All the latest UK technology news, reviews and analysis
|
|
|
04 Apr 2006
A boast by F-Secure that it can counter new infections more quickly than any other antivirus firm has provoked an angry response from rival vendors.
The row was sparked when a senior F-Secure executive told vnunet.com about the firm's ability to beat its competitors "easily".
"Symantec's figure is somewhere around nine hours. McAfee's is around 10 hours. So we are beating them easily, we are beating the big boys hands down," claimed F-Secure's chief research officer Mikko Hyppönen at a recent briefing.
However, McAfee responded angrily to the claims, describing them as "
mischievous".
"Mikko Hyppönen is certainly picking and choosing his battles, and the figures
he is quoting are from specific threats," Nick Bowman, a spokesman at McAfee,
told vnunet.com.
"Some of those threats McAfee did not classify as medium risk or high risk and therefore didn't release any emergency DATs for them."
Hyppönen claimed that F-Secure's average reaction time to a virus is just two hours and 37 minutes.
"The average reaction time we have as clocked by the University of Magdeburg in Germany, Andreas Marx and his team, is two hours and 37 minutes. That's from the moment a new virus is found to the moment we are protecting our customers," he said.
Bowman begged to differ, however. "That's not specifically true. If F-Secure doesn't receive a sample of a threat until 24 hours after McAfee receives a copy, does that mean that the virus is not discovered until F-Secure receives the copy?" he said.
"For instance, McAfee and Symantec detect certain families of viruses without actually needing to put out an extra DAT file.
"If we were all at that same level Hyppönen would have a case, but he's just picking and choosing things where we may well have protected customers in any case without having to release anything at all. It's a bit mischievous, really. "
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Field/Site Engineering Manager/Leader Brief: Polar...
Product Manager, Open Repository (ref:BMC/PMR) End...
Java/J2EE Software Developer/Programmer - Dotcom/ eCommerce...
Field/Site Engineering Manager/Leader Brief: Polar...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Forget 2 hours, the entire process needs automating
This article highlights a number of issues surrounding the window of exposure between the emergence of a new or evolved piece of malware which is not detected by antivirus and anti-spyware signatures. Finding New and Evolved Malware Security companies tend not be on the mailing list of malware companies distributing their latest spyware creations. Malware companies are smart and fully understand the need to avoid their latest product falling into the hands of their slayers. Security companies therefore have to find new malware for themselves. Today there are three primary methods of doing this, Honey Pots, User Submissions and Web Trawling. Many companies use a combination of all three. However, these techniques often do not find new malware some considerable period of time, days and in many cases weeks. Malware Testing And Determination Once the security vendor finds a new software sample they have to work out if it might be malicious. With more than 50,000 new unique windows programs emerging every day it is hard to pinpoint the 1,000 or more that may be mailcious. To make matters worse Malware companies are deliberately varying their products so that each installation is unique. Consequently, the security companies are left with an ever increasing list of programs that need lab testing. As if that's not hard enough, malware companies are making their products more and more environmently aware. Many malware programs today refuse to perform the malicious behaviour that will betray them if they are being run inside a lab environment. These issues are making it harder and harder for security companies to keep pace. The impact is likely to be bad news for those wanting faster and more comprehensive signature protection. Signature Creation Antivirus signatures can take many forms. Some signatures might detect a single executable file, others may lock onto textual messages inside the executable. Issuing a signature that detects a single executable is very easy and fast. One's that may provide protection against a family of malware can take much more time. Cleanup Most of the state-of-the-art uses highly advanced techniques to persist. Some malware may also modify existing system components. It is therefore not as simple as merely detecting and deleting a piece of malware. The security company needs to consider the process of detecting, deleting and disinfecting. All of these frequently must be decided before a signature is ready for distribution. Failure to adequately deal with these issue could render the system unusable. Quality Assurance QA is a major element of signature distribution. Some signature and clean up methods might be sensitive to the operating system used and its patch levels. These complexities just add further to the time it all takes. Distribution Security Vendors use a variety of different signature distribution models. Some may poll for new signatures every hour others daily, some even weekly or on user demand. I think Mikko Hyppönen comments have been blown out of proportion. The battle that ensued is missing the point. Current technologies are failing to keep pace with the volumes and diversity of state-of-the-art malware. The result will be a steady increase in the window of exposure, more infected systems and an increase in the computing power controlled by malware companies, until these processes are automated. Sincerely Mel Morris
Posted by: Mel Morris 07 Apr 2006
false positives??
"On the other hand, smaller antivirus companies, Marx said, tend to have more problems with false positives." It seems Mcafee had past records of deleting files from computer due to false positives, but seldom heard other AVs did.
Posted by: FP 06 Apr 2006