Testing shows most antivirus suites fail against exploits
NSS Labs says many security vendors fail to develop further signatures to guard against different exploits that use the same vulnerability
A majority of security software suites still fail to detect attacks on PCs even after the style of attack has been known for some time, underscoring how cyber criminals still have the upper hand.
NSS Labs, which conducts tests of security software suites, tested how security packages from 10 major companies detect so-called "client-side exploits." In such incidents a hacker attacks a vulnerability in software such as Web browsers, browser plug-ins, or desktop applications such as Adobe Acrobat and Flash.
[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
NSS Labs is an independent security software company that unlike many other testing companies does not accept vendor money for performing comparative evaluations. Vendors are notified, however, and are allowed to make some configuration changes before NSS Labs' evaluation.
"This test -- the first of its kind in the industry -- was designed to identify how effective the most popular corporate endpoint products are at protecting against exploits," according to the report. "All of the vulnerabilities exploited during this test had been publicly available for months (if not years) prior to the test, and had also been observed in real attacks on real companies."
The attacks are often done by tricking a user into visiting a hostile website that delivers an exploit, or a specially crafted code sequence that unlocks a vulnerability in a software application, according to the NSS Labs report.
There can be different variants of exploits that attack the same vulnerability but target different parts of a computer's memory. Security vendors frequently add signatures to their databases that enable the software to detect specific exploits, but those exploits may evolve.
"A vendor may develop a signature for the initial exploit with the intent to later deliver subsequent signatures," the report said. "Our testing has revealed that most vendors do not take these important additional steps."
Only one of the 10 software suites tested detected all 123 exploits and variants, which were designed to attack vulnerabilities in software such as Microsoft's Internet Explorer browser, Firefox, Adobe Acrobat, Apple's QuickTime, and others.
The 10 software suites scored vastly different, with one catching all of the exploits at the top end and 29 percent at the low end.
