邮件订阅
首页 > 新闻

测试发现:杀毒软件查杀未知病毒能力一般

我也说几句2009年08月14日 13:22分         作者:Cnw.com.cn      来源:网界网

摘要:英国权威杀毒软件测试机构Virus Bulletin最先进的“反应式和主动式”(Reactive and Proactive,RAP)测试结果显示,许多Windows Vista的反病毒程序在发现新的和不同寻常的恶意软件方面表现不怎么样。

关键字

杀毒软件
RAP测试


New malware tests find poor detection rates

Many Windows Vista anti-virus programs struggle to detect new and unusual malware, Virus Bulletin's state-of-the-art Reactive and Proactive (RAP) tests have found.

The latest figures report an average detection rate for the period between February 2009, when the tests were first introduced, to the end of July.

The resulting ‘RAP Quadrant' shows that several well-known products fall in to the lower left hand quarter of the graph, including PC Tools' Anti-Virus, Fortinet's Forticlient, and CA's Internet Security Suite, all of which achieved detection levels below 50 percent on both axes when configured in their default mode.

Even the best performers, including those from Kaspersky Lab, BitDefender, Sophos, Check Point and Microsoft, showed mixed performance across some aspects of the RAP test regime.

The February to August quadrant can be viewed on the Virus Bulletin website.

Virus Bulletin is best known for its VB100 Certification, which rates software products against the independent but limited WildList collection of malware samples. The RAP is an attempt to pioneer more demanding tests that measure how products react to new malware sets in each of the three weeks prior to a pre-defined test deadline (the Reactive dimension) and in the week immediately following it (The Proactive).

Generally speaking, the older a sample, the more easily it will be detected due to vendors obtaining their own copy and using it to update a product's signature database. This shows the effectiveness of a vendor's ‘rapid response'. The proactive samples, by contrast, will be far less likely to be have been detected, and therefore this part of the test measures the underlying heuristic capabilities of a product to spot a new or unknown threat without looking it up.

"We saw some particularly poor detection of emerging threats and the products in question have a lot of work to do if they are to provide acceptable protection for their customers," said VB test director John Hawes, who also praised the performance of several other products in the same tests. "All products should be aiming for this position and we hope to see an improvement in RAP scores in the future."

At the moment, the RAP scores had no bearing on the established VB100 Certification and were only indications of performance, he said.

What constitutes a good result is simply a consistently high score relative to other products. The assumption is that no product can possibly detect 100 percent of new threats given their rapid mutation, huge volume, and variety of attack methods, including exploiting flaws in specific software products. As ever, anti-virus is not a barrier against all possible attacks but a percentages game.

 

 

测试发现杀毒软件查杀未知病毒能力一般

【CNW.com.cn 资讯】英国权威杀毒软件测试机构Virus Bulletin最先进的“反应式和主动式”(Reactive and Proactive,RAP)测试结果显示,许多Windows Vista的反病毒程序在发现新的和不同寻常的恶意软件方面表现不怎么样。 

最新数据报告的是2009年2月(该实验首次推出时间)到7月底这段时间的平均检测率。 

RAP 测试结果表明,一些知名的杀毒软件的杀毒能力下降到较低水平,包括PC Tools 公司的Anti-Virus、Fortinet公司的FortiClient和CA公司的互联网安全套件(Internet Security Suite),上述软件都是在其默认设置下测试的。 

即使是那些表现最好的(包括卡巴斯基实验室、BitDefender、Sophos、Check Point和微软),在混合性能方面表现也一般。 

2月至8月的RAP测试结果可于Virus Bulletin网站上查阅到。 

Virus Bulletin的VB100认证非常有名,它以独立但有限的WildList病毒库为来源检测杀毒软件的病毒防护能力。RAP测试是一种更加严格的测试,测量杀毒软件在预先设定的测试期限之前如何对新的威胁作出反应(反应式层面),以及在一周后如何跟踪它(主动性层面)。 

一般来说,病毒样本越老,就越容易被检测出来,这是由于杀毒软件厂商拿到病毒副本后用来更新了其产品的病毒库,这显示的是厂商的快速反应能力。相比之下,新病毒样本的检测率就低得多,因此这一部分的测试能衡量杀毒软件检测新型和未知病毒的基本查杀能力。 

“我们发现一些产品对新病毒的检测率特别低,这些有问题的产品有很多工作要做——如果他们想要对其客户提供还算过得去的服务的话,”VB的测试主管John Hawes说道,“所有的产品应瞄准这一目标(+本站微信networkworldweixin),我们希望在未来看到RAP分数有所提高。”不过,Hawes也赞扬了某几种产品的性能。

他表示,目前,RAP分数对既定的VB100认证没有影响,只是反映杀毒软件性能。 

说某杀毒软件效果好只是说该软件相对其它产品得分高,这么说是因为任何产品都不可能百分之百的检测出新的病毒,因为病毒具有快速突变、数量庞大的特点,而且有各种不同的攻击方法,包括利用软件产品自身的漏洞。从本质上讲,反病毒程序不是一个能防止一切可能攻击的完美屏障,只是一个百分比游戏而已。

 

 

 

我也说几句责任编辑:文山   联系邮箱:wen_shan@cnw.com.cn
更多更多深度报道
更多相关专题
CES 2013 国际消费电子产品展
作为全世界规模最大的消费电子产品展,CES已经走过了46个年头。 网界网在关注大会新闻之外,为您传递更多来自业界的观点。
变化·趋势 网界网2012年终特辑
回顾2012网络世界,感受网络的震撼力量。观察变化中的网络,将飞快流转的IT时代里需要铭记的一切定格。
我也说几句
  • 本周TOP10
  • 本月TOP10
最新发布
更多重磅专题
深信服推出一站式桌面云解...
深信服推出一站式桌面云解决方案
Fortinet全方位安全产品与...
Fortinet公司是全球领先的网络安全设备供应商和统一威胁管理(UTM)市场领...
RSA安全大会2013全程直击
RSA大会是信息安全界最有影响力的业界盛会。21年来,RSA大会一直吸引着世界...