payload Encoding
- File Compressors (download)
- Executable Packers (download)
- Executable Packers (execute)
- Layered Evasions
Thursday, November 08, 2012
NSS Releases AV/EPP Comparative Analysis Report
NSS Labs has released an AV/EPP Comparative Analysis of thirteen vendors products (Endpoint Protection Product). The vendors in the analysis include Avast, AVG Technologies, Avira, ESET, F-Secure, Kaspersky, McAfee, Microsoft, Norman, Norton, Panda, Total Defense, and Trend Micro.
This is an interesting report. The only downside is that many of the products are 2012 releases. The goal of this eleven-page report was to test these vendors endpoint security suites (no free products other than Microsoft’s) effectiveness in protecting Windows computers against exploits.
According to NSS, all the vulnerabilities exploited during the test have been publicly available for months (and years, even). Tests included:
Only three companies had an overall score of over 90% with Microsoft scoring the only 100%. The others over 90% were ESET and Kaspersky. The highest score from a “free” vendor was Avira with 89%. Again, this was their Internet Security suite. Hall of Shame vendors trailing the others with 71%; F-Secure, Total Defense, and Trend Micro.
Eight vendors had a File Compression Block Rate of 0%. Ouch. NSS felt that the issue had to do with products allowing the download of compressed payloads without checking the content. The other problem was with Executable Packers (download) with only five vendors scoring 100%. NSS pointed out in the report that most current browsers help block some malicious downloads. Also, a default configuration that doesn’t inspect compressed downloads is one of those tradeoff things between performance and security. Companies would never choose the default to be in favor of performance, though ;).
This report is well worth downloading. People may also want to look at the NSS 2012 Exploit Protection Comparative Analysis Report.
As always, you can’t judge the quality of an internet security suite by the number of Facebook fans the vendor has nor by the number of likes on the vendor’s Facebook fan page.
To learn more about NSS Labs, go to www.nsslabs.com