AV Comparatives Performance Test – Impact of Security Software on System Performance Report October 2015

AV Comparatives has released their Performance Test – Impact of Security Software on System Performance Report. Nineteen products were tested. Eleven products received three stars.  The top three products were in order,  Avira, Avast, and Kaspersky.   Congrats to these three!  Products tested were a combination of free and paid, antivirus, and internet security suites.  The hall of shame award for this test  goes to Fortinet and ThreatTrack; both received one star.  Windows 10 systems were used during the test.

Note that this test doesn’t test  an ability to protect against malware. For that, you would have to look at other tests by AV-Comparatives. In a tie-breaking situation between a few products that performed equally well at stopping and removing malware, the performance test could be a tiebreaker. 

To access the and download the report:  http://www.av-comparatives.org/performance-tests/ 

www.AV-Comparatives.org  used  the performance testing suite PC Mark 8 Professional, to measure system impact for the  test.

Av-Comparatives – Review of IT Security Suites for Small Business – September 2015

Av-Comparatives has released their Review of IT Security Suites for Small Business   - September 2015.  The review   examines security suites suitable for a company running either the Foundation or the Enterprise edition of Microsoft Windows Server 2012 R2. The Foundation version is suitable for small companies with up to 15 users (from the Microsoft website), while the Essentials version allows an additional ten users. The report considers products for a network of up to 25 client PCs, with one file server/domain controller.

AV-Comparatives’ review covered only the essential everyday tasks needed in all networks. However some products have additional features and could be used for significantly bigger networks reviewed. Products in the Review of IT Security Suites are:

Bitdefender Endpoint GravityZone, ESET Remote Administrator, F-Secure Protection Service For Business, G Data Antivirus Business, Kaspersky Small Office Security, McAfee SaaS Endpoint Protection, Sophos Endpoint Security and Control Cloud, Symantec Endpoint Protection, and Trend Micro Worry Free Business Security Services.  Symantec! They’re here.  They are not present on many of AV-Comparatives’ reviews (companies cannot selectively opt out of a subset of core reviews; it’s all or none).

The document itself runs around 90 pages.  Each product is given a comprehensive overview.  Major categories that AV-Comparatives looked at include:

Supported OS, Documentation, Management Console (cloud based, server based, and virtual appliance) Respective endpoint protection programs for Windows and Mac OS clients, Window Server Protection Software, and Summary

All of the products received the AV-Comparatives’ Approved Business Award.

The advantages of a document like this include, the depth of comparison, the same features/functionality are looked at for each product, and the review was done by a known test organization. A company would not have the time (and for a Small Business, the expertise) to go into this depth for nine products.  Companies looking to replace their current product being used should find this report a valuable (at no charge!) resource.

For those who like to compare products on a feature grid, suffice it to say that AV-Comparatives provides a sizeable (Multiple fingers and toes! Approximately 100 rows) grid as part of the document. This document is more than adequate for you to select one product for your environment or select a short list for evaluation.

The document can be downloaded at:    

   http://www.av-comparatives.org/corporate-reviews/

The “Death of Antivirus Software is Greatly Exaggerated”, as written in an article in CSO Online (and others).  You still need protection from these threats, whether the protection is provided from software on the device or from the cloud. Greatly Exaggerated

 Av-Comparatives has a fantastic library of test documents. The site organization scores high on surveys.  Check them out.  Other documents are available for download from the AV-comparatives website (www.av-comparatives.org ) website.

 

 

AV-Comparatives Mobile Security Review – August 2015

Austria based AV-Comparatives has released their Mobile Security Review -  August 2015.  This is quite an extensive document, providing a comprehensive review of sixteen security packages running on Android.  The document runs  seventy pages. Ten of the sixteen products are free.  Almost 2400 malicious applications were used in the test.

Mobile security is crucial for both home users (who are constantly checking their mobile) as well as businesses. The BYOD camel has entered its nose into the intranet tent and it’s not going to be removed.  Mobile devices are a major weak spot for network access, as well as a place where data can be accessed. Data stored on the phone can be stolen, as well.    The Global BYOD market is expected to grow at a CAGR of 25.32% from 2014 to 2019 according to a   new market research report published on September 15.    whattech.com market research report  . These devices need to be protected.

AV-Comparatives, while giving each of the products an approved rating, nonetheless found that the there was overall a “significant overall improvement” in the standard of the products.

Four of the  products provided 100% protection:   Trend Micro with no false alarms, BitDefender,   G Data (both with three  false alarms) and Antiy (with five) rounded out the top four.

AVG Technologies  offering trailed all products tested with 98.4% protection and 4 false alarms. Just above AVG Technologies was Sophos with 99.2% protection and 0 false alarms. 

For those who are interested in a tabular deep dive comparison, the first table compares which of 75 permissions are in each of the products. No product had all of them.

The Feature List table compares the products on over forty attributes, broken down into categories including Anti-Malware, Anti-Theft, Anti-Spam, Parental Control, Authentication, Additional Features, and Support. McAfee Mobile Security lacked the fewest, missing only three.  This product drained the mobile battery a bit more than the others did.

A great deal of work went into this document. The Mobile Security Review can be found free (!) at

http: //www.av-comparatives.org/mobile-security/  .  Complete copyright and disclaimer information is contained in the document and more information about test procedures is on the website.

AVC UnDroid Analyser

AV-Comparatives (www.av-comparatives.com) has also introduced a slick malware analysis tool, the UnDroid Analyser that is free to users. It’s a static system for detecting suspected Android malware and adware and generating some statistics about it. Check it out at http://www.av-comparatives.org/avc-analyzer  .

Addendum

 View AV-Comparatives September Malware Removal Test at

Malware Removal Test - September 2015

Gartner Magic Quadrant for Endpoint Protection Platforms- 2013

 Gartner  has  released  their 2013 Magic Quadrant for Endpoint Protection Platforms,   ID:G00247705.  Five performers are in the Leaders Quadrant.  Their approximate order in the report: McAfee, Symantec, Kaspersky, Trend Micro, and Sophos.  This is a little bit of a switch from 2012 when the order was Symantec, McAfee, Sophos, Kaspersky, and Trend Micro Microsoft, like in the 2012 report, was the only company in the Challenger portion of the grid.   Analysts for the report - Peter Firstbrook, John Girard, and Neil MacDonald.  Congrats to all in this portion of the quadrant.

Probably not so pleased with the report are Threatrack Security, Beyond Trust, and Check Point Software Technologies.  These were    the bottom three in the Niche Players portion of the quadrant.  Beyond Trust was the overall lowest in the quadrant with respect to ability to execute.  Check Point Software  slipped from the Visionary portion of the grid to this quadrant.  Not good.

McAfee continues its assimilation into Intel, who purchased them a couple of years ago.  The McAfee name will disappear and become   Intel Security.  Kaspersky continues their assault on Trend Micro. Sophos is aggressively expanding their business offerings, has revamped their channel program, http://channelnomics.com/2014/02/18/sophos-revamps-simplifies-partner-program/  remaining (and probably will remain)  a business focused security vendor.

The   Gartner Magic Quadrant for Endpoint Protection Platforms report is available for purchase on their website.  Some vendors such as Symantec have it available on their website for those who register.

Regarding the Leaders quadrant from the Gartner Magic Quadrant Endpoint report - “However, a leading vendor isn't a default choice for every buyer, and clients should not assume that they must buy only from vendors in the Leaders quadrant.  Some clients believe that Leaders are spreading their efforts too thinly and aren't pursuing clients' special needs.”

For more details on the Magic Quadrant and how it is created, read “Magic Quadrants and MarketScopes: How Gartner Evaluates Vendors within a Market”.     Sometimes a leader is not the best solution for a particular customer.  Despite that, you will see many   presentations where the vendor uses being in the Leaders quadrant   as a reason to buy from that particular vendor.  www.gartner.com

To see a blog on last year’s results - http://kensek.blogspot.com/2013/01/gartner-magic-quadrant-for-endpoint.html

ckensek on Twitter.

  

A Lighter Look at RSA 2013 San Francisco

RSA 2013 San Francisco was well attended.  There were over twenty thousand attendees.  Over 350 vendors participated in the trade show portion AhnLab owned the view from outside Moscone Center with flags promoting  their presence at the event.  Former Secretary of State Condoleezza Rice was the featured keynote speaker, the last day of event.   You know you’ve been in security for awhile when you go to one booth and recognize a few people that you’ve worked with, at different companies.

Advanced Persistent Threats (APTs), seemed to be the acronym du jour for RSA 2013 San Francisco this year.  There were a number of firewall vendors, as well.  Websense had a huge wall touting the results of a Miercom   test with their Web Security Gateway Anywhere appliance, versus a handful of competitors.  In looking at 2.26 million URLs, they identified and blocked over 132 thousand bad URLs.  The least effective result was achieved by FireEye who blocked 171 with their Web MPS 1300 appliance.  The report is available on the Websense web site.  Other companies in the test included Blue Coat, Cisco IronPort, and McAfee.  Germany had a pavilion with a number of companies.  China did as well.  Huawei,  from China, had a large booth in the corner of the exhibition hall.  No 60 Minute people were around.  The usual antivirus and internet security vendors were present; Trend Micro, McAfee, Symantec, Sophos, and ESET were there. NSS was distributing their latest firewall report.  WatchGuard was probably not pleased with the result.

However, enough about security.  What were the tchotchkes like?  Dentists appeared to sponsor many of the giveaways, since candy was rampant.  The usual pens and stress balls were all over the place.  More than a handful of booths were giving away quite nice water bottles.  Three motorcycles, including a Harley Davidson, were being given away.  The event was lighter than usual on tee shirts this year, but they were available at the Check Point, Kaspersky, AhnLab, and Trend Micro booths.  .  AhnLab had a slot machine with the grand prize being $10 thousand.  Light sabers were being given away.  A wookie and Leia (cinnabon hairstyle and all) were hanging in one booth along with the white storm troopers.   

There was a huge line for autographed copies of Kevin Mitnick’s latest book, The Art of Deception.  Likewise for Bruce Schneier and his latest book.  A $35 mini speaker was another giveaway at one booth, a company branded Rubik’s cube at another.  One company gave away a 3 feet long remote control helicopter at the end of each presentation.  Very cool.  Copious amounts of food and alcohol was served Monday evening during the two-hour preview to the show.  One company had a box to put one of your tchotchkes in.  A lucky person was going to win the whole box.  Seinfeld’s “no soup for you” guy was at the show for people wanting to have their picture taken with him.  Kaspersky himself showed up at the Kaspersky booth.  The Kaspersky  booth was serving most excellent kaspertinis at the show on Wednesday.  Bravilna.

RSA 2013 San Francisco - Where the World Talks Security

The RSA 2013 San Francisco security trade show  takes place  at Moscone Center February 25 through March 1.  “Where the World Talks Security” is the theme of this year’s show.  http://www.rsaconference.com/events/2013/usa/index.htm

 

Near the bottom of this blog is information on getting a free RSA  pass (exhibition hall) from Ahnlab, Zscaler, or Sophos.

The show has grown in size, with over 350 companies exhibiting.  The exhibition hall area will be open Tuesday through Thursday from 11am to 6pm (3pm on Thursday) for individuals with a full conference pass; there will be 275 different sessions to attend across 22 tracks.  Threats are evolving.  The cyber criminals are getting more creative. 

Up until several years ago, if you said “APT”, the brightest people in the room would say, “Advanced Placement Test.”  Now they are saying, “Advanced Persistent Threat.”  A number of security pundits are saying that traditional defenses are ineffective against today’s more sophisticated threats.  Here is your chance to learn about what companies are doing to protect individuals and companies against these. 

A number of security vendors may not have booths.  Look for stealthy meetings to be held at the bar area at the W Hotel, and way too many luncheons to at the Thirsty Bear Brewery on Howard street.  Some stealthy meetings may be held as far away as the Clift Hotel. 

For those just going for the exhibits, a great number of vendors always have   presentation theatres in their booth areas.  These can be quite educational, as well.  Exhibition pass holders are able to attend the keynotes Tuesday through Friday, I believe.  There are a number of keynote addresses at RSA 2013.  The final keynote this year will be 66^th Secretary of the United States, Condoleezza Rice, on Friday afternoon.   Go to the RSA site to learn about what talks are being give, and who the other keynote speakers are. 

Thursday is the least crowded day in the Exhibition Hall, as vendors will go through the ceremonial exchanging of the tchotchkes with other vendors.  Before going on your own personal tchotchke run, ask yourself, “Do I really need another 15 trade show tee shirts?”  If you do not attend on Tuesday, you will miss the libations being served during the last hour on the first day the exhibition hall is open.

Sponsors for this Year’s RSA 2013 San Francisco

Global Diamond Sponsors – Microsoft, Symantec, and RSA.  Global Platinum Sponsors, Akamai, and Qualys, Global Gold Sponsors – FireEye, splunk, and SafeNet, Platinum Sponsors – Cisco, McAfee, HP, and TrustWave.  There are also Gold and Silver sponsor levels as well.  Visit their booths. Travel the perimeter to view products from companies who lack the budget of the larger companies, may just be starting out, but may also have great products.    

This is your chance to attend a talk by a smaller vendor, then go to a larger vendor and ask, “Can you do A, B, and C?  This smaller vendor can.”    Asking a larger vendor why their products didn’t test as well on the tests performed by  www.virusbtn.com , www.AV-Test.org   and www.AV-comparatives.org  will not get you to the front of the line for any booth giveaways.  At the show, you may be able to view products that range from not so hot, to avg,  to pretty incredible.

Award Events Not Affiliated with RSA But Being Held That Week

SC Magazine will be presenting their SC Awards 2013 Reader Trust, Excellence, and Professional Awards   at a dinner on February 26. There are  over 34 categories this year.  To see a list of some of the finalists, go to http://kensek.blogspot.com/2012/02/sc-magazine-awards-2012-winners_29.html

 

Info Security Products Guide will be presenting their 2013 Global Industry excellence awards at a dinner on February 27.  To see a list   of the finalists for this award, go to http://www.infosecurityproductsguide.com/excellence/index.html

 

For the recipients of either these awards - Bragging rights, Product and company recognition, Marketing and promotion opportunities, Logos for their web site.  With a fair degree of certainty,  rest assured that those who have won the previous year but not this year, will not quickly be removing their logos from the web.   sites.

Free Pass – RSA 2013 San Francisco

Entering FXE13AHN at the link below will get you a free RSA 2013 exhibition hall pass.  Stop by the Ahnlab booth, learn about APTs, and tell Ahnlab  thank you.  FX13SPH at the link below will get you a free RSA  2013 exhibition hall pass.  Stop by the Sophos booth and tell them thank you.  As will FXE13ZSC.  Stop by the Zscaler booth and tell them thank you. Expires February 22.

Register: https://ae.rsaconference.com/US13/portal/newreg.ww

Gartner Magic Quadrant for Endpoint Security - 2012

Addendum - Information about the 2013 report is at http://kensek.blogspot.com/2014/02/gartner-magic-quadrant-for-endpoint.html

Gartner has released their 2012 Gartner Magic Quadrant for Endpoint Security, ID:G00239869.  Five performers are in the leaders quadrant.  Their approximate order in the 2012 report:  Symantec, McAfee, Sophos, Kaspersky, and Trend Micro.  Microsoft, who has built up a large endpoint market share in the last couple of years with their free consumer endpoint product, was the only company in the Challenger portion of the grid for the 2012 Magic Quadrant for Endpoint Protection.  Congrats to these five companies.  Analysts for the report - Peter Firstbrook, John Girard, and Neil MacDonald.

Always interesting goings on with firms in the world of security, even those in the leaders portion of the magic quadrant. Symantec replaced CEO Enrique Salem with Tom Bennett in July.

Companies in  the 2011 leaders portion of the quadrant were  Symantec, McAfee, Sophos, Trend Micro, and Kaspersky. http://kensek.blogspot.com/2012/02/gartner-magic-quadrant-for-endpoint.html

Always interesting goings on with firms in the world of security.  Palo Alto Networks "finally" went public  in 2012 and had a nice first few days pop in their stock price. More traditional firewall companies started releasing Next Generation Firewalls (NGFW's).  Trend Micro was named a leader in the email content security arena by Forrester. Symantec replaced CEO Enrique Salem with Tom Bennett in July. Kaspersky and Trend switched spots as Kaspersky continues their mission to surpass Trend Micro in everything end point.   Symantec, you may want to appear in those AV-comparatives.org security tests, now ;). Once Kaspersky passes Trend Micro.....

Beyond Trust was the overall lowest in the quadrant with respect to ability to execute.  They purchased eEye in the first half of 2012.  One of the cautions raised by Gartner about Check Point (in the visionary portion of the quadrant) was Check Point's dependence on Kaspersky Lab's engine and signature updates continues to challenge enterprise buyers to differentiate it from Kaspersky Lab (note, ck – not a technological weakness, just a differentiator weakness).

There is a combination of seventeen companies in this report.  The minimum functionality   to appear:

• Detection and cleaning of malware (for example, viruses, spyware, rootkits, Trojans, worms), a personal firewall, and HIPS for servers and PCs
• Centralized management, configuration and reporting capabilities for all products evaluated in this research, sufficient to support companies of at least 5,000 geographically dispersed endpoints
• Global service and support organizations to support products

A good read for people is “Magic Quadrants and MarketScopes: How Gartner Evaluates Vendors Within a Market” http://www.gartner.com/DisplayDocument?doc_cd=154752   Sometimes a  leader isn’t the best solution for a particular customer.  Despite that, there are many presentations where the vendor uses being in the leaders portion   as a reason to buy from that particular vendor. 

The   Magic Quadrant for Endpoint Security 2012 is available from Gartner.  Some of the vendors license rights to provide it to customers, as well.

Virus Bulletin VB100 Awards – December 2012

Virus Bulletin has released  the results of  their latest VB100 testing.  Many, but not all of the products tested were 2013 versions.    Symantec, Avira, Webroot (this makes one year) and Trend Micro (several years for Trend) were not part of the test.  Sophos, Kaspersky, Avast, AVG Technologies, and ESET were.

About a third of the products tested failed to receive a VB100 award this time.  A cone of shame to the following –  BeyondTrust, Commtouch, ESTsoft, FileMedic (formerly MKS) Filseclab, K7 Computing, Norman, Roboscan, Total Defense Consumer, VIRUSfighter Pro, and Zeobit.

A summary of the full  results is at the link below. Congratulations to those receiving the VB100.   You can  buy the full test results or subscribe to Virus Bulletin to obtain them. 

 https://www.virusbtn.com/vb100/archive/test?recent=1

Results from this should be looked at in conjunction with tests from other test groups such as www.av-test.org    and www.av-comparatives.org .  In addition,   it’s not how the company has performed on the VB100 test over years.  It’s only the last couple of years that are relevant.   When looking at a company’s award page, verify which product was tested.

VB100 Test Methodology

The purpose of the VB100 comparative is to provide insight into the relative performance of the solutions taking part in the tests, covering as wide a range of areas as possible within the limitations of time and available resources.  More details are available at

http://www.virusbtn.com/vb100/about/methodology.xml

UK based Virus Bulletin started in 1989.  They provide PC users with a regular source of intelligence about computer viruses, their prevention, detection, and removal, and how to recover programs and data following an attack.  The Virus Bulletin website is at www.virusbtn.com 

Internet Security Tag Line Quiz –Second Edition

This is the second edition of  the Match the AV, Internet Security Company to the Tag Line" quiz.  Match the company name in the second column with the tagline in the third column.  Several leading vendors aren’t included in the quiz.  Their tag lines didn’t jump out at me.  Demerits to their marketing teams. Test your tag line acumen.  Win bar bets.  Impress your Linked In friends.  It’s IPO,  meaning -  it’s partially original.  Light reading.  Make a slide deck and test your peers.  Note, these are as of September 10.  One rule of thumb for tag lines is that the tag line should be no more than seven words.  Most of these qualify.

In the quiz - Ad Aware, Avast, Avg Technologies, BitDefender, Comodo, F-Secure, G Data, Kaspersky, McAfee, Panda,  Sophos, Symantec, Trend Micro,  and TrustPort.You can click on the grid to enlarge it.

As with last year’s quiz, there’s no guarantee that this will cure your insomnia.  One thing this quiz will demonstrate is how interchangeable (or indistinguishable) tag lines are. This isn’t a good thing.  So, you folks in charge of these, get with the program.  For example – which company has “The Ultimate Driving Machine”?  Be memorable! In playing around on the internet (though not with the above), it's surprising how often multiple companies appear to have trade marked or think they have trade marked, tag lines.  The United States Patent and Trademark Office (within North America, anyway), should be your friend.

  

Answers

Ad Aware – Leaner. Meaner, Faster; Avast – Be free; Avg Technologies – Ultimate protection; BitDefender – Ultimate silent security; Comodo – Creating trust online; F-Secure – Best protection in the world; G Data – Comprehensive instant protection; Kaspersky – Safeguarding me; McAfee – All your devices. All your stuff. All protected; Panda – The cloud security company; Sophos – Protecting every part of your business; Symantec – Advanced internet and antivirus protection; Trend Micro – Securing your journey to the cloud; TrustPort – Keep IT Secure