NSS Labs Finds Most Endpoint Security Products Lack “Vulnerability-Based Protection”

Share Article

“Operation Aurora” Test Case Highlights Importance of Protecting Underlying System Vulnerabilities

NSS Labs, Inc., the leading independent security testing organization, today announced the results of its evaluation of seven popular consumer endpoint security products in protecting the vulnerability exploited in the recent “Operation Aurora” attack conducted against Google and at least 30 other organizations. This test—the first of its kind in the industry—was designed to identify which products truly shielded the underlying Microsoft Windows Internet Explorer vulnerability (CVE-2010-0249) against additional attack variants. Products that defended the vulnerability versus simply stopping a single variant or its malicious payload are considered to have a more effective security model.

In its Austin, Texas facility, NSS Labs created variants of the Operation Aurora attack and tested the anti-malware software to see which of the seven products stopped the exploits and malicious code payloads. Given the level of visibility of the attack and the time that has passed since its initial discovery, it was thought that most, if not all, of the products would cover the vulnerability. However, only one out of seven tested products correctly thwarted multiple exploits and payloads, demonstrating vulnerability-based protection (McAfee).

“Generally, there are multiple ways to successfully exploit a vulnerability,” said Rick Moy, president of NSS Labs. “This test case underscores the need for IT security vendors to provide greater vulnerability-based protection. Rather than reactively blocking individual exploits or malware, vendors should focus on minimizing their customers’ risk of exposure by insulating the vulnerability.

Products tested included:

  • AVG Internet Security, version 9.0.733
  • ESET Smart Security 4, version 4.0.474.0
  • Kaspersky Internet Security 2010, version
  • McAfee Internet Security 2010 with SecurityCenter, version 9.15.160
  • Norton Internet Security 2010, version (Symantec)
  • Sophos Endpoint Protection for Enterprise – Anti-Virus version 9.0.0
  • Trend Micro Internet Security 2010, version 17.50.1366.0000

A full report of the test and its findings is available at http://www.nsslabs.com/anti-malware. Additionally, Vikram Phatak, CTO of NSS Labs will be discussing the test and demonstrating the Operation Aurora exploit on March 13, 2010 at BSidesAustin, to be held at Norris Conference Centers.

About NSS Labs, Inc.
NSS Labs, Inc. is the world’s leading independent, information security research and testing organization. Its expert analyses provide information technology professionals with the unbiased data they need to select the right product for their organizations. Pioneering intrusion detection and prevention system testing with the publication of the first such test criteria in 1999, NSS Labs also evaluates firewall, unified threat management, anti-malware, encryption, web application firewall, and other technologies on a regular basis. The firm’s real-world test methodology is the only one to assess security products against live Internet threats. As such, NSS Labs tests are considered the most aggressive in the industry and its recommendations and certifications highly coveted by vendors. Founded in 1999, the company has offices in Carlsbad, California and Austin, Texas. For more information, visit http://www.nsslabs.com.

© 2010 NSS Labs, Inc. All rights reserved. All brand, product and service names are the trademarks, registered trademarks, or service marks of their respective owners.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Liz Goldberg
Visit website