Cascadia Labs and Secunia found that NIS 2009 is best...

Discussion in 'other anti-virus software' started by Katmai, Dec 25, 2008.

Thread Status:
Not open for further replies.
  1. Katmai

    Katmai Registered Member

    Joined:
    Dec 25, 2008
    Posts:
    12
    They found that Norton Internet Security 2009 is the best security suite in their tests.So is NIS 2009 the best?

    "Cascadia Labs analyzed the effectiveness of popular consumer security products in protecting computers against web-based attacks. These threats, also known as drive-by downloads, often take advantage of vulnerabilities in a website to infect unsuspecting visitors’ computers simply by viewing the site. Norton Internet Security 2009 was evaluated against AVG Internet Security 8.0, Kaspersky Internet Security 2009, McAfee Internet Security 2009 and Trend Micro Internet Security 2009. In every measure of the test, Norton Internet Security 2009 performed flawlessly, blocking 100 percent of the exploits tested against it.

    Norton Internet Security 2009 was the only product to receive a perfect score of 50 out of 50 in overall effectiveness of fake application blocking and drive-by download protection. Norton’s effectiveness in blocking exploits was nearly twice that of the nearest competitor. According to Cascadia Labs, “Norton’s approach of focusing on the vulnerability that an exploit targets, rather than relying on specific signatures that can quickly get out of date, proved highly effective in our testing.” In contrast to competing approaches that require users to scan for web browser vulnerabilities and apply patches, Symantec’s Browser Protection feature works seamlessly with no additional user action required.

    In addition, Norton Internet Security 2009 blocked every fake AV scanner and fake video codec site tested, with the nearest competitor blocking only 60 percent of the fake scanners and codecs and the remaining competitors blocking fewer than half. The full Cascadia Labs report, which was commissioned by Symantec, is available at:
    http://www.cascadialabs.com/reports/WebThreats09_Full.pdf"

    "A new report (PDF) from Secunia is raising awareness about the need to patch vulnerabilities and block malware from desktops.

    The report found that "security vendors do not focus on vulnerabilities." And while Symantec Norton Internet Security 2009 bests the 11 other suites tested, Secunia found that Symantec "detected a mere 64 out of 300 exploits, or less than one-fourth, leaving 236 exploits undetected." Overall the dozen products all received an "F" on the report.

    The Secunia test departed from the traditional testing done by organizations such as AV-test.org and AV-comparatives.org, which use collections of malware to demonstrate the on-demand and heuristic capabilities of the security products. Secunia used exploits--not viruses and worms--to demonstrate the need for users to patch vulnerabilities as well as have a good firewall, antivirus, and other anti-malware protection. The company said exploits are what criminals are most likely to use these days, and faulted the tested security vendors who said their products could protect against any threat.

    Secunia did single out one product, Kaspersky Internet Security, as providing a vulnerability scanner, yet Kaspersky also did poorly on the test. "
     
  2. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    hey there, this is old news and has been discussed before.

    Maybe someone would be kind enough to find you the link.

    Merry Xmas to you. :)
     
  3. evilscribble

    evilscribble Registered Member

    Joined:
    Apr 30, 2008
    Posts:
    48
    The test was sponsored by Symantec, obviously they've been paid off.
     
  4. Katmai

    Katmai Registered Member

    Joined:
    Dec 25, 2008
    Posts:
    12
    Hmm,i noticed it too,that the test was sponsored by Symantec:)

    C.S.J,I couldn't find the link while searching,i hope someone could give me the link.Merry Xmas to you too:)
     
    Last edited: Dec 26, 2008
  5. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    well, now im back on my laptop, here you go.

    https://www.wilderssecurity.com/showthread.php?t=222621
     
  6. Katmai

    Katmai Registered Member

    Joined:
    Dec 25, 2008
    Posts:
    12
    Thanks for your link.
    But i couldn't find anything about Cascadia in the link?
     
  7. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    As for the Cascadia Labs test, I find the results to be reflected in real-world use; Norton's "intrusion prevention" and "browser protection" features effectively block access to malicious and misleading websites, such as fake antivirus scanner websites ... as for the other products, they do not have a dedicated feature like Norton's ... so ... the results are not surprising.

    Now, there has been a lot of misunderstanding around the Securnia test.

    Securnia claims that every AV compant claims that their product will provide total protection for the end user. Well, of course, right?

    So, Securnia tested couple of popular AVs against 144 exploits. Exploits are often how malware spreads; for example, the infamous Vundo trojan exploits an iFrame vulnerability in Internet Explorer -.-

    Or, you could open a malicious document. Securnia tested how well each AV reconigzed the exploits in on-demand scanning...

    >>>Now, Panda Security's blog says that the test is akin to "testing a car’s ABS breaks by throwing it down a 200 meter cliff. Absurd, sensationalist and misleading at best. "

    Well, ok ... however isn't it optimal that an AV be able to detect an inactive exploit; they are all inactive, until an unsuspecting user double clicks on the tainted file, which results in a series of unfortunate events ...

    Now, Symantec has a whole library of "Bloodhound.Exploit.XX" detections, specfically for detecting exploits.

    For example, Bloodhound.Exploit.213 "is a heuristic detection for files attempting to exploit the Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Vulnerability (BID 30035). "

    http://securityresponse.symantec.co...esponse/writeup.jsp?docid=2008-110718-2219-99

    Panda says that should be left up to the real-time scanner. It claims that in their in-house testing, Panda was able to block 56% of the exploits.

    Now, all that is good and well, however they didn't test the other AVs. And Norton's already got an advantage by 29 some percentage points. I have full confidence in Norton's behavioral analysis component, "SONAR".

    And what about the other half of the exploits Panda wasn't able to block or detect?

    -----------

    I would rather have the exploits blocked; that is what all AV's claim to do, however they apparently fail in exploit detection. If there were no exploits, then there would be no malware =\.

    Look at the Mac. It's OS is fairly solid. Less than 10 viruses in 2007. Look at the PC. No so solid, though that may be due to some intensive prodding =). Couple of millions of malware.
     
  8. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    I agree.
     
  9. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Not the Securnia Test.

    And obviously Norton would excel; it was the only product with a dedicated feature ...

    All of the exploits could be considered backdoors, which shows that each other AV have poor backdoor detection.
     
  10. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    I think this is BS. Are you saying that the results are blatantly fudged ? I dont think Cascadia or any testing company would risk their business by doing such a thing just for a few 10s of thousands of dollars. And I dont think Symantec paid them millions.

    So whats your point.
     
  11. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469

    Well said.
     
  12. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    Also, it should be noted that at least some vendors are taking these tests seriously enough like Kasperskly that there are adding some kind of malicious script detection in their latest engines. Bottom line is that that engine uses emulation. It can be defeated.
     
  13. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Kudos to Kaspersky.

    So what if the test was sponsered by Symantec; they are the only people in the market with such a feature, and someone's gotta pay for the testing ...

    Kaspersky or any other AV would NOT commission such a test; their products have no such feature and they know they would fail.
     
  14. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    More Cascadia October 2008 tests, this time the test is sponsored by Trend Micro and it comes best out test too :p
     
  15. shanep

    shanep AV Expert

    Joined:
    Sep 10, 2008
    Posts:
    54
    I quote from the report "In our October 2008 Web Security Tests of six market-leading URL filtering and Web Security products, including both perimeter appliances and server software, Trend Micro emerged as the clear winner."

    These products are very different from the consumer/home version NIS/NAV 2009 that have the multiple scanning layers and browser protection I've discussed here https://www.wilderssecurity.com/showpost.php?p=1359741&postcount=3

    Best,

    Shane.
     
  16. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    @shanep
    First of all nice to meet you.
    I understand your explanation. Though I'd like to clarify my reply was in no way a bash at Symantec's address.

    Though personally I have my doubts about Cascadia, their testing methodology might be good however their reports are doubtful to me. They often just test a single aspect of a product (witch is obvious chosen by the sponsoring vendor).
     
  17. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    That's URL filtering. Norton has no such feature; it's browser protection/intrusion prevention block browser-based exploits.

    Obviously, if your going to pay for a test ... you want to make sure your product's going to win. You have to pay to take to SAT; why not study a little bit?

    Trend commissioned the test probably because their in-house testing showed that their product URL filtering was stronger than most; however who is going to believe in-house testing ... ?

    Obviously, they did not fix the results of the test; they were merely confident they would receive excellent results. You can study for the SAT; however you can't be confident you will get a 1600 ...

    "Every year roughly 2.3 million high school students take the SAT; of those, however, only 650 students on average achieve a perfect score of 1600. Such a statistic raises obvious questions: Who are these kids? What are they like? And how do they do it?"

    http://www.amazon.com/1600-Perfect-Score-Secrets-Acing/dp/0060506636
     
    Last edited: Dec 31, 2008
  18. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Reptilians anyone? :D
     
  19. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    I could not agree more. The fact is, Norton does things other AVs do not do- like provide backdoor protection.
     
  20. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    It does not follow that if a test is sponsered by Symantec that the results are flawed. You are right, the other AV vendors would fail based on the absence of this feature from their products.
     
  21. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    Correct, Buck. No other AV would commission such a test; they are at an obvious disadvantage by excluding such a feature ...

    Kudos to Norton; they had the "Intrusion Prevention"/"Browser Protection"/"Internet Worm Protection" incorporated in Norton AntiVirus since 2006 ... and no one has caught on ... maybe the Cascadia test will be some motivation?

    However, I doubt; last year Cascadia ran the same test and Norton received a near perfect score of 97%.

    Looking at the 08 and 09 test, AVG's scores dropped 10 percent from 08. McAfee dropped from 35% to 0% ... Kaspersky raised their score 10% ... kudos ... and Trend stayed the same.
     
  22. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    786
    yeah true . In this year we can expect some great score from Kaspersky , they developed a powerful emulator to detect this kind of things.
    :thumb:
     
  23. TechOutsider

    TechOutsider Registered Member

    Joined:
    Sep 26, 2008
    Posts:
    549
    That proves that Norton leads in innovation; even though they are a multimillion dollar company =P

    And how is an emulator going to help ... ?
     
  24. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    not sure why they would do a test sponsored and probably backed by norton completely, it certainly doesnt make good reading.

    Norton have the ability and resources to be better than everyone, by a huge distance! although they dont always do this, not sure why, is it poor staff and crappy coders that make up their resources?

    with over 18,000 employees, maybe we all should expect more? :doubt:

    if you think, Kaspersky has around 2000 ( since i last heard) and Drweb has less than 200 (since i last heard), maybe Norton are lacking what they should be giving.

    hmm, with the level of quality Drweb have imagine that same quality with 18000+, so surely... SURELY, Norton still aint living up to their potential. :blink:
     
  25. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    It is not so much what Norton isn't doing as what they are doing. You can argue (as you have) that they should be doing better work with the resources they have, etc. That may well be true, but it still does not detract from the reality that they are offering protection in areas that other AV vendors have not achieved.
     
Loading...
Thread Status:
Not open for further replies.