Although CD-ROMs and USB sticks are still a regular source of infection, the infection vectors have recently moved to the Internet and e-mails. Through e-mails and via the web browser is opened door and gate for malicious code.
Virus guard
AV-COMPARATIVES has developed an automated test system, the whole product dynamic test, in cooperation with the Faculty of Computer Science at the University of Innsbruck. In the last four months, more than 5,000 websites were accessed and evaluated. The security suite was then assessed to protect the user from the malware or not.
The virus search and false alarms
Whether this happened by URL blocker, when saving to the hard disk or by means of behaviour blocker when executing the malicious software was not distinguished. The main feature was that the user was protected from the malware. Some products - most notably Norton and Kaspersky - wanted to impose this decision on the user.
System brake
However, we do not believe that such critical decisions should be left to the user. Because even for computer experts these messages are difficult to understand. How can the layman know about this?
The basic equipment of a security suite is still the virus search, the detection of malicious software. Here the scanners were released on over 900,000 virus samples, each of which was not older than seven months. It is important for manufacturers to find the right balance between aggressiveness and good-naturedness, especially in heuristic detection, to avoid annoying false alarms.
In the entire test field, however, no single product has been found which can be used without any false alarms. This can lead to greater damage than an infection. Some manufacturers are relying on the cloud by double-checking with the white list by matching the hashes. To our astonishment, however, we have observed that the cloud-based programs have significantly more false alarms.
Many vendors also run a local whitelist, whitelisting browsers such as Firefox, Internet Explorer, or other popular programs. In addition, many suites offer a game mode or silent mode, which often suppresses system messages.
Usually the security suite runs in the background and you can hear and see nothing of it. That you can see and hear nothing from the suite does not mean that it does not need any power. Checking the Internet traffic and files can result in significant performance degradation. AV-Comparatives has tested these system eaters in the lab.
With everyday tasks, such as copying files, opening office documents, encoding music and video, downloading files and surfing the internet, the evil has gone to the bottom. In order to create the same prerequisites for all providers, the test was carried out on a single PC operated in an air-conditioned room with exactly the same temperature.
Each manufacturer was tested with at least five runs, from which an average value was determined in order to avoid fluctuations. The manufacturers were also tested for system-internal acceleration.
Download: Table
No comments:
Post a Comment