e-Threats Automated Malware Testing

Review by Enex TestLab

Introduction

 

 

Every month we will be publishing the results of our Enex TestLab eThreatz comparative real world test of eight anti-malware products marketed for the SME sector of business.

eThreatz six-month round-up: Malware innovation outpacing security defences, eThreatz testing shows

The products under eThreatz test will be:

  • Symantec Endpoint Protection for Small Business
  • Sophos Anti Virus
  • Kaspersky Small Office Security
  • Microsoft Security Essentials
  • Trend Micro Worry Free Business Security Standard Edition
  • ESET NOD 32 Antivirus
  • Panda Security for Business
  • McAfee Endpoint Protection Suite

 


 

2014

2013

2012

2011

December 

December 

December 

December 

November

November

November

November

October

October

October

October

September

September

September

September

August

August

August

August

July 

July 

July 

 

June

June

June

 

May

May

May

 

April

April

April

 

March

March

March

 

February

February

February

 

January

January

January

 

We will compare the anti malware products under real world conditions using live malware captured from our own honey pots immediately before the testing is carried out. Proven live threats using active attack vectors and benign internet based files will be sought, subsequently analysed, and reported on as percentages in the context of false positives, false negatives, true positives, and true negatives. All testing will be performed via the HyperText Transfer Protocol (HTTP). Enex TestLab will not manufacture or manipulate any malware samples. While an assessment of the security to performance impact ratio of each product under test is possible by Enex TestLab eThreatz, it will not be carried out as part of this standard testing process. A simplified generic example of the test architecture is shown in Figure 1.

Figure 1: Generic test architecture.

The architecture shown in Figure 1 will include a 'control' channel in addition to product offerings 1, 2, and 3. BASE (Behaviour Analysis System Environment) is used to execute and categorise files based on malicious or benign actions. DNA (Direct Network Automation) ensures that all product offerings under test make near simultaneous HTTP connections to each live website in the test set. The architecture ensures that malware and benign threats are captured, analysed, and compared to provide intelligence on which security component (shown in red text) blocks or allows specific files, and at what point in the security chain, depending on the parameters and purpose of the individual test.

The results will be published every month in summary form, freely available to all readers. In addition, a detailed Enex TestLab eThreatz report will be produced and be available by subscription from Enex TestLab.

For more information on Enex TestLab eThreatz anti-malware testing see http://www.enextestlab.com/web/guest/ethreatz

Tags anti-virussophossymantecmcafeepanda securitykasperskyesetMicrosoft securityTrendmicro

Show Comments