Majority of Information Security Products Do Not Pass Quality Certifications
Do you trust the security products installed on your computer? Are they enough powerful and effective to resist malware?
A comprehensive Verizon report released by ICSA Labs in the beginning of this week, summarizes 20 years of testing anti-virus and firewall products and their ability to detect and remove malware. The report concludes that more than 80 per cent of security products fail to perform certification as intended on the initial attempt under a widely-used industry kite-mark scheme. Only 4 percent of products tested at ICSA attain certification in the first testing cycle. Not to mention, the certification could be lost if periodic re-testing reveals the products are not able to keep up.
Surprisingly, the sad statistics are a reality. ICSA Labs states that most products need two or more cycles of testing to attain certification. 82 percent of products resubmitted for testing finally get certification. ICSA also noted that certified products are still required to go through benchmarks periodically for maintaining their continuous certification. George Japak, managing director of ICSA and one of the report's authors, says that it took half a year just to make the oldest data absolutely accessible for data retaining. He added that a huge number of analysts and experts worked on the report, which provides serious perception of the development of the computer security industry.
ICSA Labs Product Assurance Report noted that 78 percent of product initial test failures throughout the first course of tests across seven product categories are because of an inadequate performance of core product functionality. The products include anti-virus, network firewall, Web application firewall, network IPS, IPSec VPN, SSL VPN and custom testing. Anti-virus products often weren't able to defend malware infection at the first try while firewalls or IPS (intrusion prevention) products couldn't make the grade in freezing attack traffic.
The next most common violation covers logging, which is especially important for enterprise customers. Incomplete or inaccurate logging of who did what and when accounted for 58 per cent of primary failures. Logging is often thought to be a nuisance and undervalued particularly when it comes to firewalls. Surprisingly, the third most common violation involves security flaws in the product's inherent security problems. For instance, a web-based control console might be prone to cross-platform scripting. These problems also add vulnerabilities that compromise the confidentiality or integrity of the system, and random behavior that influences product availability.
The study also determined a few issues with security products which involve poor product documentation and problems covering patching, if a product accepts security updates properly. Nearly every network firewall or web application firewall investigated suffered at least from one logging problem. Just under half of security products had difficulties with their own security and were able to be used to invade the exact system they were thought to be securing.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.