How Efficient the Antivirus
Is?
Testing an antivirus
before its launch is something that is done regularly. Thus, the AV Tests
(name by which the aforementioned tests are known) allow users to choose which
antivirus they want to install on their computers, knowing what their main
characteristics are and what they protect against.
So far everything normal. So what is the problem? Some manufacturers
of security solutions have raised their voices against the fact that these
tests are “not modernized”. In what sense? Some companies claim that,
although the complexity of security applications has grown considerably in
recent times, when conducting evaluations they do not test the new technologies
with which they are developed.
Complaints heard?
Well, it seems that the complaints have not fallen on deaf ears. Those
primarily responsible for conducting the tests have come to the conclusion
that, as time passes, threats are becoming more harmful, newer and more
difficult to detect, and that security solutions are trying to protect against
these new ones. threats, it is necessary to change the way of evaluating
applications and incorporate new formulas. Thus, managers from Symantec,
F-Secure and Panda Antivirus Software reached an agreement to develop a new
evaluation plan whose mission is to reflect the new capabilities incorporated
in the solutions that are being launched on the market.
Although at first this new test will evaluate the products of the three firms,
they trust that little by little the rest of the players in the antivirus
market will join the initiative and joint evaluation standards will be
developed. One of the most common tests is to "infect" a PC with
numerous malicious applications to see if the antivirus engine is capable of
detecting all threats. In this way, the aforementioned engine contains a
series of indicators, known by the pseudonym "signatures", which
allow identifying harmful software.
This test, which was considered highly reliable at the time, is one of the most
controversial tests. The reason is that, for manufacturers, their
solutions incorporate other methods of identifying not only viruses, but also
other threats such as malware, more effective if we consider the importance and
magnitude of the threats. In this way, Toraly Dirro, McAfee security engineer,
highlighted that “this test is important, but it is no longer
infallible. The reason is none other than the fact that there has been an
explosion in the number of unique virus programs created by hackers that have
resulted in a reduction in the effectiveness of the virus. The result is
that manufacturers have had to incorporate another type of defense to detect
other types of threats, and in some cases it overlaps with detection through signatures”.
What is being used
And, as technology advances, manufacturers are employing behavior analysis
detection systems that identify whether a certain application is harmful
depending on the action it takes on the PC. In other words, a user can
download a virus or malware onto their computer, without their knowledge, and
that it is not detected by those security applications that base their
operation on analysis through signatures. On the other hand, if the
program in question starts to send spam, thanks to the behavior analysis detection
system, the action of the virus can be neutralized.
But it is not only detected in the case of spam. The actions of threats
can also be neutralized in the case, for example, that they try to exploit a
buffer vulnerability, where a failure in internal memory can mean that the
virus works without problems.
Manufacturers also want evaluations of other types of systems, such as
host-based systems, or intrusion or prevention systems (which include firewalls
and inspection techniques), as these can also stop systems attacks.
Shapes count too
Another key factor in changing evaluation modes lies in the way in which a
computer can be infected. For example, years ago it was most common for a
virus to collect on a PC if the user had inserted a floppy disk. Instead,
today, the forms are different, and more complex. The infection can occur
through an email message, or by visiting web pages that have been designed to
exploit web browser vulnerabilities.
Thus, it should be noted that, continuing with the reasoning, the various modes
of attack also imply that there are various defenses, “which should be
evaluated exhaustively. The tests that are carried out based on the
analysis of the signatures take less than five minutes to analyze the system,
insufficient time if what you want is to know the effectiveness of a certain
solution ”, highlights Andreas Marx, director of AV-Test.org . "The
reason why this type of test is still carried out is that it is easy and
cheap," continues the person in charge.
And the worries do not stop here. The amount of viruses that exist in the
network, or the fact that the samples that are carried out are “already old”,
are factors that also concern the computer security sector, which advocate “an
evaluation system that verifies what applications are capable of neutralizing
threats, since if the analyzes are excessive they can affect the functioning of
the computers, while if they are scarce, viruses can create real havoc”.
No comments:
Post a Comment