Friday, December 18, 2009
However, as I expected, a few months later, we see an identical test result from two of the premier test houses in the world: AV-Test.org and AV-Comparatives.
Norton won both those tests!!
That should serve as a good kick in the nads for all the Norton naysayers and especially is a slap in the face for Avast whose CEO posted this blog http://blog.avast.com/2009/10/30/dennis-technology-labs-vs-vince-technology-labs-can-testing-paid-for-by-an-av-company-be-trusted/ dismissing the Dennis Labs test on grounds of trivialities like poor website design! Hey Avast, when is your next milestone False Positive - 100 million FPs for 100 million customers.
Thursday, December 3, 2009
PrevX here is a tip. Learn from Norton and the other big boys. You never throw shit up in the air without doing your homework. Because if you dont, it going to come right back down and hit you smack in the face. And most of all, you dont mess with a company like Microsoft that probably spends more on quality assurance on a single patch than PrevX spends in 2 years.
I wondered at the time as other did why PrevX customers were the only ones seeing this problem. Did anyone smell a rat. And then PrevX releases a patch that "fixes the problem", not "works around Microsoft's bug". By then, we should have realized that the cat was out of the bag. That PrevX had screwed something up.
And sure enough, a few days later, PrevX recanted and posted this on their blog.
PrevX, you may want to grow up so that some day you will at least 10% of great companies like Norton
Wednesday, December 2, 2009
To commemorate this major milestone (ahem lie), they decide to give all their 100 million customers a little gift. The gift that every Antivirus customer dreams of..
No silly, we are not talking about a 25% discount. We are talking about something far more valuable, the holy grail of antivirus - 100% detection. Detection of all threats, no exceptions, nothing gets through.
The catch ?? just a little extra gift of appreciation - 100% False Positives.
Yes, my friends, AVAST released an update today that was generating false alerts on every executable on your hard-drive including Windows Signed executables. Here is a sample of the alert.
What a bunch of jokers. This false positive has completely trashed millions of computers and flooded security newsgroups with postings from frustrated users trying to fix the mess that Avast created. Ofcourse, none of them can go crying to Avast because they dont have a leg to stand on since they didn't pay for Avast, Avast being a free product. You can see a sampling of the outcry here http://www.dslreports.com/forum/r23428578-False-positive-in-Avast-or-is-it-real
These Free AV outfits seems to have a history of large scale mayhem. Right after their acquisition of LinkScanner, AVG was caught artificially generating tons of internet visits to websites you haven't even visited. That was eventually fixed through a design change in LinkScanner. You can read all about that fiasco here http://www.theregister.co.uk/2008/06/13/avg_scanner_skews_web_traffic_numbers/
Saturday, November 28, 2009
Hello! PC World are you forgetting you are a home user magazine. Home users dont want to make decisions ! They dont know how to make decisions. How in the world did you give GData the crown if they have a product that keeps forcing the user to make a decisions.
Is it just me or are these magazine tests getting worse by the year even though they were useless to begin with.
You can read all about the test here
Saturday, November 14, 2009
I did some testing with exes found at malwaredomainlist.com. The results were as expected very dissapointing. Here is a screenshot of the results on an unpatched XP SP2 box. Can you spot the Rogue Antivirus. Lol! Anyway, the screenshot shows that even with 3 fakeAvs running, Immunet doesn't have a clue... not a peep.
They have also been busy astro-turfing, flooding the internet with good news about their crappy product. See http://www.dslreports.com/forum/r23305665-Anyone-else-using-Immunet-Protect
Their idea is nothing new, signatures in the cloud, correlation across other users, collective intelligence, same ol, same ol. This area has probably been patented to death.
This product is whats called a PARASITIC product. They monitor detections of other products that may be running on the machine, and claim those very same detections as their own. Nasty!!
The implications of this are interesting to say the least.
1. Immunet can never detect anything that is not detected by at least one other product. That is, it doesn't bring anything new to the table. So why would you need it ?
2. Because it in essence siphons of detections from other product, it always runs the risk of not seeing the detections if it can't hook into the events that a product like Norton generates when it detects a threat. In fact, I hope Symantec, McAfee, Kaspersky, AVIRA and others see this posting and lock down their event/alert interfaces so they can't be read by Immunet. Lets get rid of the parasite.
I predict that in about 3 years at most, Immunet will be relegated to the ever increasing pile of failed security-wannabe startups... that is, unless they get bought out by some clueless company like IBM with deep pockets. I have a feeling that Symantec will not be one of contenders for a buyout :-)
There is an interesting blurb at the very bottom of their website site and it reads
" Dont wait for other vendors to re-architect their products when you can use Immunet Protect today. "
Wow, if there is one skill startups have, its FUD. I suspect that comment is targeted at Symantec given the pedigree of the company. However, I am sure that by now the defectors know that Norton has successfully ships their "re-architected" products with Quorum technology to millions of customers. No need to wait, get the best, get Norton.
Saturday, November 7, 2009
But whats impossible is the test results from Av-Comparatives, one of the two premier testing houses in the world. In there most recent test in August 2009, with 1.56 million samples (http://www.av-comparatives.org/images/stories/test/ondret/avc_report23.pdf) , the top two spots were
GData - 99.8% detection
Avira - 99.4% detection
Seriously, 99.8% detection on such a large sample set. Thats what I call Impossible. Something smells funny. Specially considering that every day there are 30,000 new pieces of malware how in the world is GData and Avira able to detect such a high percentage.
I think this whole arrangement between AV-Test, Av-Comparatives and these AV Companies needs to be investigated. I for one do not trust them.
Friday, November 6, 2009
1. Not patching and getting compromised by a drive-by download when they visit an infected site
2. Open an email attachment
3. Run a fake keygen, crack, rogue AV, Fake Codec or some other socially engineered malware
4. Open a malicious PDF
They dont scan a million files!!
Companies like Symantec have gotten tired with such test methods since they do not test 90% of what products like Norton have to offer. Norton products have probably the most layered security of any other product. They have:
a) Local Antivirus
b) Cloud Antivirus
c) Reputation with Quorum
d) Behavioral detection with SONAR 2
e) Intrusion Protection
f) Browser Protection
g) Website Reputation with SafeWeb
A&A tests just a). Bletch!!
So they hired Dennis Labs to do a real world test. The challenge (as outlined in the Dennis Labs results document http://community.norton.com/norton/attachments/norton/ModBoard/58/1/PC-Virus-Protection-2010-DTL-Report-consumer.pdf) is to expose a machine to malware like a real user would - browse to an infected website, open attachments etc.
The results were spectacular. Norton Internet Security 2010 got a 100% detection rate. Unbelievable ? Maybe.
Not surprisingly there has been a huge backlash from companies (even CEOs like Avast) claiming that the test is bogus, the results are bogus etc. Avast has not a contender in my book but after their CEO's pathetic clearly clueless reaction (Google it), they have reached a new low.
Everyone is focused on the result.. the fact that NIS had a 100% detection rate. That fact is irrelevant. What is important is that one company has taken a stand and challenged the status quo to come up with a better testing methodology that will benefit all customers, not just Norton's.
No doubt the backlash will continue to come from all the shills and ghost posters from other companies that only have a lame static file scanning engine. Avira and GData at the very top of that list.
2) The second problem is that virusTotal uses just one of the scanners a typical security product has nowadays. Security products have a plethora of engines, intrusion prevention engines, HIPS, NIPS, FIPS (ok I made that one up), Behavioral Engines, sandbox etc. and none of these engines are tested by VirusTotal.
So when choosing an AV product be wise, don't decide based on results from VirusTotal
Ofcourse nothing, and I do mean "nothing" go unnoticed by Norton's friends in Romania, home of Nadia Comaneci and BitDefender. Ofcourse I shouldn't be even mentioning them in the same sentence, because BitDefender is in a league of its own.. the plagiarizing league that is.
See their product that released the following year. Notice any similarities ?
A year later GData releases their TotalCare product. See anything you recognize ?
Norton's competitors got very good at follow-the-leader. Here are a few examples in the hall of shame showing screenshots of their versions before and after the Norton FIX NOW change.
Trend Micro - The Before
Also notice the System Status area saying "OK" that gives the user the assurance that all systems are GO
Needless to say, competitors followed suite, and the very next year, everybody had the Green/Red and Yellow.
Sometimes I wonder if other companies employ anyone that specializes in user-interface design ? or do they just ape Norton. You decide.
This is a very rarified club of companies inducted into hall of famous verb. Among them is one of the original examples of how the Internet was used to solve a classic business problem.
Yes. We are talking about Norton Liveupdate which Symantec introduced early in in the 1990s and was used to distribute definition updates over the internet.
Ofcourse, as is so often the case, through some twist of fate, the US Patent office screwed things up and McAfee was granted a patent for the process, even though prior art was present at every turn. Needless to say, CrapAfee will never be able to enforce that patent.
Well, you guessed it.. Norton. Waaaayyy back in 1999 when Symantec released Norton Internet Security 2000 and Norton Internet Security 2000 Family Edition.
Here is a boxshot as proof.
At that time, upstarts like Kaspersky, AVIRA, Avast, GData, AWIL, Rising were not even an egg, let alone being born. The better known players like McAfee, Trend, Panda didn't even have internet security products.
It all started with Norton..