[Owasp-natal] Study: 7 of 13 Top Rated Antivirus Fail Against HTTPS Exploits

Noilson Caio caiogore em gmail.com
Sexta Agosto 17 10:54:09 UTC 2012

   - Aug 15, 2012 8:00 AM EST

By Neil J. Rubenking<http://securitywatch.pcmag.com/author-bio/neil-j.-rubenking>
 [image: NSS Labs]
You don't hear about Texas-based NSS Labs as much as you do about such
companies as AV-Test.org and AV-Comparatives.org. That isn't because the
researchers aren't busy; it's because the vast majority of their research
is commissioned by large companies for internal use.

>From time to time they release findings to the public, notably their
studies on how well browsers block Web malware
NSS researchers have a major test of consumer endpoint security in the
works. In preparation for that, they've just released a mini-test that
evaluates how well popular security suites handle Web-based exploits. The
results will surprise you.

Exploits are attacks that attempt to gain control of victim systems through
unpatched vulnerabilities in the operating system, the browser, or popular
third-party applications. For this mini-test, the researchers started with
two Microsoft vulnerabilities that were patched in June and July of 2012.
Users who didn't apply those patches would be vulnerable.

*Test Methodology*
Rather than use any known malicious code or pre-packaged penetration tests,
the researchers built their own exploits, two for each vulnerability. One
exploit launched a program on the victim system (in this case the innocuous
calc.exe). The other opened a remote access backdoor shell on the victim.

For testing, they installed 13 popular security
suite<http://www.pcmag.com/category2/0,2806,1639159,00.asp>on test
systems lacking critical patches for the two vulnerabilities. They
launched each attack against each test system, first over a standard HTTP
connection and then over a secure HTTPS connection. The results, shown in
the table below, are surprising.
[image: NSS Labs Mini-Test Chart]

Avast, Kaspersky, McAfee, and Trend Micro stood firm against exploits,
blocking all four attacks over HTTP and over HTTPS. ESET and Norton did
fine with the HTTP-based attacks, but missed half over HTTPS. AVG and Avira
also blocked all HTTP-based attacks but didn't block any attacks that came
in over HTTPS.

CA Total Defense, F-Secure, and Microsoft also had trouble with HTTPS. They
blocked half of the attacks over HTTP, but none over HTTPS. At the bottom,
Norman and Panda blocked just one attack. On the plus side, they managed to
block it whether it came in via HTTP or HTTPS.

*The report points out that HTTPS connections are common, and that users
can't assume HTTPS traffic is free of exploits. NSS Labs recommends that
anyone using one of the security products that ran into trouble with HTTPS
in this test should double-check that they've got all current patches in
place. To make that task easier, the report suggests using a patch
management tool like Secunia Personal Software Inspector

Vendors whose products bombed under HTTPS may be able to slip in a fix
before the full-scale consumer endpoint protection report in late 2012. You
can view the full text of the mini-report on the NSS Labs

*For more from Neil, follow him on Twitter

Noilson Caio Teixeira de Araújo
Linux Professional Institute Certification  2 - LPI000182893
ITV3F ITIL Foundation Certificate in IT Service Management (Syllabus 2011)
- EXIN063638
Novell Certified Linux Administrator (CLA) - 10111916
Novell Data Center Technical Specialist

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-natal/attachments/20120817/bedefd41/attachment.html>

More information about the Owasp-natal mailing list