How effective is security software at blocking exploits? (turns out, not very)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

How effective is security software at blocking exploits?

Much of the malware in circulation now focuses on using exploits in
popular applications such as browsers and office packages in order to
remotely execute code. Security suites and specialized anti-exploit
tools are aimed at blocking these but how well do they work?

A new study by testing lab PCSL commissioned by Malwarebytes has set out
to find the answer. It looks at the exploit mitigation capabilities of
12 different products: Avast Internet Security, AVG Internet Security,
Bitdefender Internet Security, Enhanced Mitigation Experience Toolkit
from Microsoft, ESET Smart Security, HitmanPro.Alert3, Kaspersky
Internet Security, Malwarebytes Anti-Exploit Premium, McAfee Internet
Security, Norton Internet Security, Panda Internet Security and Trend
Micro Titanium Maximum Security.

Each product was tested against 58 different exploit samples in a range
of payload configurations. Only two products managed to block more than
80 percent, Norton on 81.03 and Malwarebytes on 93.10 -- we should point
out here that although Malwarebytes commissioned the research it didn't
select the samples used.

In the mid range, ranked as "inadequate" by PCSL, Microsoft EMET scored
74.14 percent, Kaspersky 72.41 equal with Avast, and ESET scored 70.69.

The remainder of the products scored under 60 percent and were therefore
classed as "failed". Lowest score came from AVG which blocked only 24.14
percent of the samples. McAfee and Panda both managed 29.31 percent,
Bitdefender 31.03, Trend Micro 48.28 and HitmanPro 58.62.

Protecting against exploits is of course partly about keeping all of
your software up to date as well as using security tools but even so
these results are revealing. If you want to read more detail of the
tests the full report is available to download as a PDF.


Site Timeline