Download presentation
Presentation is loading. Please wait.
Published byRandy Scoggin Modified over 9 years ago
1
Antivirus Fight Club! August 8th @ LinuxWorld
2
Before we begin… Please submit any viruses for the test at http://virus.untangle.com/
3
Background - who we are Untangle provides an open source network gateway platform. We are not an antivirus company We are not a testing company
4
Background - why we are doing this 2005: Untangle researches antivirus to add to the network gateway platform after testing we choose clam (open source) and one other vendor 2006: Untangle seeks Testing Labs for certification (stickers!) 2006: Testing Lab refused to test AV product, because use of open source won’t tell us why won’t provide test results won’t provide test set Something fishy is going on here…
5
What is the AV FightClub? A simple test of real-world anti-virus detection by different AV engines What AV FightClub is not: Zero-day test Functionality comparison Not coverage testing Open - for samples & participation & discussion Transparent - simple, verify & run at home Two important things!
6
The Test Small Set of test viruses (eicar) Set of ‘in-the-wild’ viruses Set of user-submitted viruses (minus non-viruses, not ‘in-the-wild’ viruses, and phish) Each vendor is subjected to: Scored by % of viruses identified and performance if applicable All vendors should catch all these viruses
7
The Vendors Engines with linux support (clam, kasperskey, fprot, sophos, globalhauri) Gateway Appliances (sonicwall, fortinet, watchguard) Windows solutions (norton/symance, mcafee) Vendors
8
Questions? predictions?
9
Lets get started zip up the test set for windows tests deposit on web server for gateway appliance tests
10
F-Prot Vendor Version4.6.8 Updated2007-08-08 MethodLinux Client
11
Sophos Vendor Version4.20.0 Updated2007-08-08 MethodLinux Client
12
GlobalHauri Vendor VersionSDK 4.0. engine 2007-08-07 Updated2007-08-08 MethodLinux Client
13
Kasperksy Vendor VersionKav4fs 5.5.27 Updated2007-08-08 MethodLinux Client
14
Norton/Symantec Vendor VersionNorton Antivirus 2007 Updated2007-08-08 MethodWindows Client
15
McAfee Vendor Version7.2.147 Updated2007-08-08 MethodWindows Client
16
Sonicwall Vendor VersionSonicwall 1260 (3.2.0.5-54e) Updated2007-08-08 MethodGateway Appliance
17
Fortinet Vendor VersionFortinet 50A (2.8.0-520) Updated2007-08-08 MethodGateway Appliance
18
Watchguard Vendor VersionWatchguard x20e (8.5.1-8138) Updated2007-08-08 MethodGateway Appliance
19
Clam Vendor Version0.91-1-1ubuntu3 Updated2007-08-08 MethodLinux Client
20
Results
21
Results 2
22
Conclusions Open Source solution (Clam) doesn’t suck. In fact, its excellent! Many vendors are poor. Some are selling dead donkeys! outstanding questions conclusions Why hasn’t this been pointed out? Is there something wrong with the way we test antivirus today?
23
Thanks for coming! Dirk Morris dmorris@untangle.com Remember Contact Don’t believe me? Try this at home. The test set will be available on http://virus.untangle.comhttp://virus.untangle.com (password on zip file is “a”)
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.