Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/17/2012
05:32 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Agnitum: PC Security Test shows Antivirus Products Being Left Behind

PC Security test reveals users of 64-bit Windows Anti-Viruses are being left behind

St. Petersburg, Russia — May 15, 2012. The dismal Proactive Security Challenge results turned in by the big AV (Anti-Virus) players in the most recent Matousec.com 64-bit Windows 7 tests are making us wonder whether security companies are really catering to the needs of 64-bit PC/OS users. Are traditional AV vendors even capable of delivering reliable and robust protection to these users?

I. 64-bit OS security landscape

With the increase of processing power and rapidly dropping memory prices, 64-bit systems are firmly in the mainstream (check the latest Steam statistics — x64 systems are used on more than 60% of the modern gamer-oriented PCs).

Security-wise, 64-bit systems benefit from the improved native protection implemented in Windows Vista and Windows 7; this improved protection comes from such security mechanisms as mandatory driver signing, kernel patch protection and hardware-based DEP (Data Execution Prevention). These tools are designed to minimize the incidence of rootkits and other powerful and sophisticated malware. Thanks to these and other tools, 64-bit systems are, at least on the surface, much more solid and secure than their 32-bit cousins.

To complement native security protection for 64-bit systems, Anti-Virus vendors have, of course, rushed in to save the 64-bit user from malware enslavement with tools that claim to protect against any and all types of infections. If the results of the 64-bit Matousec.com tests are anything to go by, most of them have failed miserably. The reality is that, far from being more secure than 32-bit users, owners of 64-bit Windows systems are actually lagging in available flexibility and strength of protection.

II. Proactive security test results

The table below aggregates the results of 32-bit and 64-bit system testing for selected products.

Product, participants for Proactive Security Challenges at Matousec.com (version for x64 test ) 64-bit score

(% in 110 tests for Windows 7), early 2012 32-bit score

(% in 148 tests for Windows XP), before 2012 64-bit score

32-bit score

— average, %

Outpost Security Suite Pro 7.5 86 97 92%

ZoneAlarm Extreme Security 2012 43 72 58%

ESET Smart Security 5.0 33 6 20%

Kaspersky Internet Security 2012 28 93 61%

Norton Internet Security 2012 10 20 15%

Bitdefender Total Security 2012 9 97 54%

PC Tools Internet Security 2012 6 90 48%

AVG Internet Security 2012 3 3 3%

McAfee Total Protection 2012 3 2 3%

By comparing the results of the recent 64-bit tests with the results of the most recent 32-bit tests (roundup test finished in October 2011), it becomes clear that the majority of vendors are falling short when it comes to 64-bit protection. We have to ask ourselves whether it’s a lack of expertise in 64-bit architecture or just laziness on the part of these developers, but either way, users are losing out. And we don’t think that’s fair on anyone.

III. Vendors interpretations

It’s even more disheartening to read recent response following the publication of the results (comments are provided in the Latest News for Proactive Security Challenge 64-bit at Matousec.com). Reading between the lines, it seems what they are saying is "give us more time and we’ll come up with a better solution that will be able to pass your tests". Considering that 64-bit Windows systems have been around for more than five years, and Windows 7, the platform adopted for the current test, is a good two and a half years old, it begs the question: how are users supposed to protect themselves in the meantime? And sadly it is not the only vendor taking this position.

All too often, it seems that big security players disregard the need to address penetration and leak tests for 64-bit Windows, which constitute the lion’s share of the tools used in the Matousec studies. These tools simulate typical intrusions by using the attack vectors and breach techniques used by real malware and 0-day threats, unearthing the shortcomings of systems that allow unknown viruses to penetrate current defenses and wreak havoc.

Most security vendors present in the table have historically shied away from putting their products through such tests because they say the additional protections required would sacrifice product usability. In the tradeoff between this kind of usability and increased security, they favor the former.

IV. Agnitum’s view

As a smaller player, we see the situation a little differently. To overcome the potential problems of more user prompts and alerts triggered by the introduction of system integrity controls, we have developed a mechanism of automated response to such events. It enables Agnitum to enhance security without getting in the user’s way all the time and asking questions most users have no hope of being able to answer. This has resulted in a formidable 86% pass rate in 64-bit Proactive Security Challenge tests, and we are working on improving this result by analyzing bypass techniques even further.

Looking at the broader picture, the major takeaway from the current Matousec.com report is that the majority of 64-bit systems are vulnerable and exploitable even with a "big-name" security product in place. Only a fraction of the available products deliver acceptable levels of protection. Agnitum, on the other hand, provides protection for both 32-bit and 64-bit systems with products that are not tweaked to recognize and block simulated attacks, and doesn’t distinguish between architectures.

We just monitor the integrity of the environment and stop attacks at their source, whatever techniques they employ. By embracing this kind of proactive approach to combating threats, any product should deliver more robust and reliable protection against unknown threats than those competing solutions that address predefined malware samples or only adapt to known techniques once they are fully researched.

For more information and to request review copies of Outpost Pro 7.5, please contact:

Vitaliy Yanko,

Director for Marketing and Sales, Agnitum Ltd.

[email protected], Skype: yan.vit,

office: +7 (812) 3365245, ext. 105 (10 AM – 7 PM, Moscow time, +4 GMT)

mobile: +7 (911) 9612835 (8 AM – 2 AM, Moscow time, +4 GMT)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4682
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
CVE-2020-4888
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
CVE-2020-13569
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.