VB100 test results (53 today!)

December’s Virus Bulletin includes a comparative test for a number of products on the Windows Vista x64 platform, giving us our 53rd VB100 award. To get a VB100, a product needs to detect all "In the Wild" viruses on-demand and on-access, with no false positives. Note that "In the Wild" here refers to replicative malware listed on the current WildList: obviously, it would be unrealistic to expect anyone to manage 100% of all malware (replicative and non-replicative) that is currently out somewhere in the wild and woolly internet, even if it were possible to utilize it as a test set. Unless, of course, for whitelisting, which apparently not only catches all past, present and future threats, but also leaps buildings at a single bound and is about to cure the economic recession, world hunger, and the common cold. ;-)

Let’s be serious about this for a moment. The present VB100 test is by no means valueless (we like it a lot, but I suppose we would, having scored more VB100s than anyone else…), but it’s limited in scope by using WildCore, the sample set based on the WildList, to viruses, which are a pretty small part of the current malware population. What’s more, it tends to lag behind the curve by a month or more,  Why are so many detection certifications still based on it? Well, this is a complex issue, but I think John Hawes put it pretty well in the test report: "The purpose of the scheme is to provide certification of products proven to be legitimate, and to provide a basic level of protection." While a larger, more current, more diverse sample set would map more closely to the whole malware population, it would also introduce a far wider margin for error. In some ways, and with all its faults, ItW (In the Wild) testing is the nearest thing to a level playing field. I think I feel a paper coming on… Incidentally, we recently added a VB reprint to our white papers page here, covering our VB100s from June to October 2008.

Meanwhile, I’m feeling a bit chuffed that Virus Bulletin’s December newsletter included a link to their book resources page, since it turns out to include one book I edited, one to which I contributed, and three of my book reviews (which are also available on our white papers page. :-)

David Harley CISSP FBCS CITP
Director of Malware Intelligence

Author David Harley, ESET

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.