Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Antivirus suites struggle to defend against recent exploit-based attacks

Only four of thirteen pass all tests, says NSS Labs

Article comments

Many antivirus suites are incapable of effectively blocking malware attacks against two recent and serious Microsoft vulnerabilities despite the fact that real exploits have been circulating since June, testing organisation NSS Labs has found.

The firm looked at the ability of 13 antivirus suites to defend unpatched systems against attacks exploiting vulnerabilities in Microsoft’s XML Core Services (CVE-2012-1889) and in Internet Explorer 8.0 (CVE-2012-1875), both made public in June.

Despite the fact that both were patched in June and July and should be on the radar of antivirus companies, only four products – from Trend Micro, Kaspersky Lab, McAfee and Avast - were able to offer full protection against the test exploits NSS Labs crafted to use against the vulnerabilities.

The rest were able to offer a degree of protection that depended on how the attacks were executed and which vulnerability was being tested.

Some products struggled when attacks were delivered over HTTP while a further several were unable to cope when attacks were executed via HTTPS, such as would be the case when using services such as Gmail. These included, ironically, Microsoft’s own Security Essentials itself.

Beyond the generally mediocre performance of some products, there seem to be two issues raised by NSS Labs’ findings.

First, users shouldn’t assume that antivirus offers strong protection for unpatched systems. If a vulnerability is in the public domain and no patch is available (or is available but hasn’t been applied), a system is open to attack regardless of what antivirus software is defending the endpoint.

Second, malware writers probably pay attention to the strengths and weaknesses of antivirus software just as much as testers do, especially individual products. If a product has a particular type of weakness, however short-term, that will have been noticed.

“The combinations of failures and successes are dramatic and necessitate further research. It is clear that many of the products are not blocking exploits,” the researchers conclude.

Antivirus firms will doubtless point out that the attacks were crafted in the lab, that the the vulnerabilities chosen were fairly recent, and that only two were looked at. Making judgements on the basis of such a narrowly-defined test offers only one indication among a number.

In one ray of positive news, the testers found that antivirus products were good at spotting common evasion techniques such as Base 64, Unicode, and JavaScript. Less optimistically, Microsoft and CA’s software could be disabled by an attack using ‘kill’ command, NSS Labs said.

"The test is not designed to be a comprehensive buyer's guide, but rather to give an idea of why it is important to test products against a variety of protocols and types of attacks," said NSS Labs' research director, Randy Abrams.

The HTTPS test was a particularly important measurement, he said.

"It is  not possible for security products to detect attacks in encrypted (HTTPS) streams without decrypting the traffic. As a result cybercriminals are attacking with exploits and malware that hide in the encrypted streams.  The ability to decrypt and scan the https traffic is an essential component of protection."

The full results can be obtained from NSS Labs website (registration required).



Share:

More from Techworld

More relevant IT news

Comments

Eric S said: This has always been the case For my own educational purposes I used the WMF exploit and infected all of the major Antiviruses back in Windows 982K days Nothing has changed And with HTTPS it is pretty much impossible Linux for banking

dourscot said: So its OK if one element of a program doesnt work securely

Qak Bot said: Another self-promotional bogus test from NSS Labs that only tests one aspect of a products protection and not the entire product



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *