Trend Micro plans to withdraw its software from the Virus Bulletin 100 (VB100) tests after criticising them a poor way of deciding how well security products defend against contemporary internet threats. Virus Bulletin's VB100 tests aims to assess how security products fare in detecting a set of viruses from the WildList, an up- …
I thought all this virus/malware stuff was no longer a problem after microsoft launched vista. I mean, it's secure innit?
I don't get this
This chap seems to be criticising the test for using out of date data. That sounds fair enough - a test should use data that is relevant to the current (and future) situation.
This doesn't explain why their virus finder (and, it seems, McAfee's) does so badly though. if they can't detect old viruses which are presumably very well understood, what chance have they got of finding new ones that they don't understand yet?
As for "21,000 new samples [viruses?] a day" - Well, is it just me that thinks that this highlights the stupidity of even using (read "needing because the OS is crap") a virus scanner at all - it's an impossibly unworkable answer to the problem.
@I don't get this
Linux/Macs need protecting from threats too you wanker. Normally wanker users who think there OS is as strong as diamond. Put your E-Penis away.
And just not being a retard will save most people from needing AV - you know, not opening dodgy emails, not visiting free sites, not downloading software "cracks", not trusting warez, not clicking on ads, not clicking on "your computorz has t3h aidz" pop ups.
To protect against cleverer threats, pick up that usb modem and throw it in a bin, purchase a real router. Job is now done.
Sure it isn't quite that simple, but darn those things alone would make the world a quiter place.
It's stories like this that
It's stories like this that make me wish I hadn't forked out for a 3 years McAfee subscription with my new laptop instead of declining and going with AVG free or Avast.
What's being tested?
" . . . but it's a tried and tested approach that continues to be useful. Anti-malware products should be able to detect items of malware in circulation. VB100 is a measure of product competence and ongoing reliability that's useful for the end-users," Hawes explained."
With a reply like that I think I can understand why some others aren't exactly convinced. It doesn't really say anything other than VB100 comes in handy sometimes.
Twenty one thousand
21000 unique samples per day, every day. There isn't that much unique spam never mind virii. Looks like someone used to work in advertising.
If Trend can'd detect old viruses, why expect them to detect modern ones?
"'Besides this, the WildList only covers self-replicating malware such as viruses, but not today's most common threats, like Trojan Horses or rootkits. By ignoring today's reality, the list misses the really HOT samples and the numbers of samples on the WildList is too small,' he added."
This highlights the basic problem as stated in my subject line. The quote above may be a good criticism of the VB100 test, but its not a valid excuse for any vendor's anti-virus scanner failing to detect 100% of the "outdated viruses". Any anti-virus scanner that can't reliably detect a bunch of older viruses is obviously a garbage virus scanner.
Trend = FAIL
What a joke! The VB100 test is a quarterly test. Trend most recently passed the test in June 2007. Yeah, that is four failures in a row over the past year.
So if you cannot win, declare the game unfair and quit playing.
What is even more funny is their CTO describing the VB100 as a "20th Century Test". So basically Trend's CTO is saying they have difficulty catching viruses which date to the previous century.
Paris because she also doesn't get the joke is on her.
I think the real reason they don't like it is because its understandable
its a great metric, and its greatness lies in its simplicity. You either kept the computer safe from all known viruses, or you didnt. Even my non computing grandma can understand it.
What I think trend is looking for is some test that's so hard to understand that they can explain away a fail with doubletalk about the metrics being bad.
Can only guess reason for Trend's decision
it tends to require money to meet the requirements and they'd rather spend it on Directors rewards
Lost their bottle?
If they were quitting after an unbroken run of VB100 successes, you'd be forgiven for thinking they were finding the test too easy. But since they're not, it looks a lot like they're finding it too hard, wouldn't you say?
NIRobotIQs ..... Advanced IntelAIgents Virtual Defence.... an Emerald AIsle Jewel*
"By ignoring today's reality, the list misses the really HOT samples .." Has it been considered that that is part of ITs ProgramMIng ....... so that really HOT samples Control the Great Game Fields for ITs ARGonaut Players?
* and not a lot of people knew that.
I wonder just how Good all our supposed all singing, all dancing Search Technology is, at Delivering the Future Goods..... with Intelligence Lighting the Paths and Ways.
And yes, it is AI Turing BetaTest. IT is after All, Artificial Intelligence, we XXXXPlore and Fab Imagination Leads Way out in Front, AI BetaTesting with that Absolutely Fabulous Ride/Journey/Magical Mystery Turing Trip.
Hmmm ..... A White Coat.....must be a Clinic Bar in a Green Room. I bet you they have some Yarns to Tell/Webs to Spin/Threads to Weave. :-) for a Beta Class of Crazy in Sanity.
I bet you Terry Pratchett would understand that Perfectly.
Re:I don't get this
>This doesn't explain why their virus finder (and, it seems, McAfee's) does so badly though. if they can't detect old viruses which are presumably very well understood, what chance have they got of finding new ones that they don't understand yet?
There are two reasons for this.
1. Trend or McAfee are not exactly the best and most up to date AV houses in the market currently.
2. The VB100 relies on wildlist, which has really outdated criteria on what they take into their collection.
Thus most of the stuff that is in the wildlist is not really all that relevant threat, and VB100 is not the complete truth on just how good or bad AV product is.
And companies which really have to spend effort to keep up to date with current threats do not have time to cover all the esoteric stuff that is our there.
Does it detect Vista?
I rest my case. Got the coat, bye...
re: If Trend can't detect...
Couldn't have said it better myself. If you're the leader in the field, with a product that passes every test flawlessly, you're in a position to argue that the tests aren't stringent enough. If your product is crap and fails miserably, it sounds like you want a new test rigged to make yourself look better.
One more (important!) issue...
...is that if some prankster decides to infect your machine with a copy of Chernobyl or similar, most modern virus scanners won't pick it up. Presumably because it's so "last century". Or maybe even the BackOrifice installation that snuck its way on to your PC (via some trojan horse), because that's "last century" also? Never mind that having a keylogger installed without your knowledge is very dangerous, epecially if you like to shop online or do online banking...
Regression testing is important, because you never know what viruses may come back to bite you in the bum. Trend's announcement that they don't have any interest in regression testing has just convinced me that I won't be buying (or considering for any of my clients), Trend's products, because they don't seem to have the slightest interest in actually protecting their customers.
RE: It's stories like this that
AVG is awful too. A resource hog, and I found it detects sod all. NOD32 seems to be high up these days as well as I do believe Avast and Kaspersky?
Anyone with any IT knowledge knows big name vendors are CRAP, Norton Antivirus being a good example. They also know not to use AOL.
K thx bye cheers good crack.
The reason they want to stop detetecting the old style "hobby" virii is becuase it slows down system performance matching out of date stuff. They could put in detection for these known viruses in Vb100, but that would require a large database of knwon patterns to check and most of the big names are already infamous resource hogs, so they concentrate on methods, maybe not 100% effective at detecting all viruses, but can detact a greater proportion of unknowns that modern virii tend to be.
Contrary to what you might expect, decent virus scanners use hash tables to detect viruses and therefore the cost depends very little on the number of virus signatures present.
Of course, there are some viruses that are still quite expensive to detect, but these are in the minority. Generally speaking, adding more signatures doesn't increase the system load much at all.
A wanker writes
Actually I use no anti-malware and am not cautious about what sites I visit or attachments I open. I'm on Linux and I've never had a problem as a result of this wanker behaviour. As a regular wanker, I would like to assert that having a half-decent OS does seem to help.
Any other wankers have similar experiences? Or am I just a lucky wanker?
Re: A wanker writes
That wanker has a right old problem on his hands if he downloads a dodgie Java object or Firefox plugin. Easily coded to fuck windows, linux and mac to be fair. Linux/Mac have a console that support unix commands. simple "rm -rfv /" initiated by a bad plugin or java object would nuke the machine.
In theory it would require access to root to do that, but if the wanker has set root as the same as his default user.
Makes complete sense
I makes complete sense that their test is outdated because AV software is so 20th century. AV software was outdated in 1995 and has only become more irrelevant every day since. The industry just struggles on because its a cash cow, charging clueless n00bs monthly or yearly fees for signature updates that are outdated by the time you download them. It used to be you updated your AV once a month or once a week, daily is now the norm and some of them want to update every few hours. Anyone see the futility in the reactive model?
All systems are vulnerable, just some are more vulnerable...
Everything is vulnerable, some systems are more secure some systems are less secure.
While Windows clearly does need a lot of patching, third party applications and a great deal of skill to stay clean, Linux/Unix/Mac are not perfect and it is unwise to expect it to be safe without some user effort.
Another (smug) wanker writes
Andrew wrote: "That wanker has a right old problem on his hands if he downloads a dodgie Java object or Firefox plugin. Easily coded to fuck windows, linux and mac to be fair. Linux/Mac have a console that support unix commands. simple "rm -rfv /" initiated by a bad plugin or java object would nuke the machine."
Care to show me an AV product that procects a PC from the luser clicking before engaing their brain? Care to show me an AV product that is of any genuine security benefit to us Linux lusers/wankers? The only benefit is that it allows us to check that the contents of a CD/memory stick/hard drive/whatever is safe to insert in a PC running a legacy OS from M$.
All flavours of Linux come with a proper firewall and none need AV software. Add NoScript and a bit of common sense with your mouse finger and your chances of being pWn3d are about the same as finding rocking-horse shit on your hand-woven FairTrade Andean mountain goat hair rug or a secure installation of Windoze.