Security Software Commonly Fail to Perform
ICSA, a security research and testing company, performed a study over computer security software and found that 80% of products couldn't pass the first examination for certification. They required redesigning or retooling to pass in their second or sometimes third attempt.
The common cause cited for the software programs to fail during their first test is a problem in their basic functionality. This implies that the programs just didn't carry out the jobs that were expected from them. Here ICSA cites instances in which an antivirus application is unable to spot malicious programs like viruses and worms along with an IP (intrusion prevention) mechanism that fails to supervise malevolent traffic.
The second common breach is related to logging - vital for company clients. Inaccurate/incomplete logging could really mean violating the law. Astonishingly, the third common breach relates to the products' inherent security vulnerabilities. For instance, certain control console related to the Web might get weakened with cross-platform scripting.
According to computer security professionals, they are unable to cope up with keeping PCs secured from malware. Security maintenance is becoming a tough job due to cyber-criminals' growing sophistication.
According to ICSA Labs that has been testing firewalls and anti-viruses for over 20 years, the hazards related to fundamental failures in expected performance frequently emerge. Tests on 7 types of products showed that the shortcoming of basic functionality by the products actually responsible for 78% of the total first-stage test failures.
ICSA recommends that computer-users should choose more established software over newer programs, which mightn't be, as yet, full-proof.
In related reports, during October 2009, an independently running agency for security software testing, Virus Bulletin published the outcomes obtained from the most recent VB100 certification test it conducted against Windows Server 2008. The results showed that out of the 26 software programs tested, 11 couldn't acquire VB100 certification, in part because the programs couldn't wholly detect certain complicated polymorphic type of computer viruses.
Related article: Securities Push Up A Must For Web Companies
» SPAMfighter News - 26-11-2009