Are security products losing the battle?
Introduction
The product testing organization NSS Labs has recently published its test report for the 3rd quarter 2010 - test results for 11 antimalware products for consumers. The most interesting finding from this report is that the security products' performance have deteriorated compared to last year. In this security article we shall examine the implications of this.
More about the report's results
We shall not go through the report in details - it is available as a free download from the link at the end of this article.
The report has examined protection against malware that spreads through web sites and malware that exploits vulnerabilities in popular software. Some of the report's highlights are:
- The tested products' performance deteriorated in average 6% compared to the 2009 results.
- Cybercriminals have between 10% and 45% probability of avoiding antimalware protection using web-based malware.
- Cybercriminals have between 25% and 97% probability of avoiding antimalware protection using exploit-based malware.
- Applying software security patches is increasingly important.
Our own product Norman Security Suite ends slightly above the middle among the tested products. However, our objective in this article is not to compare the different products, but rather to see what consequences a drop in antimalware products protection ability have for end users, and which remedies exist (if any).
The end user's responsibility
Security products should be viewed as some of the protection tools available for consumers (and organizations). Ultimately each and every one of us have responsibility for our exposure to risk in the computerized world the same way as in other everyday life.
Even though you have installed an alarm system in your house, you do lock your door and close your windows before you leave your home. And you do not walk in the most insecure streets in your neighborhood flashing your valuable watch or new, expensive mobile phone.
Similarly, we are all responsible for our own sensible behavior with respect to our use of our computerized equipment.
In one of our security articles earlier this year we discusesed at length how one can protect oneself from many dangers without any outside help at all. The cues are "sensible behavior" and "sound skepticism".
Installation of available security updates for applications installed on the computer, also relies on the end user. NSS Labs' report states that exploit utilization is being increasingly popular by malware as a spreading vector. This complies with Norman's own observations.
The software vendors also have a major responsibility in this respect - see below.
The program developers' responsibility
Program developers have an important role to play in combating cybercrime. Their most significant contribution is of course to make applications that are secure. Short of that (which has proven diffcult), their ability and willingness to issue security updates quickly after vulnerabilities have been reported is essential. End users obviously cannot secure their vulnerable applications with security updates before the program vendors have published such updates.
See our article Number of vulnerabilities on the rise for more information about software vulnerabilities and patching status.
The challenges for the vendors of security products
The actions attributed to the entities above are of course not meant to diminish the security vendors' responsibility in making the Internet a safer place. And it is a fact that the vendors of antimalware products have been struggling in recent years to keep up with the rapidly increasing amount of malware that is published daily.
At this point in time it is estimated that each day 50 000 new malicious programs are launched into cyberspace. The mere computing power involved in handling such an amount of data is mind-blowing. It is obvious that traditional methods with manual analysis of each piece of malware is impossible, and the antimalware vendors these days mainly use automated techniques. Classification of software as malicious based on "suspect behavior" is a technique that is used increasingly, and continuously developed. Automated analysis by running malware in a virtual environment like Norman SandBox® is also a technology proven to be effective and these are under constant refining.
The antimalware products remain a mandatory tool in any effective protection strategy.
Protection in several layers
There is an increasing awareness that protection mechanisms against cybercrime must be deployed not only at the end user computer systems. In our article more than a year ago - Your computer has been quarantined and cannot access the Internet - we wrote about two successful stories where the common factor was that other entities than the end user were essential in protecting the cyber community.
Our article last week discussed techniques that can be implemented for protecting the Internet infrastructure by approaching the problem in a similar way that societies approach human diseases.
Summing up
Successful protection against malware and cybercrime require actions to be taken by several of the players involved. All of these - including antimalware vendors - have potential for improvement.
The situation today demands that new approaches to the problem are implemented. This process is continuous, and cybercriminals will never win the battle!
References
