RSS Feeds

Thursday, February 4, 2010

Antivirus, Anti-Malware, and Firewall Info

I see alot of people asking whats the best firewall for my system. Truth is there is no best. It all depends on your system and your needs.

Some people know about these sites some do not. Ive compiled a list of some of the best, unbiased research in the way of antivirus and antimalware software.

Matousec
This site tests firewalls. It does alot more than just your regular TCP and UDP connections. It also tests a firewall in its HIPs protection.

They have since renamed their research to the Proactive Security Challenge. Here is a link to the results:

http://www.matousec.com/projects/proactive-security-challenge/results.php

This is the set of tools that they use for testing. If your security setup isnt on the test feel free to get a rating yourself.

http://www.matousec.com/projects/security-software-testing-suite/

Virus Bulletin
This site basically tests antivirus softwares and either gives them a VB100 award or fails the software. It compiles recent results so you can see the timeline of a software based on if it passed or not. To see the results of the latest AV comparatives you need to register for a free account. This site also malware and other security related articles as well.

http://www.virusbtn.com/index

ICSA Labs
This site basically runs some tests and certifies or denies security programs. It rates antispam, antispyware, IPSEC, antivirus, and various other networking softwares. All it really tells you is if a software has become certified, the operating system used for certification, and what level of certification it received.

Unfortunately nothing comes close to the AV Comparatives site in the way of Anti-Malware program testings and this is as close as it gets.

http://www.icsalabs.com/

AV Comparatives
This is probably the most significant resource here. While we all are worried to some extent about what the firewall lets in and out, we are all more concerned about our AVs detection rate and weather or not its deleting something that we need.

On this site you will find independent comparatives of Anti-Virus software. All products listed in our comparatives are already a selection of some very good anti-virus products.

Basically this site takes a huge collection of malware, keyloggers, trojans, and rootkits and tests each of the AV softwares in detection rates and the amount of false positives they identify. They also do performance testing on AVs to figure out scan speed and various other things.

http://www.av-comparatives.org/


Dennis Technology Labs

This test aims to compare the effectiveness of the most recent releases of popular anti-virus software. The list of products includes a selection of commercial and free programs (see below). A total of 10 products were exposed to genuine internet threats that real customers could have encountered during the test period. Crucially, this exposure was carried out in a realistic way, reflecting a customer’s experience as closely as possible. For example, each test system visited genuinely infected websites and downloaded files exactly as an average user would.

The results of this test must be downloaded and read with a .pdf viewer.

http://community.norton.com/norton/attachments/norton/ModBoard/58/1/PC-Virus-Protection-2010-DTL-Report-consumer.pdf

Jotti

Jotti's malware scan is a free online service that enables you to scan suspicious files with several anti-virus programs. Scanners used are Linux versions; detection differences with Windows versions of the same scanners may occur due to implementation differences. There is a 15MB limit per file. Keep in mind that no security solution offers 100% protection, not even when it uses several anti-virus engines (for example, this scan service).

Basically if your suspicious of a small file, you can upload here and get multiple results from a bunch of different scanners. The issue that I have found with these types of net services are they may be out of date. They dont state what definition they are using to scan with.

http://virusscan.jotti.org/en

VirusTotal

VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.

Specs:

* Free, independent service
* Use of multiple antivirus engines
* Real-time automatic updates of virus signatures
* Detailed results from each antivirus engine
* Real time global statistics
Basically the same thing as Jotti, but probably a bit more popular.

With Virustotal and as with Jotti, just because multiple scans and databases have determined that a file is clean doesnt mean that its harmless. Its very possible that its a 0-day malware and hasnt been detected yet.

I hope this helps when you are looking for a new firewall or AV to use.