Microsoft  's Windows Live OneCare came in at the bottom of the heap of 17 antivirus software applications in a test against nearly half a million viruses, Trojans, worms, and other malware, according to Austrian antivirus researcher Andreas Cleminti.
Cleminti posts quarterly results of tests of top antivirus products on his AV Comparatives Web site (www.av-comparatives.org). G Data Security's AntiVirusKit blocked 99.5 percent of the malicious threats. AEC's TrustPort AV WS, Anvira's AntiVir PE Premium, MicroWorld's eScan AntiVirus, F-Secure's Anti-Virus, and Kaspersky Labs' AV also scored high marks.
However, big-brand solutions such as Symantec's Norton AntiVirus and McAfee's VirusScan could not keep up. Symantec's software scored 96.8 while McAfee scored 91.6. And Microsoft's OneCare blocked only 82.4 percent of malicious software.
Factors To Consider
In his report, Clementi suggested that end users keep in mind that the detection rate is only one aspect of a complete antivirus product. He also offered some additional factors to consider, including looking into other independent test results.
"We encourage our readers to also have a look at tests done by other test centers with large collections of verified malware," he noted, "as tests based solely on viruses listed on the Wildlist give a fairly limited view of the detection capabilities."
This is not the only test that has found Microsoft's security software coming up short. In another test, Microsoft's antispyware tool, Windows Defender, also fared poorly. Australian security company PC Tools -- which makes and sells its own antispyware product -- found Windows Defender to detect only between 46 percent and 53 percent of the spyware thrown at it.
Downfall of Antivirus
According to Michael Sutton, a security evangelist with SPI Dynamics, the downfall of current antivirus products stems from the fact that they are primarily signature-based. Hard-coded signatures rely on exact matches before they trigger, he explained, and malware writers have realized that even simple mutations can bypass signature-based algorithms.
"Unfortunately, heuristic-based products have thus far fallen short on their promise to raise the bar," Sutton said. "The comparison among antivirus vendors therefore boils down to who has the best testing lab and who can write and push out new signatures the quickest."
So long as antivirus products rely on signature-based algorithms, the arms race between malware writers and antivirus companies will continue, Sutton predicted, and end users will always face a window of vulnerability when new viruses are launched.
"I.T. Administrators should pay attention to product evaluations but be sure to look at multiple tests, as each will use different test cases which naturally bias the results," Sutton cautioned, noting that it is also important that product evaluations be run in house. "No one knows your own environment better than you."
Sutton concluded by suggesting the use of third-party tests to narrow the field to a short list of contenders, then making the final procurement decision on the basis of independent analysis.
|
