Antivirus Products Fail Vista Test
Page 1 of 1
Almost a third of major antivirus products failed to perform up to expectations while running on Windows Vista, according to a new study by Virus Bulletin magazine.
The study examined 37 antivirus products and found that 12 failed a suite of tests that included scanning a virus-laden Vista SP2 system for known malware, avoiding false positives, and detecting activity from viruses that originated after the software's previous update.
Passing the test and receiving the magazine's VB100 certification requires detecting all viruses known to be spreading in the wild, while generating zero false positives.
Losers included the enterprise Symantec Endpoint Security product and CA's consumer Internet Security Suite. While its consumer product failed the test, its enterprise product, eTrust ITM, passed.
Other vendors with a failing grade include Agnitum, Filseclab, Finport, K7, Kingsoft, PC Tools, and VirusBuster all failed the testing suite.
Meanwhile, Virus Bulletin singled out several products in the report for praise. The testers cited G DATA for its impressive detection rates, as they did for AVG and Microsoft (NASDAQ: MSFT) Forefront. Kaspersky's product received praised for its interface and for detecting threats from malware that appeared after its virus database had last been updated.
The test faulted F-Secure's enterprise-focused PSB Workstation Security for flawed logging, but the product passed the virus scan test.
Spokespeople from CA did not return requests for comment by press time.
[cob:Pull_Quote]A spokesperson from F-Secure argued that the VB100 test did not simulate normal business conditions. "We've been in touch with Virus Bulletin to learn more about this and have investigated it internally," a spokesperson said in an e-mail to InternetNews.com. "This issue applies when scanning malware collections, which is not something a normal user or enterprise would have reason to do, and it is not something that impacts the effectiveness of the product in an enterprise environment, as the report also showed."
But Virus Bulletin said that F-Secure's logging issue was a problem. "They believe their logging facility is adequate for real-world use -- it's simply not designed to handle the large amounts of data produced in some of our tests," said John Hawes, Virus Bulletin test team director, in an e-mail to InternetNews.com.
"We noticed many products impose limits on logging, which in most but not all cases are configurable, but even if no configuration is available we would expect to at least be informed that limits are in place," he added. "The log viewing process seems unable to cope and produces heavily truncated logs. In a business environment, this would be unacceptable."
Symantec (NASDAQ: SYMC), meanwhile, argued that its long-term record should be recognized.
"In the past ten years, Symantec has earned 44 consecutive VB100 awards, something no other vendor has come close to matching," a Symantec spokesperson said in an e-mail to InternetNews.com.
"In the August edition of Virus Bulletin, Symantec did not receive the VB100 award certification due to missing an extremely rare replicant of a highly polymorphic file infecting virus in the VB lab test," the spokesperson added. "We have received no reports related to this issue from any customers. This has been fixed in our signatures for all customers."
On its site, Virus Bulletin said that failing to receive a passing grade isn't a "declaration that a product cannot provide adequate protection in the real world if administered by a professional."
However, the results do signal that, at the very least, antivirus products' performance on Windows Vista is spotty. In contrast, none of the major vendors failed Virus Bulletin's April 2009 test of antivirus products on Windows XP. Of 41 products tested, 11 failed, but none were major names.
Virus Bulletin ran its tests in late June, just one month after the release of Service Pack 2 for Vista.
The timing may have been designed to challenge security vendors. "The arrival of a new Service Pack promised to bring a new level of unpredictability to the mix, with the added stability it was designed to provide counterbalanced by the likelihood of a whole new range of horrors," John Dawes, Virus Bulletin's test team director, said in the report.
Only 30 percent of desktops run Vista, compared to 60 percent running XP, according to Dawes. Have antivirus vendors skipped Vista as well?
"Our own previous experiences with the platform have done little to endear it to us, and presumably the developers of most anti-malware solutions have similar feelings, given the oddities, instabilities and general bizarreness we've seen on the platform in previous tests," Dawes wrote. "As the release of its replacement (Windows 7) approaches fast, little nostalgia has accumulated for the platform."
Vista's numbers are even worse in enterprise IT. A recent report said that Vista's share in enterprise IT had grown to 12 percent.
That's not surprising considering that many IT managers have chosen to skip Vista entirely, according to other studies. Research firm ChangeWave said that over half have skipped Vista, while Dimensional Research said that 83 percent will never deploy Vista. Research firm Gartner said that any IT shop that has not yet deployed Vista should avoid doing so and wait for Windows 7.
Microsoft did not respond to requests for comment on Vista by press time.
The problems with Vista SP2-based antivirus software weren't limited to simply missing known malware or detecting false positives.
The testers at Virus Bulletin said that several products overheated their test machines -- which used AMD Athlon64 X2 Dual Core 5200+ processors, 2GB RAM, dual 80GB and 400GB hard drives, and the 32-bit edition of Vista Business Edition with Service Pack 2 -- and either shut down or experienced blue-screen crashes.
At first, the testers thought that the problem might lie in the hardware, but when other products ran on the same machines without incident, they decided that something else -- still unknown -- was happening.
The Virus Bulletin team has hypotheses for these glitches, but no explanation.
"Many of those most affected adopt a multi-engine approach, which we would expect to cause greater-than-usual system loads," Dawes said in an e-mail to InternetNews.com. "The loading was not always due to large amounts of malware being scanned, which would be an unlikely scenario in the real world; we also encountered problems scanning large sets of clean files."
The testers at Virus Bulletin promise to continue researching the cause of the problem. "We continue to investigate some new test procedures which will focus on product stability and proper interaction with the operating system," the report said.
The company will test antivirus software on Windows Server 2008 in October and on Windows 7 in December. Windows 7 is slated to ship in late October.
Update adds comments from F-Secure and response from Virus Bulletin.