Lies, big lies and antiviruses. Part Four. The Heresy is Ecumenical
Security features are black boxes for their users. A simple layman is not able to understand the effectiveness of the protection that he bought or is going to. Need tests. Tests organized by professionals.
Until recently, there were only two types of infection protection tests - a direct and retrospective test of a scanning antivirus engine. Nothing else. At all. A direct test - when a collection of about a million samples is taken, it is unclear how and where they were collected, with an unknown amount of garbage that does not start at all, and the scanning engine is letting in all this mess. Cheap and cheerful. A retrospective test is a test with “frozen” signature bases. They cease to be updated for several weeks, and then the same anti-virus scanner is pounded on freshly arrived meat.
As you can see, in such tests there is no place for innovative approaches to preventing infection. Only the scanning engine is tested, as if nothing else exists at all. However, most modern antiviruses have a behavioral blocker and URL filter, which cannot be tested using old methods.
And then the AMTSO organization appeared, which is developing approaches for radically new, so-called dynamic testing. That is, links to malicious applications are collected and run on a test bench. Here, link filters and a behavioral blocker can already work, and the test itself becomes closer to reality.
Dynamic tests are technically much more complicated than a simple run of a scanner engine through a collection of malicious modules. In fact, not one of the testing organizations does this test on a regular basis, some of which are only at the preparation stage. Dynamic tests to prevent infection, apparently, will tightly enter our lives only in 2011-2012, becoming the main measure of the effectiveness of infection prevention.
I believe that many manufacturers will try to shut up or distort the results of such tests, focusing on obsolete "signature" ones, since the results will not be in their favor. In November 2009, the first dynamic test was released by the Russian Anti-Malware security portal. Here are its results:http://www.anti-malware.ru/antivirus_test_zero-day_protection . As you can see, the old approaches to ensuring computer security with a bang lost a new one, making its way into life. Now let's look at the reaction of manufacturers of protective equipment. Only Kaspersky Lab responded, the marketers of which with a flick of the wrist turned Kaspersky Internet Security second place into ... first! Do not believe me - here is the link for you: http://www.kaspersky.ru/news?id=207733114. Everyone else simply ignored the test, as if it did not exist at all. Well, rightly - the villas should not know the facts that confuse the mind, they must believe and work, and most importantly, feed the owner. So that the mere thought that there are alternative approaches to protecting against computer infection is perceived by them as universal heresy!
PS The final article of the cycle is in a week.
Until recently, there were only two types of infection protection tests - a direct and retrospective test of a scanning antivirus engine. Nothing else. At all. A direct test - when a collection of about a million samples is taken, it is unclear how and where they were collected, with an unknown amount of garbage that does not start at all, and the scanning engine is letting in all this mess. Cheap and cheerful. A retrospective test is a test with “frozen” signature bases. They cease to be updated for several weeks, and then the same anti-virus scanner is pounded on freshly arrived meat.
As you can see, in such tests there is no place for innovative approaches to preventing infection. Only the scanning engine is tested, as if nothing else exists at all. However, most modern antiviruses have a behavioral blocker and URL filter, which cannot be tested using old methods.
And then the AMTSO organization appeared, which is developing approaches for radically new, so-called dynamic testing. That is, links to malicious applications are collected and run on a test bench. Here, link filters and a behavioral blocker can already work, and the test itself becomes closer to reality.
Dynamic tests are technically much more complicated than a simple run of a scanner engine through a collection of malicious modules. In fact, not one of the testing organizations does this test on a regular basis, some of which are only at the preparation stage. Dynamic tests to prevent infection, apparently, will tightly enter our lives only in 2011-2012, becoming the main measure of the effectiveness of infection prevention.
I believe that many manufacturers will try to shut up or distort the results of such tests, focusing on obsolete "signature" ones, since the results will not be in their favor. In November 2009, the first dynamic test was released by the Russian Anti-Malware security portal. Here are its results:http://www.anti-malware.ru/antivirus_test_zero-day_protection . As you can see, the old approaches to ensuring computer security with a bang lost a new one, making its way into life. Now let's look at the reaction of manufacturers of protective equipment. Only Kaspersky Lab responded, the marketers of which with a flick of the wrist turned Kaspersky Internet Security second place into ... first! Do not believe me - here is the link for you: http://www.kaspersky.ru/news?id=207733114. Everyone else simply ignored the test, as if it did not exist at all. Well, rightly - the villas should not know the facts that confuse the mind, they must believe and work, and most importantly, feed the owner. So that the mere thought that there are alternative approaches to protecting against computer infection is perceived by them as universal heresy!
PS The final article of the cycle is in a week.