navigation bar left navigation bar right

Secunia CSI7
navigation left tab About us navigation right tab
navigation left tab Careers navigation right tab
navigation left tab Memberships navigation right tab
navigation left tab Newsroom navigation right tab
navigation left tab Contact us navigation right tab
Blog
News
Articles

Symantec beats the competition...

Get this blog as an RSS Feed
With a mind-blowing detection rate, almost 10 times higher than the nearest competitor, Symantec has beaten eleven other Internet Security Suites by offering a superior detection rate of exploits.
16:00 CET on the 13th October 2008
Entry written by Thomas Kristensen.

With a mind-blowing detection rate, almost 10 times higher than the nearest competitor, Symantec has beaten eleven other Internet Security Suites by offering a superior detection rate of exploits.

Congratulations, Symantec!

Secunia has tested the ability of twelve different Internet Security Suites to find out what level of protection they offer against 300 exploits targeting vulnerabilities in various high-end, high-profile programs.

So, does this mean that Symantec customers can feel safe surfing the Internet?

By no means!

Even the "high" score from Symantec was disappointing. Symantec detected a mere 64 out of 300 exploits, or less than one-fourth, leaving 236 exploits undetected!

Users don't patch
This, combined with the fact that too few users and companies patch their software, leaves the gates wide open for criminals. Recent statistics based on a nationwide campaign in Denmark show that approx. one-third of all programs installed on Danish PCs lack one or more security patches. These findings are, by and large, applicable to the rest of the world as well.

While we did suspect that the popular security vendors would score quite poorly in detecting exploits, the extremely low detection rate took us by surprise and this really begs the question: Do the customers get their money's worth?

You can find the complete list of exploits and vulnerabilities tested as well as details on which ones were detected and not detected, on the following link:
http://secunia.com/gfx/Secunia_Exploit-vs-AV_test-Oct-2008.pdf

What is wrong
It is important to understand that once an exploit has been developed for a particular vulnerability, then it is possible to change the payload (e.g keylogger, bot code, remote control software, or other malicious code) at any time, however, the characteristics of what triggers the vulnerability is static.

Based on proper in-depth analysis of the vulnerabilities it is possible to create signatures for these characteristics for each individual vulnerability with a very reliable detection.

Since this isn't the approach taken by the established security vendors providing those twelve Internet Security Suites, one can only hope that these vendors are superior in their ability to create signatures very rapidly for the payload of the various exploits and all the new virus strains that keep coming.

However, even with a very rapid creation of payload-based signatures, all their customers are still left exposed for a considerable amount of time from the point when the criminals start distributing their new payload until it has been "caught", analysed, a signature has been created, the signature has undergone quality assurance testing, the signature is published, and finally downloaded and activated by the security software. This process is lengthy and will in a best case scenario take several of hours.

Determining the characteristics of a vulnerability is somewhat more complicated and takes longer than creating a payload based signature, however, it need only be created once. Often the security vendors can finish their analysis and create a signature in the same time as the criminals can develop an exploit and start their criminal attacks.

What to do
Users and businesses need to take the threat seriously and realise that firewalls and traditional security software, such as that included in Internet Security Suites, isn't sufficient to protect PCs and corporate networks.

Because the security industry can never offer a protection that matches that of a properly patched program, consumers and businesses have to put more effort into patching their programs. If your programs are vulnerable and unpatched, then you're left quite exposed to new attacks.

What makes patching even more attractive is the fact that it is free-of-charge. It only costs the amount of time invested in downloading and installing the patch/update. With tools such as the free Secunia Personal Software Inspector (PSI) and the similar functionality offered by Kaspersky Internet Security 2009 it is very easy to identify the programs that needs patching.

Stay Secure,

Thomas Kristensen

CTO Secunia

 

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.
Subject: Symantec beats the competition...
 
No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+