Untangle Weaves Controversial Web

By Brian Prince  |  Posted 2007-08-13 Print this article Print

With AV Test"> "By the testers own admission that the original setup had disadvantaged the Sophos product, it looks as though the products were tested pretty much "out of the box" without considering whether the conditions of the test would disadvantage specific default configurations," he wrote. Morris countered every effort was made to ensure fairness in that regard.
Click here to read about a booster shot for anti-virus.
"We tried our best to configure each product correctly, and in some cases spent great amounts of time doing so," he said. "We were open to advice and help from the community, and we remain open to advice on configuration on the different solutions and will definitely take appropriate action if a misconfiguration is discovered." Hiep Dang, McAfees director of anti-malware research, also attacked the test and accused Untangle of having a conflict of interest. "Their goal was to prove that open-source anti-virus solutions (in this case ClamAV) were just as effective, if not better than commercial anti-virus products," he wrote. "It seems that they were highly motivated to prove this because evidently they use ClamAV in their gateway product." Dang criticized the small sample size used in the test – 35 samples of the hundreds of thousands of pieces of malware currently in the wild – and said McAfee ran its own scan on the exact same files and found it detected everything that was not a password-protected zip or 0-byte file. Morris countered McAfees findings are not dissimilar from the results of the test. "In our live test they missed Sample 012, a Trojan downloader, and Sample 016, a password encrypted zip, from the in-the-wild set," he said. "The latter was distributed in an e-mail instructing the user to uncompress the zip and use a provided password. It is crucial for any solution to be used on the mail server or at the gateway to be able to catch this as a virus. The difference in Sample 012 could come from several places, like more recent signatures or a different version." As far as the sample size, Morris said the intent of this demo was to show the performance of the different engines on the viruses he has been exposed to through my inbox in mass quantities—with his inbox representing that of a typical user—or at a live customer site. "None of the viruses came from me—I dont write viruses," Morris said. "They did, however, come from infected machines all over the world into my e-mail honeypot and to our customers." Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel