Saturday, February 13, 2010

Another report of a missed detection on the malwarebytes forum

the malicious URL in question is

With all detections in NIS2010, you first get an very informative Norton Insight dialog.

Most users will choose not to run the malware. But even if they do, the second proactive layered protection component kicks it SONAR and kills the threat. Once again, just a reminder, there are NO SIGNATURES AT PLAY here. All of this detection is zero day.

Download missed by MalwareBytes

Another posting on the malwarebytes forum about a missed detection

The malicious URL is

SONAR detection, no signatures required!

Another missed detection by MB

Another malwarebytes customer complaining about a missed detection

And SONAR detects it without any signatures.

Another missed MB detection

Another missed detection on the MB forums

The malicious URL is

Ofcourse SONAR detects it, no problem

Another missed MalwareBytes detection

The malicious URL is

detected by SONAR:

Malwarebytes Missed detection

There is a lot of buzz about how MalwareBytes is able to detect threats that other large vendors including Norton miss. That is a joke. Here is the fact: MalwareBytes detects 2000 odd threats that other vendors miss. Norton and other vendors detect MILLIONs of threats that MalwareBytes miss. So if you to do away with your Norton product and rely on a free product like Malwarebytes, you are taking your life into your own hands.

I started looking into these so called reports of threats missed by Norton that malware-bytes detected. The first thing to realize is there is no one product called "Norton". Every Norton product is different, and when discussing the protection capabilities of Norton products you must look at the latest version of the consumer product Norton Internet Security 2010.

In this series of posts I will look at various samples posted on the MalwareBytes forum that their product missed, and test how those samples will fair against NIS 2010 ON THE SAME DAY that they were posted. This is important in order to provide a level playing field; we dont want to give Norton even a day's time in order to add a definition for it. We are looking solely for SONAR aka heuristic detections.

Here is the first one.

Norton detection:

Friday, January 1, 2010

NIS 2010 wins Product of the Year from AV Comparatives

Over the holidays, AV Comparatives which is one of two premier Anti-Malware testing houses in the worlds released it Summary Report of the top products of the year. #1 on that list with a GOLD medal was Norton Internet Security 2010. This award is the most significant award of the year because of the sheer amount of data points that were used as input to the test. To win this award the product has to consistenly beat out its competitors in detection rates month-after-month as well have low false positives.

Congratulations to NIS2010 on being awarded the best security product of 2009.

You can read all about it here