SOURCE: NSS Labs

NSS Labs

October 24, 2012 10:00 ET

NSS Labs Tests Reveal That Most End Point Protection Solutions Leave Consumers at High Risk of Malware Exploits

Only 2 of 13 Vendors Blocked More Than 80% of Exploits in Recent NSS Labs Tests

AUSTIN, TX--(Marketwire - Oct 24, 2012) - NSS Labs today released the first Comparative Analysis Report™ from its 2012 Group Test for Consumer End Point Protection (EPP), which evaluated 13 leading EPP solutions. In tests targeting vulnerabilities that have been publicly available for months (some for years), NSS Labs found that with a few notable exceptions, most endpoint products are not providing adequate protection against exploits -- such as attacks against devices' operating systems and those launched through Web browsers -- even when these security products are kept up-to-date.

View the NSS Labs 2012 Consumer End Point Protection Comparative Analysis Report - Exploits.

Based on Market Share, 65-75% of the World is Poorly Protected
The top two performers in the test, Kaspersky and Avast, account for less than 25% of the global end point security software market, leaving over 75% of the market severely under-protected and in some cases, virtually unprotected from potentially severe attacks hijacking consumers' computers, stealing confidential information or performing other malicious activities. Test results yielded several key conclusions:

  • Protection levels vary widely between vendors: Protection levels ranged from 34% at the lowest end (Total Defense) to 92% at the highest (Kaspersky).
  • Vendors' sampling claims do not equal greater protection: Many EPP vendors claim they are processing over 100k+ malware samples per day; however, most failed to block some of the most widely used and dangerous exploits that have persisted for years.
  • Vendors do better protecting HTTPS than HTTP connections: Almost half of the vendors did a better job blocking exploits targeting machines on HTTPS connections versus HTTP. While this is somewhat reassuring for HTTPS connections some Web sites require, such as those of banks and retailers, most users remain far more vulnerable the majority of time during typical Web surfing via traditional HTTP connections.

Commentary: NSS Labs Research Director Randy Abrams
"With the majority of products blocking less than 75% of exploits in our tests, it's clear that vendors need to allocate more resources to beef up exploit protection if they are going to claim it as a feature," said Randy Abrams, Research Director at NSS Labs. "While exploit protection is just one factor to consider when choosing an EPP product, exploits remain one of cybercriminals' favored means of attack and therefore must be a priority for endpoint security providers. We look forward to our upcoming stack testing which will tell us more about overall performance of EPP solutions and combinations of technologies against evasive threats."

"Consumers rely on these products to protect them against exploits, particularly those that are brand new or targeting vulnerabilities users have yet to patch. A good EPP product narrows the vulnerability window for consumers, who are generally unaware of how many potentially vulnerable applications must be routinely patched beyond just the operating system," Abrams continued. "While no product or patch can guarantee 100% protection, consumers who diligently patch and update their applications have far fewer security problems, even if they use a poor-performing endpoint security product, because these updates close the underlying vulnerabilities that exploits target. However, this does not lower the bar for endpoint security vendors because in reality consumers tend to fall behind in patching -- due to the time and effort diligence requires or uncertainty over how to patch or how patches could alter their software and devices. This is why endpoint security vendors as a whole must step up their game in the current threat environment, if they want to provide real-world protection matching their customers' vulnerabilities and concerns." 

The 13 vendors tested in this report and in the current group tests include:

  • Avast
  • AVG
  • Avira
  • CA
  • ESET
  • F-Secure
  • Kaspersky
  • McAfee
  • Microsoft
  • Norman
  • Norton
  • Panda
  • Trend Micro

Results for each additional test area in 2012 End Point Protection Group Test -- evasions, performance and protection against live malware, drive-by attacks and phishing -- will be available to NSS Labs' subscribers at www.nsslabs.com.

NSS Labs did not receive any compensation in return for vendor participation; All testing and research was conducted free of charge.

About NSS Labs, Inc.
NSS Labs, Inc. is the only completely independent research and analyst organization with world-class in-house testing capabilities. Through our subscription-based security intelligence services, we provide the information enterprises need to be secure. Founded in 1991, the company is located in Austin, Texas. For more information, visit www.nsslabs.com.

© 2012 NSS Labs, Inc. All rights reserved. All brand, product and service names are the trademarks, registered trademarks, or service marks of their respective owners.

Contact Information

  • Contact:
    ReseAnne Sims
    Senior Marketing Manager
    NSS Labs
    Phone: +1 (832) 741-7373
    rsims@nsslabs.com