HP Ships Virus-Infected Flash Card with ProCurve Switch - PC Market Share Data

Hewlett Packard shipped ProCurve switches with a virus-infected compact flash card that could compromise a personal computer, according to articles published last week. Hewlett-Packard released a statement that said it had "corrected potential security vulnerability."

This is kind of a “whoops” for a company the size of Hewlett-Packard that has a major investment in security. Among their products are network security appliances (the TippingPoint acquisition falls under this group), and firewalls (in the Niche portion of Gartner Magic Quadrant for Enterprise Network Firewalls)> they also offer Intrusion Prevention Systems (IPS) and Threat Management Systems (TMS) (Tipping Point solutions, as well). This isn’t a Meg Whitman problem. It probably provided a Maalox moment for a few more senior people in the security division.

http://www.crn.com/news/security/232900249/hp-ships-virus-infected-flash-card-with-procurve-switch.htm?cid=nl_crnup

On a more positive note, Gartner has reported that Hewlett Packard was the top PC vendor, with 15.31 million units shipped during Q1 2012. Shipments improved 3.5% year over year to 17.2%. Lenovo was second with a 13.1% market share, up 28.0% year over year. This could be a sign that HP has made the right decision by choosing not to shed the personal computer division.

Virus Bulletin June VB100 Awards

Virus Bulletin has released their latest VB100 awards results. Thirty-two antivirus internet security solutions received a VB100 award. Eleven antivirus internet security solutions failed to make the grade. Not in the test were some major vendors - McAfee, Symantec, and Trend Micro. The tests were done on Windows Server 2008.

Among those receiving the VB100 award, in market share order: Avast, Avira, AVG Technologies, BitDefender, Eset¸ F-Secure, and Kaspersky. Coranti did not receive a VB100. They were one of the top three products in the latest RAP Averages Quadrant, representing December 2010 through June 2011 data. G Data also failed to receive the award. http://kensek.blogspot.com/2011/04/april-2011-virus-bulletin-rap-averages.html

OPSWAT Market Share Combined With VB100 Success Rate

The following table is a combines vendor market share from the OPSWAT June Market Share Report and company success rate obtaining VB100 awards. To be included in the table they have to have (obviously) received a VB100 award in June and been in the OPSWAT June report.

The companies in the below are listed on the basis of market share. The number of tests the companies below participated in vary. A strong argument can be made that it's only the most recent tests that are relevant. Nonetheless, a number of companies do like to promote their extended track record when they market their VB100 success rate. These were the only companies in the 20 from the relevant OPSWAT table that made the cut. http://kensek.blogspot.com/2011/06/june-2011-opswat-report-on-worldwide.html















Data for the success rate came from http://www.virusbtn.com/vb100/archive/test?recent=1

VB100 Test Methodology

The purpose of the VB100 comparative is to provide insight into the relative performance of the solutions taking part in the tests, covering as wide a range of areas as possible within the limitations of time and available resources. More details are available at http://www.virusbtn.com/vb100/about/methodology.xml

UK based Virus Bulletin www.virusbtn.com started in 1989. The organization provides PC users with a regular source of intelligence about computer viruses, their prevention, detection and removal, and how to recover programs and data following an attack. VB’s website is at www.virusbtn.com.

Virus Bulletin Reactive and Proactive (RAP) Test Results and August VB100 Awards

Virus Bulletin has published their latest Reactive and Proactive (RAP) test results (February through August 2010) and posted their latest VB100 results.

Virus Bulletin Reactive and Proactive (RAP) Test

Those vendors with Reactive Detection rates greater than 90% and Proactive Detection rates greater than 70% were: Avira Pro, Ikarus, G DATA, Emisoft, Kaspersky, ESET, Coranti, Check Point, and TrustPort. TrustPort topped everyone in both categories, and G DATA had the second best Reactive Detection rate. AVG Technologies just missed being in this group.

Neither McAfee nor Microsoft nor Symantec cleared the 90%/70% hurdle mentioned above with the products Virus Bulletin tested, however.

The RAP test measures products' detection rates across four distinct sets of malware samples. The first three test sets comprise malware first seen in each of the three weeks prior to product submission. These measure how quickly product developers and labs react to new malware emerging every day across the world.

A fourth test set consists of malware samples first seen in the week after product submission. This test set gauges products' ability to detect new and unknown samples proactively, using heuristic and generic techniques. Proactive detection is becoming increasingly more important given the quantity and rate an which new viruses and malware are created.

The chart can best be viewed at http://www.virusbtn.com/vb100/rap-index.xml . Detailed information about testing methodology is at http://www.virusbtn.com/vb100/vb200902-RAP-tests . This information and the chart are available at no charge. Virus Bulletin subscribers have access to the detailed results.

Virus Bulletin VB 100 Awards

To display the VB100 logo, an anti-virus product must have demonstrated that:

• It detects all In the Wild viruses during both on-demand and on-access scanning.
• It generates no false positives when scanning a set of clean files.

54 products were tested on the Windows Vista SP2 Business Edition. http://www.virusbtn.com/vb100/archive/2010/08 . Some abbreviated results:

The free Amigo’s - Avast, AVG Technologies, and Avira all received VB100 awards. Only Avast appears to have had their “free” product tested.

The 800 Pound Gorillas - Trend Micro wasn’t tested (there’s a story here). Symantec and PC Tools (two products, they’re owned by Symantec) received VB100 awards. Microsoft received a VB100. McAfee failed with both products tested.

G DATA, which did so well in the RAP testing, did not receive a VB100.

Complete details about the VB100 testing is at http://www.virusbtn.com/vb100/about/100procedure.xml

Some companies, more than others will proactively put a spin on how many consecutive VB100 awards they have received. The reality is that only the most recent few years and on platforms actively being used are important. Complete track records, by vendor is at http://www.virusbtn.com/vb100/archive/results?display=vendors . Let the spinning begin.

UK based Virus Bulletin started in 1989 (www.virusbtn.com). They provide PC users with a regular source of intelligence about computer viruses, their prevention, detection and removal, and how to recover programs and data following an attack. VB’s website is at www.virusbtn.com . The site is a great source of information on malware and spam. They are a member of the Anti-Malware Testing Standards Organization, www.AMTSO.org.

Viruses, Internet Security, the First Amendment, Eliott Spitzer, and Escort Services

The alternative headline was going to be “Who Pimped My Internet Security Product Testing?”, but common sense won out.

In 2002, then New York State Attorney General Eliott Spitzer won a case against Network Associates’ McAfee subsidiary regarding a “censorship clause” in some of the company’s Eula’s (End User Licensing Agreements). The clause stated that customers could not publish product reviews or results of benchmark tests without permission from the company.

New York State Supreme Court Justice Marilyn Shafer issued a ruling, prohibiting Network Associates/McAfee from trying to use end-user license agreements to ban product reviews or benchmark tests. http://news.cnet.com/2100-1023-981228.html

Eliott Spitzer became governor of New York State 2007. He resigned in 2008 when his name became affiliated with an investigation being done on a high end escort service. It’d be a cheap shot to mention the v word here! Spitzer will be joining with Pulitzer Prize winning newspaper columnist Kathleen Parker on CNN this fall. Quite a trick on his part. From high end call girls to cable.

If an antivirus and internet security provider is willing to collect revenue from customers for its product, they should be willing to have the product tested, benchmarked, and/or reviewed without making the test organization jump through a lot of hoops or “hinting” that something may happen if the test group vary from what they say on the form. If a vendor is willing to allow customers to download its product for free, the same holds true.

One security vendor’s website and their EULA for testing and benchmarking states in part - “You agree that the testing/benchmarking results will only be used as specified by you in this form and for no other purpose whatsoever. …reserves the right to use its sole discretion in denying your request as a whole or in part.” The EULA requires information about the method and purpose of testing, among other details.

It’s all related to that First Amendment thing on the west side of the pond. Freedom of speech and freedom of the press. Vendors cannot be expected to be able to examine complete test plans in advance. Results could originally be posted on a web site, then appear in a print article, be written about in blogs, etc. This doesn’t waive the requirement that the testers utilize best practices. Vendors should not consider it their right to review results in their entirely before publication and then back out if they don’t like the test results or text of the article. Test organizations and reviewers should be willing to allow vendors to vet feature check lists and pricing if these are part of the article.

Vendors should be able to exert more influence over a test being performed when a product is in beta. If a new version of the product is going to be released before the article is published, discussions would have to take place. These issues with dates cannot be helped sometimes, due to release schedules, and publication deadlines. For example, it may be unfair to the vendor (and the customer), if a group review is published for example and an older version of the product is compared with competitors’ current releases. They can’t use the phrase “we’re in beta” ad nausea, though. When results are online, publications/reviewers should make the effort to footnote the article, should a new version be released.

Virus Bulletin's Latest Reactive and Proactive (RAP)Test Results

Virus Bulletin has published their latest Reactive and Proactive (RAP) test results.

The RAP test measures products' detection rates across four distinct sets of malware samples. The first three test sets comprise malware first seen in each of the three weeks prior to product submission. These measure how quickly product developers and labs react to new malware emerging every day across the world.

A fourth test set consists of malware samples first seen in the week after product submission. This test set gauges products' ability to detect new and unknown samples proactively, using heuristic and generic techniques.

The relative performance of vendors can best be viewed by looking at the RAP Averages Quadrant (December 2009 through June 2010) chart at http://www.virusbtn.com/vb100/rap-index.xml.

Products/Companies with Reactive detection greater than 90% going from lower to higher on the y axis - AVG Technologies, Avira Free, Avira Pro, Kaspersky, ESET, Check Point, Coranti, and GDATA. The third company of los free amigos, AVAST, just missed 90%, it appears.

Products/Companies scoring over > 70% on the proactive portion going from lower to higher on the x axis were -Kaspersky, Ikarus, ESET, GDATA, Trustport, Coranti, and Check Point.

A full description of the RAP testing methodology and explanation of how to interpret the results can be read at http://www.virusbtn.com/vb100/vb200902-RAP-tests

Virus Bulletin is perhaps best known for their VB100 Awards - The basic requirements for this award are that a product detects, both on demand and on access, in its default settings, all malware known to be 'In the Wild' at the time of the review. The product should generate no false positives when scanning a set of clean files. A list of vendors passing/failing the test is available on the Virus Bulletin site http://www.virusbtn.com/vb100/archive/results?display=summary. Viewing some (not all) of Virus Bulletin’s materials requires a free registration (well worth it). Full details require a paid subscription to the magazine (well worth it).

From a marketing/PR perspective, some vendors take it as a point of pride the number of consecutive times they’ve received a VB100 award. From an evaluation perspective for customers, most recent successes (perhaps 2 or 3 years) in the tests is the most useful. To view any particular companys’ history with VB100 testing, go to http://www.virusbtn.com/vb100/archive/results?display=summary

UK based Virus Bulletin started in 1989 They provide PC users with a regular source of intelligence about computer viruses, their prevention, detection and removal, and how to recover programs and data following an attack. VB’s website is at www.virusbtn.com . The site is a great source of information on malware and spam. They are a member of the Anti-Malware Testing Standards Organization, www.AMTSO.org.