tag:blogger.com,1999:blog-7347279.post9105686457294435641..comments2023-08-26T05:04:33.009-04:00Comments on anti-virus rants: imperva's anti-virus study is garbagekurt wismerhttp://www.blogger.com/profile/03810635947269551517noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-7347279.post-42998112257518234862013-01-15T23:35:25.221-05:002013-01-15T23:35:25.221-05:00Anonymous#4:
i'm sorry, but if you think they ...Anonymous#4:<br />i'm sorry, but if you think they aren't competing with the anti-malware industry i think you need to take a closer look.<br /><br />they do in fact compete, maybe not for home users, but certainly for corporate users. their product line may not look anything like a security suite from an anti-malware vendor, but they do sell products meant to protect against attacks and they're trying to make others look bad in order to make themselves look more appealing to potential customers.<br /><br />as for how easy it is for a person to bypass AV, this is a forgone conclusion. computers are not smarter than people - never have been and probably never will be. <br /><br />the thing is, having an intelligent attacker directly involved enough to be comparable to a pentesting scenario simply doesn't scale as well as dumb software-only attacks do (and cybercriminals certainly like their economies of scale). and those dumb software-only attacks don't have the same advantages even the dumbest pentester does.<br /><br />sure there are attacks that bypass security suites easily, but they're the minority because they rely on a resource that isn't digital and thus can't be copied - malicious human beings.<br /><br />no matter how you slice it, facing a dedicated attacker is a relative rarity in the threat landscape.kurt wismerhttps://www.blogger.com/profile/03810635947269551517noreply@blogger.comtag:blogger.com,1999:blog-7347279.post-91375810439005551992013-01-15T22:37:11.381-05:002013-01-15T22:37:11.381-05:00I've seen a lot of people beating up Imperva o...I've seen a lot of people beating up Imperva over this but I haven't seen anyone who has given a possible ulterior motive for them producing such a study. They don't do desktop products. They don't even do anti-malware at all. They bashed an industry they don't even compete in. And they are right. <br /><br />Anyone who has worked in pentesting knows it is so trivial to bypass desktop AV that those vendors are selling a sham and auditors are lemming idiots for considering them an effective control.<br /><br />Regardless of how or why Imperva did the study, those products simply are not effective any more. And that is the real point.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7347279.post-73019597873467088052013-01-06T19:48:38.938-05:002013-01-06T19:48:38.938-05:00Anonymous#3:
that's a strawman argument. no o...Anonymous#3:<br /><br />that's a strawman argument. no one is saying AV is perfect or can protect you in all situations. what i'm specifically saying in this post is that imperva's study is garbage. <br /><br />it doesn't even matter what the results of imperva's test are. the way they were arrived at demonstrated a lack of understanding of AV, virustotal, and even the threat landscape itself.<br /><br />the way you arrive at a conclusion is as important as the conclusion itself. if you use a stupid methodology then you might be right once or twice, the way a stopped clock is right twice a day, but generally your conclusions won't be worth the paper they're printed on.<br /><br />these comments really make me kind of sad. they demonstrate a culture bereft of critical thinking. people who value facts over knowledge, answers over understanding, and probably people who don't even realize there's a difference between those things.kurt wismerhttps://www.blogger.com/profile/03810635947269551517noreply@blogger.comtag:blogger.com,1999:blog-7347279.post-52901540183920297112013-01-06T18:25:08.377-05:002013-01-06T18:25:08.377-05:00Would you run an unknown malicious software which ...Would you run an unknown malicious software which was just release and was probably no analyzed by antivirus vendors on your own computer with all antiviruses installed? Answer yourself.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7347279.post-82409541285996993662013-01-04T19:28:25.035-05:002013-01-04T19:28:25.035-05:00Anonymous#2:
as it so happens i have already link...Anonymous#2:<br /><br />as it so happens i have already linked to a story that quotes representatives from multiple independent testing labs. here's the link again in case you missed it <a href="http://securitywatch.pcmag.com/none/306552-experts-slam-imperva-antivirus-study" rel="nofollow">http://securitywatch.pcmag.com/none/306552-experts-slam-imperva-antivirus-study</a><br /><br />in it you should find a quote from andreas marx (of av-test.org) saying that the <b>lowest</b> detection rates they see in real world zero-day testing is in the 64-69% range, not the less than 5% range claimed by imperva. that's the lowest, by the way, on average it's apparently more like 88-90%.<br /><br />another point of contradiction was simon edwards (dennis labs) observation that contrary to imperva's findings that free products offer the best protection, the findings of dennis labs has been consistently that paid products offer better protection.<br /><br />finally, randy abrams (nss labs) was quoted saying "It is rare that I encounter such an incredibly unsophisticated methodology, improper sample collection criteria, and unsupported conclusions wrapped up in a single PDF."<br /><br />those are all independent testing organizations. kurt wismerhttps://www.blogger.com/profile/03810635947269551517noreply@blogger.comtag:blogger.com,1999:blog-7347279.post-50129926736912673072013-01-04T19:01:56.430-05:002013-01-04T19:01:56.430-05:00Kurt, can you point to any independent study that ...Kurt, can you point to any independent study that refutes the accuracy claims of Imperva. If not then I agree with the first commenter, beyond expressing opinions the AV community should reply with whatever it believes is a proper research.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7347279.post-69895079825608735552013-01-04T17:48:25.439-05:002013-01-04T17:48:25.439-05:00you're probably right, i didn't address an...you're probably right, i didn't address any of the <b>myths</b> you insist on believing. <br /><br />anti-virus products are a lot more than just signature scanners and they have been for many, many years. <br /><br />that's part of what makes imperva's experimental design invalid - they tested only a subset of the protective capabilities those products have (the subset everyone is most familiar with), and misrepresented them as the full protective capabilities in order to support patently fallacious conclusions.<br /><br />and as for redoing the test myself with their samples, since they don't provide those samples or information about them (other than how they acquired them) it's really not possible. kurt wismerhttps://www.blogger.com/profile/03810635947269551517noreply@blogger.comtag:blogger.com,1999:blog-7347279.post-27620195262714495532013-01-04T16:40:05.028-05:002013-01-04T16:40:05.028-05:00You are just attacking the messenger and are at fa...You are just attacking the messenger and are at fault of the same thing you are ranting against: unqualified statements or no fact-backing. <br /><br />Know what you can do to make your argument better? Take those 82 samples yourself and pit them against your chosen AV desktop solution, using the signatures for the timeframes denoted in the studies. With hard valid data yourself your argument would be an actual argument instead of a rant.<br /><br />While not without flaws, the study points at something we've known for a time, that AV's entire functional model is based around negative or known-bad matching and the people doing malware are perfectly aware of how it works and how best to get the better of the AV companies. You didn't address any of this.<br /><br />Anonymousnoreply@blogger.com