Many AVs Fail NSS Labs Exploit Test

So? Using this as evidence that your AV will protect you against unknown exploits is entirely flawed. All the tested exploits here are known and already patched so Firecat is entirely correct. There is no way to know how AV's would fair against unknown exploits without creating your own and testing them. My guess? They would all fall flat. AV is reactionary, that IS their primary role as AV vendors after all. It cannot beat preventative software such as EMET or HIPS (when it comes to exploits).

The real benefit however *might* come from the AV vendors reactionary speed. They are in the position to implement protections/mitigations faster than a software vendor can push a new, tested patch. But really, this usually spans a couple of days. You're far better off using preventative measures, or even better, software that uses sandboxing technology.

 

Secunia's Personal Software Inspector is also a very good tool to obtain automatically the fixes for vulnerable old version of plug-in's, browser or other software.

Exploit protection is a very important feature of security software, because not every software has an automatic update feature. Also there aren't that many people who regularly check each installed plug-in, software, ... , in that case a security software with good exploit protection, can prevent installation of malware.

 

PSI cannot be relied on in my own opinion. I've had it several times now and, even knowing a security patch was available for several programs, it would report back a 100% score. Several times it has also froze in scanning, even after clean re-installs.

 

Yeah, their Behavior Blocker "TruPrevent" is kinda weak.

 

Well, I have to agree here.

I hadn't realised before that these tests against "exploits" made by NSS and MRG were conducted using already known vulnerabilities

 

Keep in mind that PSI only scans for updates of software, plug-ins that are prone for new amounts of exploits. It's not an updater for all your installed software and plug-ins.

 

+1 RejZoR is correct.

 

What was that?

 

I'm aware of that. As I stated though, I knew there were security updates because the vendors themselves were saying so. Yet, PSI was consistently reporting back that none were available. I even waited a day or two to give PSI a chance to update its servers, but no luck.