Secunia has posted a rave review of Symantec, saying that the big yellow marketing machine “beats the competition” at detecting exploits. How good is Symantec?

Symantec detected a mere 64 out of 300 exploits, or less than one-fourth, leaving 236 exploits undetected!

Wow, that’s great. Let’s beat the drum for the leader in a space that’s quickly becoming an example of what not to become. Here are the contestants in Secunia’s review:

• McAfee Internet Security Suite 2009
• Norton Internet Security 2009
• Windows Live OneCare
• ZoneAlarm Security Suite 8
• AVG Internet Security 8.0
• CA Internet Security Suite 2008
• F-secure Internet Security 2009
• TrendMicro Internet Security 2008
• BitDefender Internet Security Suite 2009
• Panda Internet Security 2009
• Kaspersky Internet Security 2009
• Norman Security Suite 7.10

Open-source and related solutions were conspicuously ignored.

The complete results are available in a PDF, and show that ten of the eleven products were below a 4% (yes, four percent) detection rate for “important test cases”. In other words, they did not find exploits lurking in html, xls, ppt, and other “productivity” files.

Careful when you click that PDF link. ;)

The bottom line here is don’t believe the hype of AntiVirus marketing. You will not be safe after you install the software. Many more controls and settings are required, and large organizations still need professional staff to measure and reduce risk to a reasonable level. Thanks Microsoft.

In the meantime, if you want to do an AntiVirus software comparison, I recommend using VirusTotal. They have a more comprehensive list of participants:

# AhnLab (V3)
# Aladdin (eSafe)
# ALWIL (Avast! Antivirus)
# Authentium (Command Antivirus)
# AVG Technologies (AVG)
# Avira (AntiVir)
# Bit9 (FileAdvisor)
# Cat Computer Services (Quick Heal)
# ClamAV (ClamAV)
# CA Inc. (Vet)
# Doctor Web, Ltd. (DrWeb)
# Eset Software (ESET NOD32)
# ewido networks (ewido anti-malware)
# Fortinet (Fortinet)
# FRISK Software (F-Prot)
# F-Secure (F-Secure)
# G DATA Software (GData)
# Hacksoft (The Hacker)
# Hauri (ViRobot)
# Ikarus Software (Ikarus)
# K7 Computing (K7AntiVirus)
# Kaspersky Lab (AVP)
# McAfee (VirusScan)
# Microsoft (Malware Protection)
# Norman (Norman Antivirus)
# Panda Security (Panda Platinum)
# PC Tools (PCTools)
# Prevx (Prevx1)
# Rising Antivirus (Rising)
# Secure Computing (SecureWeb)
# BitDefender GmbH. (BitDefender)
# Sophos (SAV)
# Sunbelt Software (Antivirus)
# Symantec (Norton Antivirus)
# VirusBlokAda (VBA32)
# Trend Micro (TrendMicro)
# VirusBuster (VirusBuster)

Intuview is an interesting new company that claims it can detect risk within language:

IntuScan is a decision-support expert system for real-time exploitation of documents in Arabic and other languages. Instantly assesses any Arabic-language document, determines whether it contains content of a terrorist nature or of intelligence value, provides a first-tier Intelligence Analysis Report of the main requirement-relevant elements in the document.

I curious how the software will distinguish intent. For example, in writing about the software I am using words that could potentially trip a sensor. Will there still need to be manual review? It seems that Apparently Arabic-language analysts are in high enough demand that software is being proposed as an alternative. The British are famous for using the School of Oriental and African Studies (SOAS) as a training ground for non-Western intelligence agents. The result of SOAS is a rich resource of international education. What will be the civilian benefits of IntuScan? More harmonious marriages from software at home — risk analysis and first-tier reports for male-female communicators?