|
|
In Focus
Top-Performing
Antivirus Solutions
Last week, I wrote about how malware is evolving to
bypass commonly used control methods. I described how, according to
Finjan, new malware will use popular Internet sites as go-betweens to
help bypass current detection and control methods. Naturally, security
tools need to evolve to defend against the more evolved types of
malware.
Although I don't have any data yet about how existing tools perform in
terms of detecting the newer types of malware, I do have some other data
about virus scanners that might be useful to you. One major problem with
security is legacy support. Some people can't resist using the latest
and greatest OS platform; however plenty of other people see no need to
rush into something new when something old still does the job quite
well. A prime example is that many of you are still probably using
Windows 2000.
A couple weeks ago, I got a copy the December 2007 report from Virus
Bulletin--a company that measures the capabilities and performance of
various antivirus solutions, among other things. Most antivirus
solutions detect more than just viruses. Top-notch solutions also detect
worms, bots, Trojans, and assorted other types of malware. So Virus
Bulletin's report is useful in commenting on tools that run on Windows
2000 and monitor for all those types of malware.
The report contains two types of tests: on-demand scanning and on-access
scanning. The results are interesting because they reveal some top
performers that I hadn't heard of before.
According to the on-demand scanning tests, McAfee VirusScan and Symantec
Endpoint Protect both had detection perfect scores with no false
positive detections. Coming in right behind those two products were
GDATA Anti-virus and Frisk F-PROT with perfect detection scores but some
problems wth false positives. Agnitum Outpost Security Suite Pro,
BitDefender Antivirus 2008, and Bullguard 8.0 all earned high marks too
for overall performance.
In the on-demand scanning tests, the top performers were, again, McAfee
VirusScan and Symantec Endpoint Protect. Close seconds were ESET NOD32,
Fortinet Forticlient, and Frisk F-PROT. Virus Bulletin also gave CA
eTrust kudos for overall performance.
Several other products made high scores in both categories, and still
others were either newcomers to the market or rising stars. Virus
Bulletin said that of the over two dozen products it tested, roughly
half "made the grade," meaning that their overall detection rate and
performance were reasonable. The two biggest problems faced by antivirus
vendors are the ability to detect polymorphic viruses and the prevention
of false positive detection.
This report is part of the December issue of Virus Bulletin online
magazine, which contains news, articles, editorials, reviews, and
comparative reports. It was the first full report from Virus Bulletin
that I've read, and I found it to be very useful. The report, and others
like it, aren't available free to the general public. You need a paid
subscription to access full articles, and subscriptions start at $175
per year. If you don't want a paid subscription, you can register on the
Virus Bulletin site (www.virusbtn.com/) to gain access to
summary data.
This is the last issue of Security UPDATE for 2007. I hope you all have
pleasant holidays, and I'll be back next week to kick of 2008 with some
New Year's revelations.
=====
Editor's Note: Security UPDATE is now available in HTML format, as an
alternative to text format. To change your preference to HTML, go to www.windowsitpro.com/email.
Note that you'll need to log on or register on our Web site to change
your format preference.
Security UPDATE is also mailed from a different IP address range and has
a different From address. Please adjust your email service provider and
spam filter whitelists accordingly to avoid missing an issue.
The new IP address range from which the newsletter originates is:
204.92.180.[85-86]
The new From address is:
Security_UPDATE@email.windowsitpro.com
Sponsor
Kroll Ontrack
Crashed server? You have a need for speed!
Ontrack Data Recovery services provide the fastest, most cost-effective
recovery solutions available utilizing the industry's only lab-quality,
remote data recovery service.
* No need to ship any equipment
* Fast, secure connection allows engineers to begin data recovery work
in minutes
Special Offer: For a limited time, if you need data recovery service on
any server or RAID system, you will receive:
* Free initial consultation with a data recovery engineer to help you
determine the fastest, most cost-effective course of action
* Free service upgrade to our Priority-level Service
* Free comprehensive, remote evaluation of your storage media
For immediate assistance, call 800 872 2599 - or visit:
www.ontrackdatarecovery.com/1107_need-for-speed/?promo=1207-winitpro-pc
|
Security News and Features
Microsoft Fixes Broken Internet Explorer
Hotfix
Microsoft's recently released cumulative update for IE
is designed to fix four security problems in the browser. But when
Windows XP SP2 users installed the update, it caused IE to crash.
Microsoft has since released an automated workaround.
To view the rest of this article, click here
Nearly All Mail Is Spam According to Barracuda
Networks
In the early 1990s when the Internet began to explode
into mainstream use, no spam was to be found in anyone's inbox. By 2001,
5 percent of all email was spam. In 2007, we find that at least 90
percent and perhaps as much as 95 percent of all email is spam.
To view the rest of this article, click here
Sponsor
Shavlik
The Essential Guide to Creating an Environment for Sustaining Compliance
Before the onslaught of today's security-related mandates, most
companies were already struggling to deal with their own internal
mandates for security and control of their IT infrastructure. Now even
small companies with a tightly-focused business scope are impacted by
multiple security mandates from within the organization, as well as from
government, regulatory and industry requirements. Faced with the
multiple mandates and looming deadlines, it's easy to take a reactive,
point-in-time oriented approach.
www.windowsitpro.com/go/eg/shavlik/compliance/?code=secmid1219
|
Give and Take
SECURITY MATTERS BLOG: Mozilla's New Firefox
Support Forums and Live Chat
Mozilla's got two new ways to get support for Firefox: a
new forum and a live chat system based on the cross-platform Spark
client from Ignite Realtime, which runs on Windows, Linux, and Mac OS X.
To view the rest of this article, click here
FAQ: Remove
Authorized DHCP Servers from the Command Line
Q. How can I view, add, and remove authorized DHCP
servers from the command line?
Find the answer at
www.windowsitpro.com/Article/ArticleID/97863
Announcing the
2008 Windows IT Pro Community Choice Awards!
The nomination period for the 2008 Windows IT Pro
Community Choice Awards has begun! Visitors to the Windows IT Pro and
SQL Server Magazine online forums are encouraged to nominate and vote on
their favorite products and services. Nominate your own favorite
products in the categories listed at:
forums.windowsitpro.com/web/forum/messageview.aspx?catid=96&threadid=88418&enterthread=y
Sponsor
CorasWorks
Using SharePoint 2007 as a Platform for Managing Information Across the
Enterprise
Learn the basics of the content management process and understand how
workflow and information management policies are implemented in Office
SharePoint Server 2007 solutions. After listening to this podcast, you
will know how to develop a tactical approach to your own automated
processing solutions with ease of implementation and use as key
components of that solution.
www.windowsitpro.com/go/podcast/corasworks/enterpriseinfo/?code=sechot1219
|
Resources and Events
Learn the Fundamentals of Messaging Management
Systems
IT security pros need to make sure their messaging defense strategy
pulls its weight. A secure mail and messaging infrastructure is
fundamental to your business, and every organization needs to plan for
message hygiene, availability, and control services from the start.
Download this free resource before you evaluate a new message management
solution. www.windowsitpro.com/go/ebook/symantec/messagingmanagement/?code=121907er
Today's hackers are after your enterprise data, and they use tools and
services provided by a sophisticated, fast-growing criminal support
industry. Even more surprising--and worrying--is how ineffective today's
standard enterprise security practices are at stopping these
sophisticated attacks. Attend this Web seminar to learn how high-tech
criminals compromise your computers and profit from your data by putting
your confidential info up for sale.
www.windowsitpro.com/go/seminars/Bit9/ConfidentialData/?code=121907er
Enterprise Protection and an Affordable Price
Looking for an alternative to expensive licensed solutions for Exchange
protection? This white paper discusses continuous data protection
solutions not only for organizations that are unable to utilize
block-level protection, but also for SAN customers who'd like an
alternative to expensive Exchange protection products.
www.windowsitpro.com/go/wp/appassure/affordable/?code=121907e&r
Featured White Paper
The explosion of electronically stored information and
email has pressured IT organizations to more effectively manage their
data. Data retention requirements have an enormous financial impact on
businesses. An automated archive solution offers companies a way to
capture a variety of data types and manage the data for compliance and
litigation readiness. This white paper looks at 10 best practices that
enable IT to plan, evaluate, and implement an enterprise archiving
solution.
www.windowsitpro.com/go/wp/quest/archiving/?code=121907e&r
Announcements
Exchange 2007 Mastery Series: January 28, 2008
Three info-packed eLearning seminars for only 99!
Hosted by Windows IT Pro
Mark Arnold--MCSE+M and Microsoft MVP--will coach you through Exchange
2007 storage solutions: planning for archiving and compliance,
optimizing your iSCSI network storage, and finding the sweet spot
between memory and spindles.
www.windowsitpro.com/go/elearning/masteringexchange2007
|
|
If you use a product that has made a tremendous impact in your
organization and is a product that you can't live without, tell us about
it at whatshot@windowsitpro.com
and we'll feature your review in a future issue of the magazine, under
the "What's Hot" section.
|
|
