About Me

Archive

Archive

Read More

Blogs

Feeds & Podcasts

Meet the Bloggers

Archive

Tags

#McAfeeFOCUS, #MFETrivia, #SecChat, #SecurityLegos, $1 million guarantee, 3DS, 3G, 12 Scams of Christmas, 99 things, 419 scam, 2011 Threats Predictions, 2012, 2012 London Olympics, 2012 Security Predictions, 2012 Virtual Sales Kickoff, Abbreviation, access to live fraud resolution agents, Account Takeover Scams, Accredited Channel Engineer, ACE, ACE certification partner, Acquisition, addiction, Adobe, adult online content, advance-fee fraud, Advanced Persistent Threat, advanced persistent threats, adware, AET, affiliate marketing schemes, Alex Merton-McCann, Alex Thurber, AMTSO, analysis, Android, Android/FakeToken, Android/FakeUpdates, Android/NickiSpy, android antivirus, Android Bot analysis, Android Dropper, Android Exploit, Android Malware, Android Malware Analysis, Android Market, Android Mobile Malware, Android Rooting Exploit, Android security, android security app, Android SMS broadcast, animation, Annual Partner Survey, Anonymous, Anonymous Group, anti-malware, anti-phishing, anti-spam, anti-spyware, anti-theft, anti-virus, anti-virus program pops up, Antievasion, antivirus, Antivirus software, APIs, App Alert, Apple, application blacklisting, application developers, applications, application security, app protection, apps, app safety, app security, APT, Arun Sabapathy, ASIC, ATM scams, ATM skimming, attack, attacks, Australia, authentication, automobile, automotive, AutoRun malware, AV-TEST.org, award, awards, Backdoor, Back To School, Bad Apps, balanced scorecard, bank accounts, bank fraud, banking, banking fraud, Belarus, Bernie Madoff, best practices, beyond the PC, Big Data, big security data, bill collectors call for nonpayment, Bin Laden Scams, Biological Computer, Bitcoin, BlackBerry, Blackhat, Black Hat, black hat hackers, blue screen, Bluetooth, book, bot, botnet, botnets, bots, Brazil, breach, Brent Sanders, bueno, buffer overflow, Business IT, C-SAVE program, Cameron Diaz, canada online scams, CanSecWest, car hacking, case study, celebrities, certification, chain mails, Change Control, channel partner, Channel Partners, Channel Partner Town Hall, Channel Program, Channels Town Hall, Charity Phishing Scams, child identity theft, children online safety, children safety online, child safety, Chile, China, chris barton, christmas, Christmas scams, christmas shopping, Christmas shopping concerns, Christmas shopping crimes, chromebook, CIO Insomnia Project, CISO Executive Summit, Citrix, Civil War, class action lawsuit, clickjacking, cloud, cloud apps, Cloud city, Cloud computing, Cloud Expo, cloud security, Cofer Black, collaboration, college students, Commercial/SMB, Commercial and Enterprise Deal Registration, Compliance, computer, computer issues, computers, computer security, computer support, conference, Conficker, consolidation, Consumer, consumerization, consumerization of IT, consumer threat alert, consumer threats, Consumer Threats Alert, Content Protection, Continuing Education, cookies, Corporate Responsibility, counter identity theft, creating safe passwords, creating strong passwords, credit card fraud, credit card fraud and protection, credit card skimming, credit card thefts, credit fraud alerts, credit monitoring, credit monitoring and resolution, credit scores, crimeware, critical infrastructure, cross-site scripting, CSP, currency, customer service, CVE-2012-0158, Cyber, cyber addiction, cyber attack, cyberattacks, cyber bullying, cyberbullying, Cybercrime, cybercrime, cybercriminal, cybercriminals, cyber criminals, cybercrooks, cyberespionage, cyber ethics, Cyber Insurance, Cyber Intelligence Sharing and Protection Act of 2011, cybermom, Cyber Monday shopping, cyber mum, cybermum, Cybermum India, Cyber risks, cybersafe, cybersafety, cyber safety for women, Cyber savvy mom, cyber scams, cyberscams and identity theft, cybersecurity, cyber security, cyber security awareness, cybersecurity concerns, cybersecurity mom, Cyber Security Mom, cybersquatter, cybersquatting, cyberterrorists, cyber threat, cyberthreats, cyberwar, dangerous searches, Darkshell, data, Database, database activity monitoring, database security, data breach, data breaches, data center, Datacenter, data center security, Data Classification, data loss, Data Loss Prevention, Data Protection, Data Protection Act, dating scams, Dave DeWalt, Dave Marcus, David Small, DDoS, Deal Registration, decade of cybercrime, deceptive online promotions, dedicated security appliances, Deep Command, Deep Defender, DeepDefender, Deepika Padukone, DeepSAFE, DefCon, DefCon Kids, denial of service, denied credit, Department of Commerce, device, Device Control, devices, dewalt, digital assets, digital assets worth, Digital Certificates, digital devices, digital gadgets, digital music and movie report, distributed denial of service, DLP, Dmitri Alperovitch, DoS, DougaLeaker, download, downloader, downloaders, drivers license, drivers license identity theft, dumpster diving, Duqu, e-card scams, e-gold, e-mail id, earnings, easter, Easter scam, eBay, ecards, ecard spam, eCommerce, Ecuador, education, Eelectric Vehicle, EFF, election, email, Email & Web Security, Email & Web Security, email accounts, Email Protection, email scam, email scams, email security, email spoofing, embedded, embedded devices, Embedded Security, EMEA, Emerging Markets, Emerging Market Security, EMM, employment fraud, Employment Identity Theft Scams, encryption, Endpoint Protection, Endpoint Security, Endpoint security suite upgrade, energy, Enhanced Deal Registration, enterprise, enterprise mobility, enterprise resource planning, enterprise scurity, enterprise security, epayment, epo, ePO DeepCommand, ePO Deep Command, ePolicy Orchestrator, Epsilon, epsilon security breach, ERP, ESM, espionage, etiquette, EV, Exif, exploit, Exploit for Android, exploiting real brand names, exploits, facebook, Facebook Security, Facebook spam, Facial recongnition, fake-av, fake alert, fake ant, fake anti-virus software, Fake AntiVirus, fake anti virus, Fake Anti Virus Scams, fake emails, Fake Identity, fake software, fake system tool programs, fake updates, fake websites, false, families online, family, family identity safety, family online safety, family protection, Family Safety, Farmville, FBI, FDCC, fictitious identity theft, FIFA, file sharing, financial scams, Financial Security, Firesheep, firewall, FISMA, Fixed Function Devices, Flash, flashback, Focus, Focus11, FOCUS 2011, forrester, forwards, Foundstone, France, France Law, fraud, fraud resolution, fraud resolution agent assistance, fraudulent credit card or bank charges, free, Free gift card scam, Free giveaway scam, freely downloadable morphing tool, free money scam, free money scams, free WiFi spots, french, French Law, Friday Security Highlights, FTC, games, gaming, gaming consoles, Garter, Gartner, Gartner Security and Risk Management Summit, Gavin Struthers, Gaza, George Kurtz, geotag, gift cards and iPad promotions online, gift online shopping, gift scams, Global Cybersecurity, Global Payments, Global Risk 2012 report, Global SecurityAlliance Partner Summit, global threat intelligence, gmail, gold software support, good parenting, google, google code, Google Play, government, GPS, gratis, GSM, GTI, hacker, Hackers, hackers steal credit card numbers and sensitive personal data, hacking, Hacking Exposed, Hacktivism, Hacktivity, harassment, HB1140, Healthcare, heidi klum, Here you have worm, Heuristics, Hi5, HIPAA, Hispanic, hoax, hoax - slayer, holiday gifts, holiday malware, Holidays, holiday scams, holiday screensavers, holiday shopping, holiday shopping fraud, holiday websites, home network issues, host intrusion prevention, Host IPS, household devices, how to set up wi fi, how to talk to kids, how to talk to teens, HV, Hybrid Vehicle, ICS, IDC, identify potential cyber-threats, identify spam, identity exposure, identity fraud, identity fraud scams, identity protection, identity protection $1 million guarantee, identity protection alerts, identity protection fraud, identity protection surveillance, identity surveillance, identity theft, identity theft celebrities, identity theft expert, identity theft fraud, identity theft protection, identity theft protection identity protection fraud, identity theft protection product, identity theft resolution, identity theft ring, identity theft risk, identity theft scams, identity theft tax scams, Identity thieves and cybercriminals, identity threat protection, IDF 2011, ID theft, iframe, IIM Bengaluru suicide case, illegal immigrants, impersonation, in.cgi, Incident Response, Incumbency Advantage Program, India, India cybermum, Indian kids, Indonesia, industrial control systems, infected mobile apps, information collected by advertisers or social media marketing, Information leak, Information Protection, Information Security, Information Warfare, Infrastructure, Initiative to Fight Cybercrime, innovation, insiders, Insider Threats, integration, Integrity, Integrity Control, intel, intellectual property, internet addiction, internet connected devices, Internet Explorer, Internet filtering, internet identity trading surveillance, Internet monitoring, Internet Phishing Scams, internet privacy, Internet Safety, internet security, internet security tips, internet time limits, Interop, in the cloud, IntruShield, intrusion prevention, In vehicle Infotainment, investment scams, iOS, IP, iPad, iPad scams, iphone, IPS, IPv6, IRCBOT for android, IRS, IRS scams, I Series, IT, IT as a Service, itouch, IT Security, IT Security market, Japan, japan earthquake malware, japan earthquake safe donation, japan earthquake scams, japan tsunami scams, java, JavaScript, job applications, Joe Sexton, John Bernard Campbell, julian Assange, kama sutra koobface, Katrina Kaif, keep family PC safe, Kernel 0day vulnerability, keycatchers, keyloggers, kids, kids online behavior, kids online safety, kids safety, king county, koobface, kurtz, labs, laptops, Larry Ponemon, LART, Late Payment Scam, law, law enforcement, LCEN, legal, legal identifier, legal risk, linkedin, Linux, Linux/Exploit:Looter Analysis, Linux and Windows, live-tweeting, live access to fraud resolution agents, lizamoon, Lloyds, Location services, Lockheed Martin, logging out of accounts, login details, LOIC, Looter Analysis, Lori Drew, loss of gadgets, lost, lost or stolen driver’s license credit cards debit card store cards, lost or stolen Social Security card or Social Security number, lost or stolen wallet, lost wallet protection, lottery, luckysploit, LulzSec, M&A, mac, mac/OSX, Mac antivirus, mac malware, Mac OSX, Mac OS X, Mac security, mac threat, mailbox raiding, Mail fraud, mail order bride spam, Malicious Android Application, malicious apps, malicious files, malicious program, Malicious QR Code, malicious sites, malicious software, malware, Malware Experience, malware forums, Malware research, malware threats, malweb, managed security services, Management, managing personal affairs online, map, mapping the mal web, maps, Marc Olesen, Mariposa, mass mailing worm, mass sql injection, mastercard, Maturity Model, mcaf.ee, McAfee, Mcafee's Who Broke the Internet, McAfee-Synovate study, mcafee all access, McAfee AntiSpyware, McAfee Antivirus Plus, McAfee Application Control, McAfee Channel, McAfee Channel Partner, McAfee Cloud Security Platform, McAfee Consumer Threat Alert, McAfee Data Loss Prevention, Mcafee DLP, McAfee Email Gateway 7.0, McAfee Employees, McAfee Enterprise Mobility Management, McAfee ePO, McAfee ePolicy Orchestrator, McAfee Facebook page, McAfee Family Protection, McAfee Family Protection for Android, McAfee Firewall Enterprise, McAfee FOCUS, McAfee FOCUS 2011, McAfee Identity Protection, mcafee identity theft protection, McAfee Initiative to Fight Cybercrime, McAfee Internet Security, McAfee Internet Security for Mac, mcafee internet security for mac; mcafee family protection for mac, McAfee Labs, McAfee Labs Q3 Threat Report, mcafee mobile, McAfee MobileSecurity, McAfee Mobile Security, McAfee MOVE AV, McAfee Network Security Platform, McAfee Network Threat Response, McAfee NSP, McAfee Partner, McAfee Partner Learning Center, McAfee Partner of the Year Award, McAfee Partner Program, McAfee Partner Summit, McAfee Policy Auditor, McAfee Q4 2011 Threat report, McAfee research, McAfee Rewards, McAfee Risk Advisor, McAfee Safe Eyes, McAfee Safe Eyes Mobile, McAfee Scan and Repair, McAfeeSECURE, McAfee SECURE, mcafee secure shopping, McAfee Security Journal, McAfee Security Management, McAfee security products, McAfee security software offer, McAfee Security Webinars, McAfee SiteAdvisor, McAfee Site advisor, mcafee spamcapella, McAfee TechMaster services, McAfee Threat Predictions, mcafee threat report, mcafee total protection, McAfee Vulnerability Manager, McAfee Vulnerability Manager for Databases, mcafee wavesecure, McAfee® Internet Security Suite, McCain, medical identify theft, Medical identity theft, medical records, michael jackson, Microsoft, Microsoft Security Bulletin, Mid-Market, Middle East, Mike Decesare, Mike Fey, MMORPG, Mobile, mobile antivirus, mobile app, mobile applications, mobile apps, mobile banking, mobile carriers, Mobile Commerce, mobile data communications, Mobile Data Protection, mobile data protocols, mobile device, mobile devices, mobile devices and security threats, mobile devices issues, mobile identity security, mobile malware, mobile phones, mobile phone spyware, mobile protection, mobile safety tips, mobile scam, mobile security, mobile security app, mobile security software, mobile smartphone security, mobile spam, mobiles security, mobile threats, mobile wireless internet security concerns, Moira, Moira Cronin, mom, money laundering, monitor a child’s identity, monitor credit and personal information, monitoring, Morphing, most dangerous celebrities, Mother's day, mothering, mothering advice, mothering boys, mothering Internet safety, Mother’s day spam, movies, MS12-020, M Series, msn spaces, multiple devices, multiple social security numbers, mum, Mummy blogger, myspace, MySQL, mystery shoppers, NACACS, national cybersecurity awareness month, National Cyber Security Awareness Week, national identification card, NCSA, ndr, near field communication, Netbook, netiquette, Network Evasions, Network Perimeter Security, Network Security, Network Security; Email & Web Security; Security-as-a-Service, network security server security, New teen survey, new year resolution, New York Times, next-gen IPS, Next Generation, next generation data center, Next Generation IPS, NFC, NickiSpy, Nigerian 419 Scam, nigerian scam, Night Dragon, NIST, Nitol, Nitro Security, NitroSecurity, NitroView, north america, North Korea, NotCompatible, Oak Ridge National Laboratory, obama, Occupy Wall Street, OCTO, OLE, olympics, Olympic scams, OMB, online, Online Backup, online banking, online banking safely, online book shopping, online bookstore, online child safety, online coupon scams, online credit fraud, online danger, online dangers, online dating, online e-tailers, online ethics, online fraud, online game, online games, online game spam, online gaming, online gangs, online harassment, online marketing sites, online personal data protection, online predators, online safety, online safety for kids, online safety of kids, online safety tips, online scams, online search, online security, online security education, online shopping, online shopping risks, online shopping scams, online shopping threats, online surfing, online survey scam, online threat, online threats, onlinethreats, online video, Open Source, operational risk, Operation Aurora, Operation Shady RAT, Optimized, Orange, organized crime, organized criminals, OS/X, oscars, outages, outlook, OWASP, P2P, PARC, parental advice, Parental control, parental controls, Partner Acceleration Resource Center, Partner Care, partners, Partner Summit, passport, password, password complexity check, passwords, password security, password stealer, Pastebin, patch, Patch Tuesday, Patmos, Paul Otellini, pay-per-install malware, Payload, payment, paypal, PC, PC Addiction, PCI, PCI Compliance, PCI DSS, PCs, pc security, PDF, pedro bueno, peer to peer, Peer to Peer file sharing, Pemberton, perception, personal identity fraud, personal identity theft, personal identity theft fraud, personal information, personal information loss, personal information over mobile phones, personal information protection, Personal information security, personal privacy, personal protection, peter king, Phantom websites, phishing, phishing kits, phishing scams, phishing shareware, pickpockets, pic sharing, piers morgan, PII, Pin scams, pinterest scam, piracy, Playstation, policies, Ponemon Institute, Ponzi scam, pop ups, pornography, Postcode Lottery, posting inappropriate content, posting videos online, PostScript, potential employers, Potentially unwanted program, power grid, power loss, Pre-detection, Pre-Installed Malware, predictions, Premium SMS Trojan, president obama, Printers, privacy, Privacy Awareness Week, privacy setting, privacy settings, proactive identity protection, proactive identity surveillance, Products, promotion, Protect all devices, protect devices, protect digital assets, protection, protect teens, provide live access to fraud resolution agents, Public-Private partnerships, public policy, Public Sector, puget sound, Pune Police, pup, PWN2OWN, pws, qr code, QR codes, quarterly threat report, Ramnit, RAT, rdp, Rebecca Black, Records phone conversations, reference architecture, regulation, regulations, Renee James, reporting, reputational risk, Rep Weiner, research, resolutions, responsible mail, restore credit and personal identity, retail, RFID, ring tones, risk, Risk Advisor, risk and, Risk and Compliance, Risk Management, risk of personal information loss, risks of online shopping, risky, Riverbed, Robert Siciliano, roberts siciliano, rogue anti-virus software, rogue applications, Rogue Certificates, ROI, romance scams, Rookits, Rooting Exploit, rootkit, RootkitRemover, Rootkits, RSA, RSA 2010, RSA 2012, RTF, Russia, s, SaaS, SaaS Monthly Specialization, SaaS security solutions, safe, safe email tips, safe online shopping, safe password tips, Safe search, safe searching, Safe surf, safe surfing, safe transactions, SAIC, Saudi Arabia, Saviynt Access Manager, SCADA, scam, scammers, scams, SCAP, scareware, SchmooCon, schools, screensavers, sear, search, Search engine optimization, Search engine poisoning, SEC Guidance, SecTor, secure cloud computing, Secure Computing, secure container, secure devices, secure new devices, secure smartphone, secure wi fi, security, Security-as-a-Service, Security 101, Security and Defense Agenda, security attacks, security awareness, security breach, security breaches, security conferences, Security Connected, Security Connected Reference Architecture, Security Influence, security information and event management, security landscape, security management, security metrics, security optimization, security policy, Security Seals, security software, security threats, self-defence, sensitive data, sensitive documents, Sentrigo acquisition, seo abuse, settings, sexting, Shady RAT, SharePoint, shopping scams, shortened URLs, short url, SIA Partners, SIEM, simple safety tips, SiteAdvisor, site advisor, Situational Awareness, SlowLoris, Small Business, Smart Grid, smartphone, smartphones, smartphone safety, smartphone security, smart phone threats, SMB, SMB Advisor Tool, SMB Extravaganza, SMB Specialization, smishing, sms, SMS Lingo, sniffing tools, social business, social engineering, social media, social media online scams, social media passwords, social media threats, social network, social networking, social networking best practices, social networking scams, social networking sites, social networking sites security, social networks, social responsibility, Social Security, Social Security Card, social security number, Social Security number fraud, social security number theft, Social Security number thefts, software, Software-as-a-Service, solid state drive, Sony, South Korea, spam, spam mail, Spams, spear, Spearphishing, Spellstar, SpyEye, Spyware, sql attacks, SQL Injection, SSN fraud, st. patricks day, State of Security, stay safe from phishing, Stealth, stealth attack, stealth crimeware, stealth detection, Steve Jobs, Stinger, stolen cards, stolen mail, stolen medical card, stolen passwords, stolen Social Security number thefts, Stop.Think.Connect, storage, student loan applications, Stuxnet, subscription, substation, Suites, summer activities, Summer holidays, summer vacation, Support, support services, surfing, suspicious messages, swine flu, Symbian, T-Mobile, Tablet, tablets, tablet security, targeted attacks, taxes, tax filing tips, taxpayer warning, Tax Preparer Scams, tax returns, tax scams, tax season reminder, TCO, teacher abuse over the internet, Tech Data, tech gifts, technical support, technology development, technology trends, teen hate video, teens, teens online dating, teens online safety, teens posting video, Telecommunications, Testing, text message, text messaging, The VARGuy, threat, threat reduction, Threats, threats on women's day, thurber, Tips, tips and tricks, tips to mobile security, TJX, Todd Gebhart, toolkit scam, tools, Total Protrection 2012, TPM, traffic manager, travel related online scams, travel risk, travel security, trending topics, trojan, trojan banker, trojans, Trust and Safety, Trusted Computing Module, trustedsource, trusted websites and web merchants, Trustmark Security, tweens, tweet, Tweets, twitter, Twitter celebrities, Twitter online security, twitter spam; phishing; twitter scam, type in website address incorrectly, types of phishing, typing in incorrect URLs, typos, typosquatting, U.S. Cyber Challenge Camps, UAE, Ultrabook, unauthorized credit card transactions, Underground Economies, unique password, United Arab Emirates, unlimited technical support, unprotected PCs, unsecured unprotected wireless, unsecured unprotected wireless security risks, unsecured wireless, Unsecure websites, unsubscribe, UPS scam, UPS scams, urchin.js, URL hijacking, URL shortening services, USB drives, use of cookies advertising personal security, use of Social Security number (SSN) as national ID, US ESTA Fee Scam, US passport, US Visa Waiver Program scam, valentine scams, valentines day scams; romance scams; email spam, valentines day scams; romance scams; valentine threats, Vanity Fair, vbs, Vericept DLP, verify website's legitimacy, ViaForensics, video game, vinoo thomas, violent video games, Virtualization, VIrtual Machines, Virtual Sales Kickoff 2012, virus, Viruses, Virus protection, VirusScan Enterprise with ePO 8.8, visa, vista, VMworld 2011, Vontu DLP, vPro, vulnerability, vulnerability management, Vulnerability Manager, vulnerability manager for databases, waledac, WAN, water facility, water pumps hacked, water treatment facilities hacked, wave secure, web, Web 2.0, Webinar, web mobs, web protection, web searches, web security, Websense DSS, Web services, web sites, web threats, welfare fraud, wells fargo, what to do when your wallet is lost missing or stolen, white hat hackers, Whitelisting, Wi-Fi WEP WAP protection breach, wifi, Wii, wikileaks, windows, Windows 7, Windows Mobile, Wind River, work with victim restore identity, World Cup, world of warcraft, worm, Worms, wrong transaction scam emails, www.counteridentitytheft.com, Xbox, Xerox, xirtem, xmas, xss, youth, youtube, you tube videos, Zbot, Zero-Day, ZeroAccess, zeus, zombie, zombie computers, zombies, • Facebook etiquette, • Most dangerous celebrity, • Parental control
McAfee Labs :

What a "Tangled" Web…

Sunday, August 12, 2007 at 9:14pm by Archive
Archive

We’ve been receiving inquiries about a recent anti-virus comparative test that was performed at LinuxWorld by a start-up network gateway vendor named Untangle. Their goal was to prove that open-source anti-virus solutions (in this case ClamAV) were just as effective, if not better than commercial anti-virus products. It seems that they were highly motivated to prove this because evidently they use ClamAV in their gateway product (more on this conflict of interest later).

As with any comparative test involving McAfee, we analyzed the results and testing methodology used. Here is a basic breakdown of the testing that was performed by this vendor (their presentation can be found here):

  • 10 anti-virus vendors were tested (ClamAV, FProt, Fortinet, Global Hauri, Kaspersky, McAfee, SonicWall, Sophos, Symantec, Watchgaurd)
  • 35 samples were used (6 EICAR samples, 12 from Untangle, and 17 user-submitted samples)
  • It appears they performed an on-demand scan of the sample set.

Before delving into the many problematic facets of this test, if you would like a quick primer on comparative tests, please read “Comparing the Comparatives”. We recently discussed “(Mis)interpreting Reviews” here. For an introduction into false statistical interpretation go here.

Now let’s take a look at the flaws in the methodology used in this test:

  1. Blatantly False Results - We ran our own scan on the exact same files and our results showed we detected everything that was not a password-protected zip or 0-byte file. How many other AV vendors’ results were wrong? I’m sure I’ll soon find out from my counterparts.
  2. Small Sample Size – One of the first rules of Statistical Method is using a large enough sample size for your test in order to accurately represent the entire population. In this case, they used only 35 samples of the hundreds of thousands malware samples in the wild today.
  3. Biased Samples - The fact that 12 of the 35 samples came from the CTO of Untangle’s mailbox negates the fact that they used a random sampling that accurately represents the true population of malware samples.
  4. Comparing the Wrong Products – The test compares 5 Linux, 2 Windows, and 3 Gateway products. This is like comparing apples with oranges with kumquats.
  5. Misconfigurations of Vendor’s Products – The CTO admits in his blog that “In fact, one audience participant significantly improved one vendor’s performance, Sophos, by pointing out that I needed to add a command-line option. Others pointed out mistakes I made recording results.” What other misuses occurred during this test?
  6. Conflict of Interest – One of the first rules of comparative tests is that it needs to be performed by an arbitrary third party with no vested interests in the outcome of the results. The fact that this test was performed by Untangle who develops, markets, and sells an anti-virus solution with their gateway product is a blatant example of a conflict of interest.
  7. Improper Handling & Distribution of Viruses – By offering a link to these live viruses on their company’s public website, they are in violation of the Computer Fraud & Abuse Act which prohibits the distribution of computer viruses because it is endangering public safety. There is a reason why only trained security professionals should handle computer viruses. I have already contacted them to remove the links. Note: If the link is not removed, SiteAdvisor’s webcrawlers will automatically identify the company’s site as red due to the malicious link.

Needless to say, the methodology used in this test was riddled with flaws. So if anyone thinks this test proves anything, we have $14 million in a Nigerian bank account waiting to be transferred to a US account. ;-)

* Rather than adding to the confusion of proper anti-virus comparative testing, those in the industry are working towards a better solution. McAfee Avert Labs recently participated in an Anti-Virus Testing Workshop in order to define more robust testing methodologies.

Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

CAPTCHA Image

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (12)

  • jeffs January 14, 2008 2:59PM

    I think it’s amazing that McAfee took all this time to say “we still don’t know”. Don’t they have the resources to simply pick any number of samples and do their own test? Surely they have done that already. And surely they would have mentioned it here… but only if it showed that ClamAV was *not* more effective !

    Reply
  • Ffoeg December 19, 2007 9:28PM

    I’ve been using AVG free edition and Spybot S & D for a few years and haven’t ever detected a single virus with either of them because I DON’T DOWNLOAD AND RUN THEM TO BEGIN WITH!!! Who cares what AV you use or which one works 2% better. If you pay for one it will cost more. If you download every stupid thing your friends send you and open every file you can find your computer is going to get hosed regardless!

    Reply
  • agus budianto November 14, 2007 9:50PM

    hi, i am using mcafee in my office, and it works with all the virus so far, so i have no disappointment with mcafee at all, just for information.

    Reply
  • Beto October 13, 2007 2:58PM

    Well.. I have a conclusion: Kaspersky and NOD32 are the best antivirus.

    McAfee used to be good in the V4.0.3 times… now is bloatware, with low detection rates…

    Reply
  • Dave September 29, 2007 5:32AM

    McAfee’s inability to detect viruses is why I no longer use Mcafee. So much got through that my Windows operating system was corrupted to the point that it was useless. I scanned all my documents with Clamav, backed up any that weren’t infected, formatted the drive, reinstalled Windows, partitioned the drive and installed Linux Fedora. I just don’t let Windows have any internet access. To make sure I unplug the cable when I use it. Since then no problem. Unfortunately there are a couple programs I still need Windows for. Those are Sonic Foundry’s Acid and Windows Video Maker (just for ease of use). I’m sure there are programs out there that do similar things but I have many Acid files that I still need to edit and I haven’t found a Linux video program that allows me to edit the audio track as easily.

    Reply
  • idbeholda September 28, 2007 11:24PM

    There are several problems with the aforementioned logic. I will now systematically pwn all vendors for everyone’s enjoyment.

    Blatantly False Results (lol) – Anyone can run results on an arbitrary archive, and the results will always be different. This is precisely why all test fail under the scrutiny of logic 101. If memory serves me correctly, the idea was to have a *RANDOM* sampling of a few files submitted by the audience as a whole. To an extent, this is a statistically better idea, as it keeps the vendors on their feet to the fact that at some point in time, no two archives or submissions will be identical. Theoretical Practice. When developers understand this, they’ll stop failing so hard.

    As for the password protected or 0-byte files. This can be counteracted in two ways. Skip the 0-byte files to begin with unless the filesystem on that particular install allows (and has enabled) resource forking like the ADS for NTFS on windows NT based systems. Password protection? Not an actual threat because in order for the files to be extracted one has to know the password to begin with. Problem is, no security vendor will decide to add in brute force password cracking on protected archives because of the so-called “ethics” behind it.

    I believe the euphamism you’re looking for is “in order to defeat hackers, you must think and act as one of their own.” This cannot be argued.

    Biased Samples (zLOL)- Look into the idea of honeypotting/honeynetting. These are more accurate representation of a statistical enumerations of a large population than it is of an archive. Remember, no two archives are identical. Lest we forget Mr. Bontchev’s article regarding the pitfalls of “in the wild” lists. That was something even I have said for years and nobody else listened. In any regard to that, any sort of sampling submission is ultimately flawed and biased *TOWARDS* the particular vendor providing the samples.

    Comparing the Wrong Products (facepalm.jpg)- Like everyone is going to have the same operating system installed? TRY AGAIN. Databases should be interpreted/factored to the same degree on any system regardless of what is installed.

    Misconfigurations of Vendor’s Products (lmfao… sophos sure got told, didn’t they?) – This is why vendors need to fully publish the requirements of command-line arguments for their scanners. If you don’t fully disclose any critical information regarding a scanner functions, how can you reasonably expect it to work flawlessy in an arbitrary test?

    Conflict of Interest (????)- The samples were taken from audience members. If you don’t consider each audience member as a statistical third, fourth, fifth, etc party, how can you be expected to pass basic math? At this point, somebody needs to buy a vowel from Pat Sajak.

    Improper Handling & Distribution of Viruses (PROFIT)- You’ve not only managed to misquote the CFAA, but you’ve simultaneously managed to misquote it out of context, and then further compounded the issue by discrediting the entire test by basically quoting the metaphorical fine print after the fact. Secondly, since the samples were provided by audience members, the beginning parameter of the argument invalidates itself by default. Since the “public” was the audience, exactly how does the public endanger itself?

    Further more, if one were to actively search for the link, that would inherently imply that they are security and technologically savvy to begin with, provided they’re not a script kiddie looking for an easy way to “distribute malware”, which again, defeats the purpose altogether, as there are several well known sites (basically the entire internet) that in some way, shape, or form allows public access to said material in the first place. Putting a lock on a glass display case is pointless, as the glass itself can be broken: Learn first before you start touching.

    To misquote the CFAA out of context is completely inexcusable, and shows not only a blatant disregard for logic, but also education, basic reading comprehension, and a complete understanding of fantasy .vs. reality. It also does nothing more than imply that the detractors involved are nothing more than racketeers themselves, and ultimately are no better than the malevolent users they are trying to stop. Some information may be slightly dangerous to the wrong individual, but if everyone knows the same information, the threat will “mysteriously” vanish.

    As a final note, this is not simply directed at one company/vendor, but all of them. I say this, because I can guaruntee at least 5-10 years (maybe more) down the road, I will ultimately be proven right. Do we have any bets on this?

    Reply
  • dp September 23, 2007 8:54PM

    The methods are published – we can decide how valid they are as well as you can. We may not agree with you as you might suspect. You lost in this test – get over it. Go find somebody else’s test that has published methodologies and see how you do, but quitcher bitchin.

    Reply
  • bobo September 22, 2007 6:46AM

    LOL!??!?!?? is there someone who still buys something from McAfee??!?!?!?!?!?!?
    :) haahah

    Reply
  • ooo September 21, 2007 10:51PM

    5 Linux, 2 Windows, and 3 Gateway products.

    Reply
  • g0d0t September 20, 2007 5:03AM

    http://www.clamav.net/ has something to say about that :

    http://www.clamav.org/2007/09/20/different-views-on-av-testing-methodology/

    Quote :
    “While the methodology in this test has been debated, we believe that all tests should be as open to review as the Untangle test was!”

    Indeed it seems funny to criticise a methodology used in a test (even justified) while not pubishing detailed methodology for your own tests.

    Reply
  • Mario Rossi September 6, 2007 3:15AM

    Considering that SiteAdvisor, up to two weeks ago, was detecting clamav.net as yellow that threat sounds pointless

    Reply
  • Mike August 17, 2007 1:26AM

    Yub. Fully agree. I wrote similar things at my personal weblog.
    http://weblog.vircop.org/?p=52

    Reply