A recent test comparing the effectiveness of 12 anti-virus products found that Symantec’s Norton Internet Security 2011 was the only program to achieve a 100% protection score. The test, which pitted the programs against the kinds of Internet threats ordinary users can expect to encounter, underscored the ability of Norton’s reputation-based security to quickly identify and stop new malicious programs. 1
Continue reading this TechBrief to learn how the programs fared in detecting and handling malware, protecting against threats, and generating false positives.
The test, by Dennis Technology Labs
, coincides with the release of a new report
indicating that almost three-quarters of U.S. Web surfers have fallen victim to cybercrime, including computer viruses, online credit card fraud, and identity theft.
The report sheds light on the dramatic shift by attackers away from a relatively small number of mass-distributed threats toward millions of micro-distributed, mutating threats. Not surprisingly, that shift places a heavy burden on traditional approaches to malware detection.
According to Dennis Labs, the nature of Web-based attacks means that the longer malware has access to a system, the more chances it has of downloading and installing further threats. In testing, products that blocked malicious and infected websites from the start reduced the risk of compromise by secondary and further downloads.
To determine a product’s ability to detect and handle malware, Dennis Labs awarded or subtracted points based on whether it defended against a threat, neutralized it, or allowed the system to be compromised. When a product defended against a threat, it prevented the malware from gaining a foothold on the target system. A threat might have been able to infect the system and, in some cases, the product neutralized it later. When it couldn’t, the system was compromised.
In these tests, Web-based malware was accessed by visiting an original, infected website using a browser. All target systems were fully exposed to the threats. This meant that any exploit code was allowed to run, as were other malicious files
Norton Internet Security 2011 defended against all 40 Internet threats encountered and achieved the highest score. It was the only product to avoid being compromised. Kaspersky’s product came second, losing points for neutralizing two threats and being compromised by one. Trend Micro’s product neutralized 11 threats and was compromised by six threats, while McAfee’s product neutralized six threats and was compromised by 11.
In terms of overall protection, Norton Internet Security 2011 protected against 100% of the incidents, Trend Micro protected against 85%, and McAfee protected against 73%.
While a security product needs to be able to protect the system from threats, it must also allow legitimate software to work properly. When legitimate software is misclassified, a false positive is generated.
The products all took one of two approaches when attempting to protect the system from the legitimate programs. They either warned that the software was suspicious or took the more decisive step of blocking it. Blocking a legitimate application is more serious than issuing a warning because it directly hampers the user.
In this test, only one blocking action was recorded, with the K7 product falsely categorizing an online chat application as being a “High Security Risk.” Warnings were another matter. Trend Micro Internet Security 2010 generated 15 false positive warnings, Kaspersky Internet Security 2011 generated seven, and McAfee Internet Security 2010 generated one. Norton Internet Security 2011 generated no false positive warnings.
Dennis Labs concluded that the best-performing antivirus products, such as Norton Internet Security 2011, had one notable similarity: They all blocked threats early in the attack process, which meant there was less opportunity for the malware to infect the systems. The two least effective products, those from Microsoft and K7, “often tackled the threat only once the malware had started to infect the system,” according to Dennis Labs.
Traditional antivirus protection requires security vendors to capture and analyze specific strains of malware before they protect against them. Norton Internet Security 2011’s reputation-based security takes a fundamentally different approach. Using advanced data-mining techniques, this technology tracks billions of files from millions of systems to identify new threats as they’re created and to protect against them. The results of Dennis Labs’ latest test, in which Norton Internet Security 2011 was the only solution to earn a 100% protection score, underscore the need for advanced protection from today’s constantly mutating threats.
1 Dennis Labs tested the most recent releases of the following products: Norton Internet Security 2011, McAfee Internet Security 2010, Trend Micro Internet Security 2010, Microsoft Security Essentials, Kaspersky Internet Security 2011, Avast! Free AntiVirus 5, K7 Total Security 10, AVG Anti-Virus Free Edition 9, Avira Personal - Free Antivirus 10, BitDefender Internet Security 2010, ESET Smart Security 4, and G Data InternetSecurity 2011. The test was sponsored by Symantec.