Many Antivirus Tools Fail in LinuxWorld Test

← Back to Stories (view on slashdot.org)

Many Antivirus Tools Fail in LinuxWorld Test

Posted by CowboyNeal on Thursday August 9, 2007 @12:41PM from the survival-of-the-fittest dept.

talkinsecurity writes "In a public, side-by-side test conducted last night at LinuxWorld, ten antivirus products were confronted with 25 known viruses. The results were surprisingly disparate. Only three of the products caught all of the viruses; three only caught 61 percent, and one caught an abysmal 6 percent. The test, which wasn't particularly complicated, proves that there still are wide differences in the effectiveness of AV tools. A lot of people think all AV tools are the same — they're not!"

7 of 234 comments (clear)

Min score:

Reason:

Sort:

The winners: by RichPowers · 2007-08-09 12:48 · Score: 5, Informative

From TFA:

Kaspersky, Symantec, and Clam AV: 100% caught

FProt and Sophos: 94%

McAfee: 89%

GlobalHauri, Fortinet, and SonicWall: 61%

WatchGuard's Linux AV: 6%

And a graph of the results plus links to some of the test viruses: http://virus.untangle.com/
Re:viruses on linux - a big deal anyway? by adam.dorsey · 2007-08-09 12:57 · Score: 5, Informative

Linux mail directors/servers/etc. often run AV to scan mail for their more vulnerable cousins from Redmond.

--
You are still innocent until proven guilty. What's changed is what they do to innocent people. - notnAP, #26891325
Re:viruses on linux - a big deal anyway? by archen · 2007-08-09 13:34 · Score: 5, Informative

And this is especially good news for those of us utilizing CLAM. You COULD spend a heap of cash adding on tons of crap to an exchange server and hope that it doesn't implode under the weight... or you could have a postfix mail gateway with Clam AV and some simple spam blocking techniques for only the cost of time and hardware. It's also good in a way that not only do you not get viruses IN, but you can keep them from going out as well. You've obviously got issues at that point, but at least you're not spreading the plague. All thanks to open source goodness.
Re:Odd numbers. by Bibz · 2007-08-09 13:50 · Score: 5, Informative

Well examining the Excel sheet here http://virus.untangle.com/, they used 18 test cases, so they got 5.6% for Watchguard

The summary was wrong, it's either 18 test case or 35 test case, depending of the section you're looking at...

--
I didn't found something funny to put here.
Re:math question by Bibz · 2007-08-09 14:21 · Score: 5, Informative

Because the summary isn't right.

They used 18 test cases, Watchguard got only one : 1/18 = 5.55%, rounded = 6%

All from the spreadsheet available at http://virus.untangle.com/

--
I didn't found something funny to put here.
Re:Zombies by imemyself · 2007-08-09 14:33 · Score: 5, Informative

There is something that computer labs and libraries swear by and not at: Faronics' DeepFreeze

Have you ever worked in a tech department that had to support frozen computers? It turns a project that would maybe take fifteen or twenty minutes per lab into something more like and hour long. The school district that I work for used Deep Freeze on most of the desktops at the high school up until about a year or two ago. Taking DF off made it a lot quicker to make minor changes to the computers during the year, and there hasn't been any significant problems. Students and teachers are also happier with it because it prevents stuff that people have saved in My Documents (yes, the kids are told over, and over again to save to their mapped home directories - but occasionally they don't) from being wiped out.

About the same time as that we also took students out of the Admin group (I'm not exactly sure why they were in there in the first place - no apps have had any problems with it), so that mitigated any significant problems as well. We also have McAfee managed AV and 8e6 web filtering, but AFAIK its fairly rare that any viruses or malware are found on the student computers. The laptops that the teachers have(and have admin rights on) are another story. But they would whine if they couldn't add weatherbug and have five different toolbars in IE. Deep Freeze is really just a crappy way of avoiding the problem instead of dealing with it and fixing it. Students/regular non-admin users should not be able to cause damage to the OS. In a well run environment there shouldn't be tons of problems with malware. Yeah, there is going to be an occasional piece of malware that exploits a security vulnerability that could screw up the system. But it is not that hard to lock down boxes properly, with group policy and using the default Windows groups.

--
Every time you post an article on Slashdot, I kill a server. Think of the servers!
Re:The winners: *Direct* Quote by quadra23 · 2007-08-09 15:51 · Score: 5, Informative

One product, WatchGuard's Linux AV tool, caught fewer than 6 percent of the viruses sent to it. "We're not exactly sure what the problem with WatchGuard is," says Morris. "The test was set up the same way for all of the vendors."

This number quoted by the original poster missed the section in bold, it was technically < 6%, which could mean either 0 or 1 virus (funny how everything always works out to binary in some way or another :). My question would be which is it? Either way, my system would be compromised by either 24 or 25 viruses -- neither of which is a good scenario especially in regards to well-known viruses (according to the article no 0-day exploits were accepted).