Please Don’t Try This at Home
Comparing security software is a difficultproposition. How do you know if a vendor does a good job catchingviruses? Every once in a while I’m approached by someone who wantsadvice on doing some virus testing. What I tell them is “Don't do it!”Please leave it to the professionals. There are a number of really goodreasons for this:
1. Third-party testers focus on malware that is relevant (like whatis in the wild). To make a collection on your own from the Web can bevery random. Organizations like VB100 do an excellent job of findingwhat viruses are “in the wild” and testing security products againstthis list.
2. Third-party testers can create test environments that mirror thereal world; for instance, you can run a file scan to see if thescanning software finds malware lying dormant on a disk. But today goodsecurity products come with IPS, firewall, and heuristic protection.You'll need active attacks and infections to test these technologiesand you’ll need a certain amount of expertise to evaluate the results.Plus, if the vendor you test isn’t able to detect the malware, you’venow got an infected system to deal with.
3. This is something I can’t stress enough: it is dangerous tocollect malware. Not only for your computer, but for your job. Manyplaces (including Symantec) can fire you for having "test" malware onyour machine. It's way too easy to accidentally infect other internaland external machines.
For Symantec and for the third party labs, handling malware is afull time job. We've got isolated labs and networks with lots ofprocedures to prevent problems. For a one-time vendor evaluation, youwill be taking a big chance.