We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Average antivirus protection rate 'just 36 percent'

Unexpected attack vectors cause problems

A new round of antivirus testing has found that some security products fail to detect malware that tries to infect a computer via a different attack vector, such as through a local network fileshare or a USB drive.

The tests, conducted by NSS Labs, sought to find out how effective security products are at detecting malware from various attack vectors. Malware can be delivered to a computer via rigged websites, email attachments and USB flash drives, among other ways.

Although drive-by downloads remain the most common attack vector, about 15 percent of attacks are delivered via email with a malicious attachments, such as a PDF document.

Many security products allow users to download all of their email to their inbox by default and not scan it, even if it contains malware.

"Surprisingly, many products tested did not remove malware from the inbox by default," according to the report, entitled Socially-engineered Malware Via Multiple Attack Vectors.

Of the 10 products tested, the average protection rate was just 36 percent. NSS Labs said that if a company runs a centralised, server-based security product that is integrated with the email servers, such as Microsoft's Exchange or IBM's Lotus Notes, the malware may be removed before it reaches an end user.

But NSS Labs did find that those products that did not scan email before it arrived in an inbox would scan it if the user decided to save the attachment. That improved the average protection rate, which measured 74 percent, NSS Labs said.

Another possible infection vector is file servers, commonly used in organisations to allow access to documents among users. But those files servers can become repositories for malware, allowing bad programs to proliferate among a high number of users.

"While file servers should have their own anti-malware scanning, this is often not the case, and users must rely on local anti-malware security products to detect the downloaded files," the report said.

About 70 percent of the malware was caught by the 10 products when downloaded from a file server, NSS Labs found.

The strongest aspect of most endpoint antivirus products is their ability to block malware as it is executed and quarantine it. NSS Labs found that even if malware did make it on a PC, most products performed well at containing it.

"Every vendor product, with the exception of Panda, blocked more malware during execution than by analysing the entry vectors," according to NSS Labs. "Trend Micro, McAfee and Sophos lead the group."

But one attack vendor where most security companies are still lacking is detecting malicious payloads that are written only to memory, also known as single-use malware. Malware can, for example, masquerade as a permitted DLL (Dynamic Link Library), which skirts around DEP (Data Execution Prevention) security features in OSes.

"This type of attack circumvents protections that lack behavioral analysis for these attacks," NSS Labs wrote. Only three products from Kaspersky, McAfee and Sophos have features to protect against that style of attack.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Apple's 2014 highlights: the most significant Apple news of 2014

IDG UK Sites

2015 creative trends: 20 leading designers & artists reveal the biggest influences & changes coming)......

IDG UK Sites

Ultimate iOS 8 Tips: 35 awesome and advanced tips for using iOS 8 on iPhone and iPad