News

Wednesday, December 26, 2007

Top-Performing Antivirus Solutions

SECURITY UPDATE
A Penton Media Property
December 26, 2007


If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55626-0-0-0-1-2-207


IN FOCUS

--Top-Performing Antivirus Solutions
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Last week, I wrote about how malware is evolving to bypass commonly used
control methods. I described how, according to Finjan, new malware will
use popular Internet sites as go-betweens to help bypass current
detection and control methods. Naturally, security tools need to evolve
to defend against the more evolved types of malware.

Although I don't have any data yet about how existing tools perform in
terms of detecting the newer types of malware, I do have some other data
about virus scanners that might be useful to you. One major problem with
security is legacy support. Some people can't resist using the latest
and greatest OS platform; however plenty of other people see no need to
rush into something new when something old still does the job quite
well. A prime example is that many of you are still probably using
Windows 2000.

A couple weeks ago, I got a copy the December 2007 report from Virus
Bulletin--a company that measures the capabilities and performance of
various antivirus solutions, among other things. Most antivirus
solutions detect more than just viruses. Top-notch solutions also detect
worms, bots, Trojans, and assorted other types of malware. So Virus
Bulletin's report is useful in commenting on tools that run on Windows
2000 and monitor for all those types of malware.

The report contains two types of tests: on-demand scanning and on-access
scanning. The results are interesting because they reveal some top
performers that I hadn't heard of before.

According to the on-demand scanning tests, McAfee VirusScan and Symantec
Endpoint Protect both had detection perfect scores with no false
positive detections. Coming in right behind those two products were
GDATA Anti-virus and Frisk F-PROT with perfect detection scores but some
problems wth false positives. Agnitum Outpost Security Suite Pro,
BitDefender Antivirus 2008, and Bullguard 8.0 all earned high marks too
for overall performance.

In the on-demand scanning tests, the top performers were, again, McAfee
VirusScan and Symantec Endpoint Protect. Close seconds were ESET NOD32,
Fortinet Forticlient, and Frisk F-PROT. Virus Bulletin also gave CA
eTrust kudos for overall performance.

Several other products made high scores in both categories, and still
others were either newcomers to the market or rising stars. Virus
Bulletin said that of the over two dozen products it tested, roughly
half "made the grade," meaning that their overall detection rate and
performance were reasonable. The two biggest problems faced by antivirus
vendors are the ability to detect polymorphic viruses and the prevention
of false positive detection.

This report is part of the December issue of Virus Bulletin online
magazine, which contains news, articles, editorials, reviews, and
comparative reports. It was the first full report from Virus Bulletin
that I've read, and I found it to be very useful. The report, and others
like it, aren't available free to the general public. You need a paid
subscription to access full articles, and subscriptions start at $175
per year. If you don't want a paid subscription, you can register on the
Virus Bulletin site (www.virusbtn.com/ (http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55627-0-0-0-1-2-207) to
gain access to summary data.

This is the last issue of Security UPDATE for 2007. I hope you all have
pleasant holidays, and I'll be back next week to kick of 2008 with some
New Year's revelations.

=====

Editor's Note: Security UPDATE is now available in HTML format, as an
alternative to text format. To change your preference to HTML, go to
www.windowsitpro.com/email (http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55628-0-0-0-1-2-207. Note
that you'll need to log on or register on our Web site to change your
format preference.

Security UPDATE is also mailed from a different IP address range and has
a different From address. Please adjust your email service provider and
spam filter whitelists accordingly to avoid missing an issue.

The new IP address range from which the newsletter originates is:

204.92.180.[85-86]

The new From address is:

Security_UPDATE@email.windowsitpro.com
(mailto:Security_UPDATE@email.windowsitpro.com)

----------------------------------------
ADVERTISEMENT

----------------------------------------


SECURITY NEWS AND FEATURES

--Microsoft Fixes Broken Internet Explorer Hotfix
Microsoft's recently released cumulative update for IE is designed to
fix four security problems in the browser. But when Windows XP SP2 users
installed the update, it caused IE to crash. Microsoft has since
released an automated workaround.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55629-0-0-0-1-2-207

--Nearly All Mail Is Spam According to Barracuda Networks
In the early 1990s when the Internet began to explode into mainstream
use, no spam was to be found in anyone's inbox. By 2001, 5 percent of
all email was spam. In 2007, we find that at least 90 percent and
perhaps as much as 95 percent of all email is spam.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55630-0-0-0-1-2-207


GIVE AND TAKE

--SECURITY MATTERS BLOG: Mozilla's New Firefox Support Forums and Live
Chat
by Mark Joseph Edwards
Mozilla's got two new ways to get support for Firefox: a new forum and a
live chat system based on the cross-platform Spark client from Ignite
Realtime, which runs on Windows, Linux, and Mac OS X.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55631-0-0-0-1-2-207

--FAQ: Remove Authorized DHCP Servers from the Command Line
by John Savill
Q. How can I view, add, and remove authorized DHCP servers from the
command line?

Find the answer at
www.windowsitpro.com/Article/ArticleID/97863
(http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55632-0-0-0-1-2-207)

--Announcing the 2008 Windows IT Pro Community Choice Awards!
The nomination period for the 2008 Windows IT Pro Community Choice
Awards has begun! Visitors to the Windows IT Pro and SQL Server Magazine
online forums are encouraged to nominate and vote on their favorite
products and services. Nominate your own favorite products in the
categories listed at:
forums.windowsitpro.com/web/forum/messageview.aspx?catid=96&threadid=88418&enterthread=y
(http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55633-0-0-0-1-2-207)


RESOURCES AND EVENTS

Learn the Fundamentals of Messaging Management Systems
IT security pros need to make sure their messaging defense strategy
pulls its weight. A secure mail and messaging infrastructure is
fundamental to your business, and every organization needs to plan for
message hygiene, availability, and control services from the start.
Download this free resource before you evaluate a new message management
solution.
www.windowsitpro.com/go/ebook/symantec/messagingmanagement/?code=121907er
(http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55634-0-0-0-1-2-207)

Today's hackers are after your enterprise data, and they use tools and
services provided by a sophisticated, fast-growing criminal support
industry. Even more surprising--and worrying--is how ineffective today's
standard enterprise security practices are at stopping these
sophisticated attacks. Attend this Web seminar to learn how high-tech
criminals compromise your computers and profit from your data by putting
your confidential info up for sale.
www.windowsitpro.com/go/seminars/Bit9/ConfidentialData/?code=121907er
(http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55635-0-0-0-1-2-207)

Enterprise Protection and an Affordable Price
Looking for an alternative to expensive licensed solutions for Exchange
protection? This white paper discusses continuous data protection
solutions not only for organizations that are unable to utilize
block-level protection, but also for SAN customers who'd like an
alternative to expensive Exchange protection products.
www.windowsitpro.com/go/wp/appassure/affordable/?code=121907e&r
(http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55636-0-0-0-1-2-207)


FEATURED WHITE PAPER

The explosion of electronically stored information and email has
pressured IT organizations to more effectively manage their data. Data
retention requirements have an enormous financial impact on businesses.
An automated archive solution offers companies a way to capture a
variety of data types and manage the data for compliance and litigation
readiness. This white paper looks at 10 best practices that enable IT to
plan, evaluate, and implement an enterprise archiving solution.
www.windowsitpro.com/go/wp/quest/archiving/?code=121907e&r
(http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55637-0-0-0-1-2-207)


ANNOUNCEMENTS

Exchange 2007 Mastery Series: January 28, 2008
Three info-packed eLearning seminars for only 99!
Hosted by Windows IT Pro
Mark Arnold--MCSE+M and Microsoft MVP--will coach you through Exchange
2007 storage solutions: planning for archiving and compliance,
optimizing your iSCSI network storage, and finding the sweet spot
between memory and spindles.
www.windowsitpro.com/go/elearning/masteringexchange2007
(http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55638-0-0-0-1-2-207)

CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55639-0-0-0-1-2-207

http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55640-0-0-0-1-2-207

You are subscribed to this newsletter as boy.blogger@gmail.com

Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55641-0-0-0-1-2-207.

To unsubscribe:
http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55642-0-0-0-1-2-207&list_id=803&email=boy.blogger@gmail.com&message_id=960

Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.

To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55643-0-0-0-1-2-207

About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://ct.email.windowsitpro.com/rd/cts?d=33-960-803-202-62923-55644-0-0-0-1-2-207

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive