1 / 23

Antivirus Fight Club!

Antivirus Fight Club!. August 8th @ LinuxWorld. Before we begin…. Please submit any viruses for the test at http://virus.untangle.com/. Background - who we are. Untangle provides an open source network gateway platform. We are not an antivirus company We are not a testing company.

roosevelt
Download Presentation

Antivirus Fight Club!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Antivirus Fight Club! August 8th @ LinuxWorld

  2. Before we begin… Please submit any viruses for the test at http://virus.untangle.com/

  3. Background - who we are Untangle provides an open source network gateway platform. We are not an antivirus companyWe are not a testing company

  4. Background - why we are doing this • 2005: Untangle researches antivirus to add to the network gateway platform • after testing we choose clam (open source) and one other vendor • 2006: Untangle seeks Testing Labs for certification (stickers!) • 2006: Testing Lab refused to test AV product, because use of open source • won’t tell us why • won’t provide test results • won’t provide test set Something fishy is going on here…

  5. What is the AV FightClub? A simple test of real-world anti-virus detection by different AV engines • What AV FightClub is not: • Zero-day test • Functionality comparison • Not coverage testing Two important things! • Open - for samples & participation & discussion • Transparent - simple, verify & run at home

  6. The Test Each vendor is subjected to: • Small Set of test viruses (eicar) • Set of ‘in-the-wild’ viruses • Set of user-submitted viruses (minus non-viruses, not ‘in-the-wild’ viruses, and phish) Scored by % of viruses identified and performance if applicable All vendors should catch all these viruses

  7. The Vendors Vendors Engines with linux support (clam, kasperskey, fprot, sophos, globalhauri)Gateway Appliances (sonicwall, fortinet, watchguard)Windows solutions (norton/symance, mcafee)

  8. Questions? predictions?

  9. Lets get started • zip up the test set for windows tests • deposit on web server for gateway appliance tests

  10. F-Prot

  11. Sophos

  12. GlobalHauri

  13. Kasperksy

  14. Norton/Symantec

  15. McAfee

  16. Sonicwall

  17. Fortinet

  18. Watchguard

  19. Clam

  20. Results

  21. Results 2

  22. Conclusions conclusions • Open Source solution (Clam) doesn’t suck . In fact, its excellent! • Many vendors are poor. Some are selling dead donkeys! outstanding questions • Why hasn’t this been pointed out? • Is there something wrong with the way we test antivirus today?

  23. Thanks for coming! Contact Dirk Morris dmorris@untangle.com Remember Don’t believe me? Try this at home. The test set will be available on http://virus.untangle.com (password on zip file is “a”)

More Related