&#151; -- Antivirus vendors are closer to agreeing on a new way to test their software after widespread agreement that older antivirus tests can be misleading.
AV-Test.org, a German antivirus testing organization, is meshing suggestions from vendors such as Symantec Corp., Panda Software ASA and Trend Micro Inc. as well as its own for a new testing regime, said Maik Morgenstern, who conducts product tests at AV-Test.org.
The new testing proposal -- also supported by vendors Kaspersky Lab Ltd., F-Secure Corp. as well as other testers such as Virus Bulletin -- will be presented next month at the Association of AntiVirus Asia Researchers 2007 conference in Seoul.
Companies supporting AV-Test.org's paper will try to marshal support from other security vendors, said Mark Kennedy, an antivirus engineer with Symantec.
"We believe this is the way tests should be conducted," Kennedy said. "The hope is that other companies will join us."
Still, the proposals will be optional guidelines for antivirus testers, which ultimately can choose to adopt or ignore them.
Antivirus testing groups have typically tested antivirus products by running the detection engine against hundreds of malicious software samples. If the product doesn't detect a sample, it gets a lower ranking. The style of evaluation tests whether an antivirus product has the right "signatures," or indicators that can identify a specific piece of malware.
The test is relatively quick and easy to perform. But over the last three years or so, many security companies have added technology that can flag malware based on how it acts. That's because signatures have become a less reliable way to defend a computer due to the high number of malware variations that now appear on the Internet.
A signature test does not take into account behavioral detection technology, so vendors have argued that a failed signature test doesn't mean their product wouldn't have protected a PC.
Software vendors have proposed testing antivirus products under the same conditions a consumer would encounter on the Internet. In essence, antivirus testers would use real, active malicious software samples from the Internet and present them to computers in the same way people encounter them, such as through e-mail attachments or Web pages rigged to exploit browser vulnerabilites.
Before a test, antivirus suites would be "frozen" a few weeks prior and not allowed to update their signatures in order to really test the proactive or behavioral technology. Debate is still ongoing whether testers should use malware that is actually doing bad things on the Internet, which poses questions of whether the test machines could potentially do harm.
An alternative is setting up a simulated Internet environment in the lab, but that may not allow malware to run in the way it would if it could access the Internet. "There's always a trade-off," Morgenstern said.
Security analysts are still working on how the products will be scored. It's tricky, since there are many different levels at which a product may detect and neutralize a threat. The scoring has to be clear and comprehensible to people who read technology magazines that write about the tests.
"If the magazines are not able to communicate that in a simple manner to the consumer, then it's not worth much," said Pedro Bustamante, senior research advisor for Panda.
The new parameters mean it will likely take a lot longer to conduct the tests, but Morgenstern said he believed AV-Test.org could do it with their existing staff and without any significant fee increases to publishers who commission work from them.
&#151; -- Antivirus software is frequently tested for performance, so picking a top product should be straightforward: Select the number-one vendor whose software kills off all of the evil things circulating on the Internet. You're good to go then, right? Not necessarily.
The increasing complexity of security software is causing vendors to gripe that current evaluations do not adequately test other technologies in the products designed to protect machines.
Relations between vendors and testing organizations are generally cordial but occasionally tense when a product fails a test. Representatives in both camps agree that the testing regimes need to be overhauled to supply consumers a more accurate view of how different products compare.
"I don't think anyone believes the tests as they are run now ... are an accurate reflection of how one product relates to the other," said Mark Kennedy, an antivirus engineer with Symantec Corp.
Representatives of Symantec, F-Secure Corp. and Panda Software SA agreed last month at the International Antivirus Testing Workshop in Reykjavik, Iceland, to design a new testing plan that would better reflect the capabilities of competing products. They hope all security vendors will agree on a new test that can be applied industrywide, Kennedy said.
A preliminary plan should be drawn up by September, Kennedy said.
One of the most common tests involves running a set of malicious software samples through a product's antivirus engine. The antivirus engine contains indicators, called signatures, that enable it to identify harmful software.
But antivirus products have changed over the last couple years, and "now many products have other ways of detecting and blocking malware," said Toralv Dirron, security lead system engineer for McAfee Inc.
Signature-based detection is important, but an explosion in the number of unique malicious software programs created by hackers is threatening its effectiveness. As a result, vendors have added overlapping defenses to catch malware.
Vendors are employing behavioral detection technology, which may identify a malicious program if it undertakes a suspicious action on a machine. A user may unwittingly download a malicious software program that is not detected through signatures. But if the program starts sending spam, the activity can be identified and halted.
Also, a program can be halted if it tries to exploit a buffer overflow vulnerability, where an error in memory can allow a bad program to run. Host-based, intrusion-prevention systems, which can employ firewalls and packet inspection techniques, can also stop attacks.
The ways in which a computer can be infected also make comprehensive testing complex. For example, users may infect their computers by opening malicious e-mail attachments or visiting harmful Web sites designed to exploit known vulnerabilities in a Web browser.
The different modes of attack also involve different defenses, all of which would need to be tested to arrive at an accurate ranking, analysts said.
By contrast, signature-based tests can take as little as five minutes. "This is a very basic test," said Andreas Marx of AV-Test.org, who wrote his master's degree thesis on antivirus testing. "It's easy, and it's cheap."
Other concerns remain, over trial sets of malicious software, the age of the samples and the relative threat those samples pose on the Internet as they become older. Security vendors also think tests should check how well security applications remove bad programs, a process that can affect a computer's performance.
For vendors, a failed test can be embarrassing, since the testing companies often issue news releases highlighting the latest results.
Testing companies make money in various ways. AV-Test.org is often commissioned by technology magazines such as PC World (a magazine owned by IDG). Virus Bulletin licenses its logo to companies for use in promotional material and publishes a monthly online magazine.
Earlier this month, Virus Bulletin announced that its latest round of testing produced some "big-name failures," including products from Kaspersky Lab and Grisoft SRO.
The company's VB100 tests antivirus engines against malware samples collected by the Wildlist Organization International, a group of security researchers who collect and study malware. To pass the VB100, products must detect all samples.
Kaspersky briefly removed a signature for a worm out of its product for "optimization" purposes on the day of the test, wrote Roel Schouwenberg, senior research engineer for Kaspersky, in an e-mail. The signature has since been put back in, he said.
"Obviously, we would have rather passed than failed," Schouwenberg wrote. "Had the test been conducted a day earlier or a day later, we would have passed."
Similarly, F-Secure initially failed its test also because of a technicality, but the failed rating was later reversed. All vendors are told after testing which samples they failed to detect, thus most end up adding signatures to their products.
So what should a user do? John Hawes, a technical consultant for Virus Bulletin, cautioned that the signature-based tests are "not enormously representative of the way things are in the real world."
But Hawes also noted that signature-based tests can indicate the reliability and consistency of a vendor's software. Virus Bulletin also writes reviews of AV suites, which take into account aspects such as usability, which may be just as important as detection for consumers. The company is developing more advanced tests that will test new security technologies.
AV-Test.org is already performing more comprehensive tests, although it uses between 30 to 50 malware samples, a much smaller trial set compared to the Wildlist, which uses more than 600,000 samples, Marx said. Those tests may supply a better indication of how a security software suite performs.
At a bare minimum, through, users should install some security software, as computers without it can face high risks, Marx said. Several free suites are available that may be fine for light Internet use, he said.
Ironically, Marx doesn't use any antivirus software. That's because AV-Test.org collects malware for its testing, most of which comes through e-mail from other researchers. "I'm getting about 1,000 viruses a day," he said. "It [antivirus software] would be counterproductive."
Whether you’re looking to protect your PC or an entire fleet of computers, chances are you’ve either considered or have ended up purchasing products from Symantec. The company sells consumer software under the Norton brand, in addition to Symantec Endpoint Protection that targets enterprises. The bad news is that both products were just shamed by Google’s Project Zero security team, which found critical errors that leave users at risk.
In fact, Google’s security hacker Tavis Ormandy discovered numerous vulnerabilities in 25 different Norton and Symantec products, and he said they are “as bad as it gets.”
MUST READ: The iPhone 7 nightmare
“These vulnerabilities are as bad as it gets,” Ormandy wrote. “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”
Rather than protecting users from malicious programs, the anti-virus programs could end up helping hackers by making it even easier to target these machines – essentially, a hacker could simply have to attack the software intended to protect a computer, rather than the computer itself.
“Just emailing a file to a victim or sending them a link to an exploit is enough to trigger it – the victim does not need to open the file or interact with it in any way,” Google’s researcher said.
Google’s team looks for zero-day security holes in various products and found issues in antivirus products from Trend Micro in the past. The researchers supply companies 90 days plus a two-week grace period to fix issues, after which point they’re revealed to the public.
The good news is that Symantec has taken swift action and all the issues were fixed in an update that was already sent to customers by the time Ormandy published his findings. Even so, while antivirus software on some systems is updated automatically, not all computers are set up that way. Admins might have to perform the updates themselves.
It’s still disconcerting to find out that one of the top antivirus makers out there had so many bugs in software meant to protect users from malicious hackers. More details about the software issues found in Symantec and Norton products are available at the source links – and make sure you update all your Symantec products immediately.
Antivirus software has had to get savvier, adapting to more complete malware as people spend more time online. The best antivirus software offers secure browsing, malware protection and monitored downloads so you can have peace of mind while you're online.
Finding good antivirus software is especially important for people using Windows operating systems such asand . Windows devices make up three out of every four laptop or desktop operating systems, according to latest data from Statcounter, which paints a bigger target on those devices. Windows-targeted malware has a larger base of devices to infect, giving it more potential in the eyes of cybercriminals.
But don't worry -- we're here to help you find the antivirus software that best fits your needs. These picks of the best antivirus programs are a combination of recommendations from independent third-party labs AV-Test, AV-Comparatives and SE Labs, as well as CNET's own hands-on testing. We regularly research and test software to determine which product leads the pack, and we update this list periodically based on those tests.
Note that antivirus software is only a piece of the cybersecurity puzzle. Cybercriminals are becoming more sophisticated, and the more steps you take to lock down your online security, the safer you'll be. A securecan help protect your internet privacy, and a will help you create and keep track of more secure login credentials. These tools are all essential in protecting your personal information.
Whether you're looking for free antivirus protection or are willing to pay for a program that offers more security features, we have you covered. Here's where to start when looking for the best antivirus software for your specific needs.
Note: The pricing structure for antivirus services can be complicated, since the providers often offer low introductory prices to entice you to sign up for their services. After the first billing period -- typically a year or two, depending on the plan you purchase -- the amount you pay for the service may increase substantially. The regular rate for the services may be double the introductory rate or sometimes more. Be sure to check the terms of the subscription plan prior to making your purchase so you don't get an unwelcome surprise once your subscription renews.
Free version? Yes, free antivirus built into Windows 10 and Windows 11.
Paid version: Windows Defender Advanced Threat Protection is available to corporate users for a fee.
Honestly, if you practice safe computing -- you keep your software up to date, you use strong passwords (with the help of a password manager), you steer clear of unexpected emails and you don't click suspicious links that may be phishing attempts -- you probably can avoid zero-day attacks and ransomware attacks. And with the free Microsoft Defender Antivirus software running on Windows 10, you have a malware protection safety net if you do let your guard down. In fact, it is one of the best antivirus software options.
(Note: Microsoft changed the name of Windows Defender to Microsoft Defender and has expanded the service to other platforms.) This free antivirus program is built into Windows, and it's turned on by default, the antivirus engine does its thing, and this antivirus solution will cover the basics of internet security. Microsoft pushes new updates frequently. Defender also lets you tune the level of protection you want, giving you control over blocking potentially unwanted apps and protecting folders and files from a ransomware attack.
Windows 10 and 11 will automatically disable its own Windows Defender antivirus when you install third-party antivirus. If you uninstall the third-party protection, Windows will turn back on its own antivirus.
Platforms: Windows 10 and 11 plus MacOS, Android, iOS.
Free version? No, but a free 30-day trial is available.
Cost: $99 per year for five devices (first year).
For a long time, Norton Security -- now called NortonLifeLock, and no longer part of Symantec -- has earned Good Marks from AV-Test, AV Comparatives and SE Labs for virus and malware detection. Norton antivirus provides industry-leading security software for PC, Mac and mobile devices. Their products include Antivirus Plus, Norton Secure VPN, Norton 360 for Gamers, Norton 360 with LifeLock Select and more. A five-device subscription for Norton 360 with LifeLock Select is normally $150 per year. In addition to malware and virus protection for your computer and mobile device, this antivirus suite provides 100GB of backup to the cloud, safe-browsing tools, a secure VPN, password manager, parental controls and LifeLock identity theft protection and fraud alert. While not all of those services are necessarily best in their respective class, getting them all in one package is a compelling option.
Platforms: Windows 10 and 11 plus MacOS, Android, iOS.
Free version? Yes.
Paid version: $40 per year for five devices.
If you'd like to take a step up in securing your PC without taxing your wallet, it's hard to beat Bitdefender's free antivirus software for Windows 10 and 11. The Windows security software offers real-time monitoring for viruses, malware, spyware and ransomware protection. Bitdefender Antivirus Free Edition is easy to set up and stays out of your way until you need it. And the protection this antivirus product offers is solid. Bitdefender antivirus software consistently earns top marks for its antivirus protection and usability from the respected AV-Test independent testing lab. The free antivirus version covers one Windows PC. For broader protection, you can choose Bitdefender Total Security or Bitdefender Antivirus Plus. The subscription antivirus suite lets you protect five devices (Windows, MacOS, iOS and Android), set up parental controls on a kid's computer and run a VPN.
Platforms: Windows 10 and 11 plus MacOS, Android.
Free version? Yes, after the 14-day trial expires.
Paid version: $33.74 per year for one device, $60 for two years for one device.
Malwarebytes does protect your PC from a virus or malware attack, scoring reasonably well in exact independent testing for guarding against malware threats. But that's not really what Malwarebytes is known for. If you find yourself in trouble, the go-to disinfectant for many is Malwarebytes. You can get protection and disinfection for one device for $30 a year, regularly $40. To cover five devices -- any combination of Windows, MacOS and Android -- it's $80 for a year of antivirus software. To get the antivirus company's free antivirus version, download this trial version, which "downgrades" to a no-fee on-demand cleaner with fewer features that detects and removes viruses and malware when you run an on-demand antivirus scan after 14 days.
In addition to the four antivirus apps we recommend above, a handful of other anti-malware tools are worth considering among the best antivirus protection if you find them at a better price or just prefer to use one over our picks above.
Platforms: Windows 10 and 11 plus MacOS, Android, iOS.
Free version? No, but offers a 30-day money-back guarantee.
Cost: One-year subscription: $30 for a single device, $40 for five devices and $50 for unlimited devices (prices increase after the first year).
It feels like McAfee Antivirus has been around forever, first on its own in the '80s, then as part of Intel starting in 2010, and then again on its own when Intel spun it off in 2017. And McAfee Total Protection has been around forever because quarter after quarter it creates solid, modern antivirus software that protects your PC. (In exact evaluations by AV-Test, it had high scores on both protection and performance.) McAfee Total Protection guards five devices against viruses and offers ransomware protection, wards off malicious websites and includes a password manager for $35 (usually $100) for the first year. If you agree to auto-renew your antivirus suite subscription, you get access to McAfee ID Theft Protection Essentials, which monitors for ID fraud.
Platforms: Windows 10 and 11 plus MacOS, Android, iOS.
Free version? No, but a 30-day free trial is available.
Cost: One-year subscription: $50 for five devices. Two-year subscription: $100 for five devices.
Maybe this antivirus provider isn't as well known to consumers because of its focus on enterprise security, Trend Micro antivirus security quietly brings its business expertise to the home with its Trend Micro Maximum Security tools. Trend Micro's software earns Good Marks from AV-Test -- consistently scoring well for detecting zero-day attacks and widespread viruses and malware. And Trend Micro does a good job of not taxing system resources. Trend Micro's 10-device subscription for computers and mobile devices is $130, but discounted currently at $60.
Platforms: Windows, MacOS
Free version? No, but a 30-day free trial is available, and college students can get up to 50% off.
Cost: From $40 per year for one device to $80 per year for five devices.
If you're looking for something easy to set up and use, ESET NOD32 antivirus may meet your needs. It earns high scores for usability and offers solid virus protection. A five-device option is $80 for a year, with a 30-day free trial.
Platform: Windows plus MacOS.
Free version? Yes.
Paid version: $45 per year for 10 devices.
The free antivirus version of Sophos Home gives you virus protection for three Windows PCs or MacOS devices -- using the company's high-scoring anti-malware tool -- plus a 30-day trial of the company's malware-removal tool. With a $45 annual subscription, you can cover 10 devices.
Test after test, Avast Antivirus for Windows performs well for malware detection with options ranging from Avast free antivirus software to Avast Premium Security. And we've included its antivirus in our list of recommended security app options before. But Avast was in the news for several months for its non-antivirus business, so we looked at the company, specifically reports at the end of 2019 that Avast allegedly collected user data with its browser plug-ins and antivirus software and then sold data it collected through its Jumpshot subsidiary in early 2020.
In response to the reports that his company gathered and sold the details of its customers' online activities, Avast CEO Ondrej Vlcek said in a statement that he understood that his company's actions raised questions of trust in his company. To address that, Avast terminated Jumpshot data collection in January 2020 and closed its operations because the data collection business wasn't in line with Avast's privacy priorities.
Those reports followed another in 2019 from Avast that its internal network was breached, possibly to insert malware into its CCleaner software, similar to an earlier CCleaner hack that occurred prior to Avast's acquiring the Windows utility.
Avast started saying the right things about taking its customers' privacy seriously, but it only came to that point after reacting to investigative reporting that revealed the Jumpshot practices. (The CCleaner revelations, while concerning, were self-disclosed, which is important to building user trust.) We hope Avast's more privacy-friendly policies mean that there will be no further Jumpshot-style activities and that it returns to glory as one of the best antivirus software options. In the meantime, we'd recommend using one of the many other solid choices in this realm (listed above).
Because the company has been in the news the past few years, let's talk about-- specifically about the federal ban that blocks US government agencies from using Kaspersky Antivirus products.
Based in Moscow, Kaspersky Lab has for years produced some of the best antivirus software for business antivirus needs and home customers. But in 2017 the US government prohibited Kaspersky security cloud software on federal government computers because of alleged ties between Kaspersky and the Russian government.
Notably, the ban does not apply to its consumer products such as Kaspersky Total Security and Kaspersky Anti-Virus. But as with, the question remains: If the federal government doesn't think the products are safe enough for its own devices, should consumers avoid them as well?
In a statement sent to CNET, the company said, "Kaspersky Lab has no ties to any government, and the company has never, nor will ever, engage in cyber offensive activities. Kaspersky Lab maintains that no public evidence of any wrongdoing has been presented by the US government, and that the US government's actions against Kaspersky Lab were unconstitutional."
In Kaspersky's favor, it continues to earn top scores and awards for virus and malware detection and endpoint protection from independent testing labs. And.
In the end, even though no one has ever publicly produced a "smoking gun" linking the company to Russian intrigue, we think any of the options listed above is a safer bet. And if you are a US government employee or work with the federal government, you'll want to steer clear of Kaspersky internet security products -- and perhaps use one of the antivirus software products mentioned here instead.
Picking the best antivirus software for Windows means finding one that keeps your PC safe, doesn't take up a lot of system resources, is easy to use and stays out of the way till you need it. Here's what to look for.
Effectiveness. Antivirus software runs virus scans for known viruses and malware, of course, and can offer real-time protection. And it watches for shady websites and suspicious links to keep you out of trouble. It can also offer ransomware protection and monitor unexpected behavior that may be a sign of new and not-yet-identified viruses and malware. You want antivirus software that can successfully identify these unknown online threats without flagging too many false positives.
Light on system resources. You don't want antivirus software that taxes your PC's resources. If after you install the program, websites open slowly, apps download or open sluggishly or file copies take longer than expected, you may want to try another service. The good news is, all our picks offer a free trial or money-back ensure to let you try out the antivirus program, so if your system feels sluggish after installation, you may want to keep looking.
Cost and discounts. Don't just pay the sticker price for antivirus protection. Before you buy, check for discounts on a company's website. Another way to save: The prices we list above are for 10 devices -- if the company offered that package -- but you can trim your cost with antivirus packages if you need to cover three or five devices. You may also find discounts on an app's Amazon page.
Privacy. To be effective, antivirus software needs to monitor what's going on with your PC, check in with company servers about unusual behavior and should provide sound banking protection. The companies say they anonymize this technical data as much as possible to protect your privacy. But if you want to know more, the security companies on our list post privacy policies on their websites, so read their privacy statements to learn what the companies do with the information you share.
Protection for other platforms. Microsoft is by far the biggest target for viruses and malware. But Android is second, with just under 1% of apps installed on Android devices with Google Play Protect in the potentially harmful app, or PHA, category.
The threat to MacOS and especially iOS is low, in part because of the tight control Apple has over its app stores. While the Mac does come under attack via side-loaded apps, it's rare, and if you download apps only from the Mac and iOS app stores and keep your guard up when clicking links and download files, you should be OK without an antivirus app on Apple devices.
To a degree, yes. Some antivirus programs can do things like warn you or block you from visiting a suspected phishing site. Others may also automatically block suspicious emails that appear to come from a malicious sender or contain phrasing common in phishing emails. However, you cannot count on an antivirus program to be a failsafe solution for phishing protection. You still need to be vigilant andon your own when it comes to phishing, because an antivirus program won't be able to catch everything.
Any program running on your computer will require a certain amount of processing power to work, which can affect your computer's overall performance. If an antivirus program is just running in the background, it shouldn't really have any effect on your computer's performance. However, when actively running a scan of your system, an antivirus can noticeably. If this is the case, try to schedule antivirus scans at night, or at a time when you're not using your computer.
The MITRE Engenuity ATT&CK evaluations are a transparent, yearly assessment of leading enterprise endpoint-protection solutions as tested against known threats. The level of detail provided by their results not only demonstrates the efficiency of endpoint solutions but provides any defending team with deep knowledge of how to protect their own organization according to the MITRE ATT&CK framework.
The underlying model for most evaluations of security products is the antivirus review. But generally, an AV review will tell you only whether a product stopped a threat, or perhaps whether the threat was blocked instead of neutralized.
Such reviews may be useful for consumer antivirus products that defend home PCs against internet-based threats, but enterprise endpoint-protection products require more detailed evaluations.
Antivirus reviews "may potentially help evaluate a protection product, like a traditional AV from a traditional AV vendor," said Shyue Hong Chuang, product manager for Cisco Secure Endpoint. "But when it comes to the stuff that got past, what did your product tell me? It's the MITRE evaluation, it's the AV-Comparatives EPR [Endpoint Prevention and Response] test that gives a bit more visibility (across the attack kill chain)."
The MITRE evaluation Chuang refers to is the MITRE Engenuity ATT&CK evaluations, or Evals for short, which MITRE has run almost every year since 2018. The Evals document every step in the kill chain of a well-known, real-life, sophisticated attack against a Microsoft Azure instance protected by one of the endpoint security products being tested.
For example, in the latest round of Evals, conducted in late 2021 with results released in March 2022, 30 different security vendors submitted their products for testing, including Cisco, CrowdStrike, McAfee, Microsoft and Symantec.
Each product faced two well-known adversaries: first, the Wizard Spider criminal group that has used the BazarLoader, Conti, Emotet, Ryuk and Trickbot malware against enterprise targets; and second, the Russian state-sponsored Sandworm group, notorious for attacks upon the Ukrainian energy sector as well as the NotPetya wiper malware attack in 2017.
Because the MITRE ATT&CK framework is well understood among security practitioners, the level of detail provided by the Engenuity evaluation results is a treasure trove of information about how each tested endpoint product fares at each step of the kill chain. MITRE posts the results publicly and freely, and while the documentation can be a bit hard to decipher, there's no better way for organizations considering an endpoint solution to assess how well a product may be suited for them.
"Defenders use Evals to make better informed decisions on leveraging the products that secure their networks," states the MITRE Engenuity ATT&CK evaluations website. "Each vendor evaluation is independently assessed on their unique approach to threat detection. Evaluation rounds are not a competitive analysis; they do not showcase scores, rankings, or ratings and are transparent and openly published."
Dr. Joel Fulton, co-founder and CEO of Lucidum, an asset discovery company, pointed out that the MITRE ATT&CK framework also helps CISOs better communicate their needs to executives.
"Most CISOs will ask for investments and increases in budget to respond to either current events or longstanding security concerns, but they don't have sufficient data points to support the ask," Fulton told CyberRisk Alliance. "By using the MITRE ATT&CK framework as a guide for these conversations, CISOs will be able to effectively explain the severity of threats and the actions to mitigate them while allowing CIOs to be active participants."
But it's not only those enterprises looking for new endpoint-protection software that can benefit from the MITRE Engenuity ATT&CK results. Because the evaluation results are so granular, skilled defense teams can use them to pinpoint weaknesses in their own security posture and adjust their strategies accordingly.
"Here is a true-to-form attack in sequence with the kill chain, the way that Sandworm or Wizard Spider actually facilitated these opportunities," said Adam Tomeo, senior product marketing manager for Cisco Secure Endpoint. "At this point, regardless of where you can potentially stop it on the kill chain, you can leverage each one of these sub-steps to help strengthen your security posture in your organization."
Both these threat actors are still very active, as are the attackers in the previous rounds of MITRE Engenuity ATT&CK evaluations, which include the Carbanak and Fin7 criminal gangs and the Russian state-sponsored Cozy Bear or APT 29, the latter believed to be behind the devastating SolarWinds supply-chain compromise of 2020.
"By viewing the MITRE ATT&CK framework as a 'board game' or checklist, security teams can thoroughly understand where their vulnerabilities lie and take the appropriate action to prevent attacks," said Fulton.
To Eric Howard, lead technical engineer for Cisco Secure Endpoint, the MITRE Engenuity ATT&CK evaluations provide "the ability to have a common language between both those that know how to test an environment and those that are tasked with defending against the things that are thrown at an environment."
"Red and blue teams can speak the same language," Howard added, "reversing the power of the Babel effect so that we can get to the same goal."
Video benchmark software tests your computer's hardware during OpenGL and DirectX rendering. A dedicated graphics processing unit, or GPU, usually performs the intensive task of simulating the perspective of a 3-D world and drawing polygons where they should appear. However, the CPU in your computer also renders video -- in some cases more efficiently than the GPU.
A new independent study by security experts at Symantec attempted to measure how secure Apple’s iOS and Google’s Android platform are, and also to determine how these mobile platforms stack up against desktop operating systems. Symantec claims that these mobile platforms are much more secure than today’s popular desktop operating systems, though the firm does note that the key variable, as always, is the human element. “Today’s mobile devices are a mixed bag when it comes to security,” said Carey Nachenberg, Symantec Fellow and Chief Architect, in a statement. “While more secure than traditional PCs, these platforms are still vulnerable to many traditional attacks. Moreover, enterprise employees are increasingly using unmanaged, personal devices to access sensitive enterprise resources, and then connecting these devices to 3rd-party services outside of the governance of the enterprise, potentially exposing key assets to attackers.” While Symantec neglects to reach a firm conclusion regarding which mobile OS is the most secure, the firm definitely seems to favor iOS more often than not. It says iOS’ app screening procedure plays a big role in the operating system’s security, and it also says the platform’s architecture makes it better at resisting malware attacks and data integrity attacks. It also says iOS offers better encryption and more secure access control for apps. Symantec’s full press release follows below.
Symantec Analysis of Apple’s iOS and Google’s Android Platform Cites Improved Security over PCs, but Major Gaps Remain
The mass adoption of both consumer and managed mobile devices exposes enterprises to new security risks
MOUNTAIN VIEW, Calif. – June 28, 2011 – Symantec Corp. (Nasdaq: SYMC) today announced the publication of “A Window into Mobile Device Security: Examining the security approaches employed in Apple’s iOS and Google’s Android” (PDF). This whitepaper conducts an in-depth, technical evaluation of the two predominant mobile platforms, Apple’s iOS and Google’s Android, in an effort to help corporations understand the security risks of deploying these devices in the enterprise.
Chief among the findings is that while the most popular mobile platforms in use today were designed with security in mind, these provisions are not always sufficient to protect sensitive enterprise assets that regularly find their way onto devices. Complicating matters, today’s mobile devices are increasingly being connected to and synchronized with an entire ecosystem of 3rd-party cloud and desktop-based services outside the enterprise’s control, potentially exposing key enterprise assets to increased risk.
The paper offers a detailed analysis of the security models employed by Apple’s iOS and Google’s Android platforms, evaluating each platform’s effectiveness against today’s major threats, including:
- Web-based and network-based attacks
- Social engineering attacks
- Resource and service availability abuse
- Malicious and unintentional data loss
- Attacks on the integrity of the device’s data
This analysis has led to some important conclusions:
- While offering improved security over traditional desktop-based operating systems, both iOS and Android are still vulnerable to many existing categories of attacks.
- iOS’s security model offers strong protection against traditional malware, primarily due to Apple’s rigorous app certification process and their developer certification process, which vets the identity of each software author and weeds out attackers.
- Google has opted for a less rigorous certification model, permitting any software developer to create and release apps anonymously, without inspection. This lack of certification has arguably led to today’s increasing volume of Android-specific malware.
- Users of both Android and iOS devices regularly synchronize their devices with 3rd-party cloud services (e.g., web-based calendars) and with their home desktop computers. This can potentially expose sensitive enterprise data stored on these devices to systems outside the governance of the enterprise..
- So-called “jailbroken” devices, or devices whose security has been disabled, offer attractive targets for attackers since these devices are every bit as vulnerable as traditional PCs.
“Today’s mobile devices are a mixed bag when it comes to security,” said Carey Nachenberg, Symantec Fellow and Chief Architect, Symantec Security Technology and Response. “While more secure than traditional PCs, these platforms are still vulnerable to many traditional attacks. Moreover, enterprise employees are increasingly using unmanaged, personal devices to access sensitive enterprise resources, and then connecting these devices to 3rd-party services outside of the governance of the enterprise, potentially exposing key assets to attackers.”
About Security Technology and Response
The Security Technology and Response (STAR) organization, which includes Security Response, is a worldwide team of security engineers, threat analysts and researchers that provides the underlying functionality, content and support for all Symantec corporate and consumer security products. With Response centers located throughout the world, STAR monitors malicious code reports from more than 130 million systems across the Internet, receives data from 240,000 network sensors in more than 200 countries and tracks more than 25,000 vulnerabilities affecting more than 55,000 technologies from more than 8,000 vendors. The team uses this vast intelligence to develop and deliver the world’s most comprehensive security protection.
InfoQ today publishes a one-chapter excerpt from Frank Cohen's book "FastSOA". On this occasion, InfoQ had a chance to talk to Frank Cohen, creator of the FastSOA methodology, about the issues when trying to process XML messages, scalability, using XQuery in the middle tier, and document-object-relational-mapping.
InfoQ: Can you briefly explain the ideas behind "FastSOA"?
Frank Cohen: For the past 5-6 years I have been investigating the impact an average Java developer's choice of technology, protocols, and patterns for building services has on the scalability and performance of the resulting application. For example, Java developers today have a choice of 21 different XML parsers! Each one has its own scalability, performance, and developer productivity profile. So a developer's choice on technology makes a big impact at runtime.
I looked at distributed systems that used message oriented middleware to make remote procedure calls. Then I looked at SOAP-based Web Services. And most recently at REST and AJAX. These experiences led me to look at SOA scalability and performance built using application server, enterprise service bus (ESB,) business process execution (BPEL,) and business integration (BI) tools. Across all of these technologies I found a consistent theme: At the intersection of XML and SOA are significant scalability and performance problems.
FastSOA is a test methodology and set of architectural patterns to find and solve scalability and performance problems. The patterns teach Java developers that there are native XML technologies, such as XQuery and native XML persistence engines, that should be considered in addition to Java-only solutions.
InfoQ: What's "Fast" about it? ;-)
FC: First off, let me describe the extent of the problem. Java developers building Web enabled software today have a lot of choices. We've all heard about Service Oriented Architecture (SOA), Web Services, REST, and AJAX techniques. While there are a LOT of different and competing definitions for these, most Java developers I speak to expect that they will be working with objects that message to other objects - locally or on some remote server - using encoded data, and often the encoded data is in XML format.
The nature of these interconnected services we're building means our software needs to handle messages that can be small to large and simple to complex. Consider the performance penalty of using a SOAP interface and streams XML parser (StAX) to handle a simple message schema where the message size grows. A modern and expensive multi-processor server that easily serves 40 to 80 Web pages per second serves as little as 1.5 to 2 XML requests per second.
Without some sort of remediation Java software often slows to a crawl when handling XML data because of a mismatch between the XML schema and the XML parser. For instance, we checked one SOAP stack that instantiated 14,385 Java objects to handle a request message of 7000 bytes that contains 200 XML elements.
Of course, titling my work SlowSOA didn't sound as good. FastSOA offers a way to solve many of the scalability and performance problems. FastSOA uses native XML technology to provide service acceleration, transformation, and federation services in the mid-tier. For instance, an XQuery engine provides a SOAP interface for a service to handle decoding the request, transform the request data into something more useful, and routes the request to a Java object or another service.
InfoQ: One alternative to XML databinding in Java is the use of XML technologies, such as XPath or XQuery. Why muddy the water with XQuery? Why not just use Java technology?
FC:We're all after the same basic goals:
In SOA, Web Service, and XML domains I find the usual Java choices don't get me to all three goals.
Chris Richardson explains the Domain Model Pattern in his book POJOs in Action. The Domain Model is a popular pattern to build Web applications and is being used by many developers to build SOA composite applications and data services.
The Domain Model divides into three portions: A presentation tier, an application tier, and a data tier. The presentation tier uses a Web browser with AJAX and RSS capabilities to create a rich user interface. The browser makes a combination of HTML and XML requests to the application tier. Also at the presentation tier is a SOAP-based Web Service interface to allow a customer system to access functions directly, such as a parts ordering function for a manufacturer's service.
At the application tier, an Enterprise Java Bean (EJB) or plain-old Java object (Pojo) implements the business logic to respond to the request. The EJB uses a model, view, controller (MVC) framework - for instance, Spring MVC, Struts or Tapestry - to respond to the request by generating a response Web page. The MVC framework uses an object/relational (O/R) mapping framework - for instance Hibernate or Spring - to store and retrieve data in a relational database.
I see problem areas that cause scalability and performance problems when using the Domain Model in XML environments:
In no way am I advocating a move away from your existing Java tools and systems. There is a lot we can do to resolve these problems without throwing anything out. For instance, we could introduce a mid-tier service cache using XQuery and a native XML database to mitigate and accelerate many of the XML domain specific requests.
The advantage to using the FastSOA architecture as a mid-tier service cache is in its ability to store any general type of data, and its strength in quickly matching services with sets of complex parameters to efficiently determine when a service request can be serviced from the cache. The FastSOA mid-tier service cache architectures accomplishes this by maintaining two databases:
FastSOA uses the XQuery data model to implement policies. The XQuery data model supports any general type of document and any general dynamic parameter used to fetch and construct the document. Used to implement policies the XQuery engine allows FastSOA to efficiently assess common criteria of the data in the service cache and the flexibility of XQuery allows for user-driven fuzzy pattern matches to efficiently represent the cache.
FastSOA uses native XML database technology for the service and policy databases for performance and scalability reasons. Relational database technology delivers satisfactory performance to persist policy and service data in a mid-tier cache provided the XML message schemas being stored are consistent and the message sizes are small.
InfoQ: What kinds of performance advantages does this deliver?
FC: I implemented a scalability test to contrast native XML technology and Java technology to implement a service that receives SOAP requests.
The test varies the size of the request message among three levels: 68 K, 202 K, 403 K bytes. The test measures the roundtrip time to respond to the request at the consumer. The test results are from a server with dual CPU Intel Xeon 3.0 Ghz processors running on a gigabit switched Ethernet network. I implemented the code in two ways:
The results show a 2 to 2.5 times performance improvement when using the FastSOA technique to expose service interfaces. The FastSOA method is faster because it avoids many of the mappings and transformations that are performed in the Java binding approach to work with XML data. The greater the complexity and size of the XML data the greater will be the performance improvement.
InfoQ: Won't these problems get easier with newer Java tools?
FC: I remember hearing Tim Bray, co-inventor of XML, extolling a large group of software developers in 2005 to go out and write whatever XML formats they needed for their applications. Look at all of the different REST and AJAX related schemas that exist today. They are all different and many of them are moving targets over time. Consequently, when working with Java and XML the average application or service needs to contend with three facts of life:
What's needed is an easy way to consume any size and complexity of XML data and to easily maintain it over time as the XML changes. This kind of changing landscape is what XQuery was created to address.
InfoQ: Is FastSOA only about improving service interface performance?
FC: FastSOA addresses these problems:
FastSOA is an architecture that provides a mid-tier service binding, XQuery processor, and native XML database. The binding is a native and streams-based XML data processor. The XQuery processor is the real mid-tier that parses incoming documents, determines the transaction, communicates with the ?local? service to obtain the stored data, serializes the data to XML and stores the data into a cache while recording a time-to-live duration. While this is an XML oriented design XQuery and native XML databases handle non-XML data, including images, binary files, and attachments. An equally important benefit to the XQuery processor is the ability to define policies that operate on the data at runtime in the mid-tier.
FastSOA provides mid-tier transformation between a consumer that requires one schema and a service that only provides responses using a different and incompatible schema. The XQuery in the FastSOA tier transforms the requests and responses between incompatible schema types.
Lastly, when a service commonly needs to aggregate the responses from multiple services into one response, FastSOA provides service federation. For instance, many content publishers such as the New York Times provide new articles using the Rich Site Syndication (RSS) protocol. FastSOA may federate news analysis articles published on a Web site with late breaking news stories from several RSS feeds. This can be done in your application but is better done in FastSOA because the content (news stores and RSS feeds) usually include time-to-live values that are ideal for FastSOA's mid-tier caching.
InfoQ: Can you elaborate on the problems you see in combining XML with objects and relational databases?
FC: While I recommend using a native XML database for XML persistence it is possible to be successful using a relational database. Careful attention to the quality and nature of your application's XML is needed. For instance, XML is already widely used to express documents, document formats, interoperability standards, and service orchestrations. There are even arguments put forward in the software development community to represent service governance in XML form and operated upon with XQuery methods. In a world full of XML, we software developers have to ask if it makes sense to use relational persistence engines for XML data. Consider these common questions:
Your answers to these questions forms a criteria by which it will make sense to use a relational database, or perhaps not. The alternative to relational engines are native XML persistence engines such as eXist, Mark Logic, IBM DB2 V9, TigerLogic, and others.
InfoQ: What are the core ideas behind the PushToTest methodology, and what is its relation to SOA?
FC: It frequently surprises me how few enterprises, institutions, and organizations have a method to test services for scalability and performance. One fortune 50 company asked a summer intern they wound up hiring to run a few performance tests when he had time between other assignments to check and identify scalability problems in their SOA application. That was their entire approach to scalability and performance testing.
The business value of running scalability and performance tests comes once a business formalizes a test method that includes the following:
All of this requires much more than an ad-hoc approach to reach useful and actionable knowledge. So I built and published the PushToTest SOA test methodology to help software architects, developers, and testers. The method is described on the PushToTest.com Web site and I maintain an open-source test automation tool called PushToTest TestMaker to automate and operate SOA tests.
PushToTest provides Global Services to its customers to use our method and tools to deliver SOA scalability knowledge. Often we are successful convincing an enterprise or vendor that contracts with PushToTest for primary research to let us publish the research under an open source license. For example, the SOA Performance kit comes with the encoding style, XML parser, and use cases. The kit is available for free download at: http://www.pushtotest.com/Downloads/kits/soakit.html and older kits are at http://www.pushtotest.com/Downloads/kits.
InfoQ: Thanks a lot for your time.
Frank Cohen is the leading authority for testing and optimizing software developed with Service Oriented Architecture (SOA) and Web Service designs. Frank is CEO and Founder of PushToTest and inventor of TestMaker, the open-source SOA test automation tool, that helps software developers, QA technicians and IT managers understand and optimize the scalability, performance, and reliability of their systems. Frank is author of several books on optimizing information systems (Java Testing and Design from Prentice Hall in 2004 and FastSOA from Morgan Kaufmann in 2006.) For the past 25 years he led some of the software industry's most successful products, including Norton Utilities for the Macintosh, Stacker, and SoftWindows. He began by writing operating systems for microcomputers, helping establish video games as an industry, helping establish the Norton Utilities franchise, leading Apple's efforts into middleware and Internet technologies, and was principal architect for the Sun Community Server. He cofounded Inclusion.net (OTC: IINC), and TuneUp.com (now Symantec Web Services.) Contact Frank at email@example.com and http://www.pushtotest.com.
Software Market Report covers holistic coverage of several important factors of industry i.e. key market trends, growth forecast, and growth opportunities, market size and share. It also includes some top players analysis with demand scope and developments – VMware, Cisco Systems, Tata Consultancy Services, Microsoft, Adobe, SAP, Symantec, SBM.
Global “Software Market” Report incorporates major revenue streams of top players along with their growth patterns, exact developments and key market dynamics. This Software market report gives knowledge about top key players, competitive landscape (company profiles, business development, new investment plans). The report provides potential growth rate analysis with CAGR status, revenue estimations, size estimates and global share analysis. It also covers in-depth and qualitative insights into industry segments, regional and geographical analysis with variety of analytical resources such as SWOT and Porter’s Five Forces analysis. Furthermore, the value chain analysis of the Software industry has also been covered in the report.
Get a trial PDF of the report at –https://www.marketresearchguru.com/enquiry/request-sample/21068475
Computer software, or simply software, is a generic term that refers to a collection of data or computer instructions that tell the computer how to work, in contrast to the physical hardware from which the system is built, that actually performs the work. In computer science and software engineering, computer software is all information processed by computer systems, programs and data. Computer software includes computer programs, libraries and related non-executable data, such as online documentation or digital media. Computer hardware and software require each other and neither can be realistically used on its own.
Software Market has witnessed a growth from USD million from 2017 to 2022 with a highest CAGR is estimated to reach USD in 2029.
The Research Report focuses on competitive landscape of industry that includes company profiles, business overview, sales area, market performance and manufacturing cost structure. The report analyzes the global primary production, consumption, and fastest-growing countries with prominent players in the global industry. Key market observation is showed to make key findings on business growth. In the competitive assessment section, this Software market report sheds light on the list of manufacturers, market conditions, current trends, company profiles, and market innovations. It also includes various growth opportunities of top players.
Get a trial PDF of the Software Market Report
The report covers extensive analysis of the key market players in the market, along with their business overview, expansion plans, and strategies. The key players studied in the report include:
The report focuses on the Software market size, segment size (mainly covering product type, application, and geography), competitor landscape, exact status, and development trends. Furthermore, the report provides detailed cost analysis, supply chain. Technological innovation and advancement will further optimize the performance of the product, making it more widely used in downstream applications. Moreover, Consumer behavior analysis and market dynamics (drivers, restraints, opportunities) provides crucial information for knowing the Software market.
Based on types, the Software market from 2017 to 2029 is primarily split into:
Based on applications, the Software market from 2017 to 2029 covers:
Inquire or Share Your Questions If Any Before the Purchasing This Report –https://www.marketresearchguru.com/enquiry/pre-order-enquiry/21068475
What’s Included in the Report –
Geographically, the report includes the research on production, consumption, revenue, market share and growth rate, and forecast (2017 -2029) of the following regions:
To Understand How Covid-19 Impact Is Covered in This Report–https://marketresearchguru.com/enquiry/request-covid19/21068475
Following Chapter Covered in the Software Market Research:
Chapter 1 provides an overview of Software market, containing global revenue and CAGR. The forecast and analysis of Software market by type, application, and region are also presented in this chapter.
Chapter 2 is about the market landscape and major players. It provides competitive situation and market concentration status along with the basic information of these players.
Chapter 3 introduces the industrial chain of Software. Industrial chain analysis, raw material (suppliers, price, supply and demand, market concentration rate) and downstream buyers are analyzed in this chapter.
Chapter 4 concentrates on manufacturing analysis, including cost structure analysis and process analysis, making up a comprehensive analysis of manufacturing cost.
Chapter 5 provides clear insights into market dynamics, the influence of COVID-19 in Software industry, consumer behavior analysis.
Chapter 6 provides a full-scale analysis of major players in Software industry. The basic information, as well as the profiles, applications and specifications of products market performance along with Business Overview are offered.
Chapter 7 pays attention to the sales, revenue, price and gross margin of Software in markets of different regions. The analysis on sales, revenue, price and gross margin of the global market is covered in this part.
Chapter 8 gives a worldwide view of Software market. It includes sales, revenue, price, market share and the growth rate by type.
Chapter 9 focuses on the application of Software, by analyzing the consumption and its growth rate of each application.
Chapter 10 prospects the whole Software market, including the global sales and revenue forecast, regional forecast. It also foresees the Software market by type and application.
Years considered for this report:
Some of the key questions answered in this report:
Purchase this Report (Price 3450 USD for a Single-User License) –https://marketresearchguru.com/purchase/21068475
Detailed TOC of Software Market Forecast Report 2022-2029:
1 Software Market Overview
1.1 Product Overview and Scope of Software
1.2 Segment by Type
1.3 Global Segment by Application
1.4 Global Market, Region Wise (2017-2022)
1.5 Global Market Size of Software (2017-2029)
2 Global Software Market Landscape by Player
2.1 Global Software Sales and Share by Player (2017-2022)
2.2 Global Revenue and Market Share by Player (2017-2022)
2.3 Global Average Price by Player (2017-2022)
2.4 Global Gross Margin by Player (2017-2022)
2.5 Manufacturing Base Distribution, Sales Area and Product Type by Player
2.6 Market Competitive Situation and Trends
3 Software Upstream and Downstream Analysis
3.1 Industrial Chain Analysis
3.2 Key Raw Materials Suppliers and Price Analysis
3.3 Key Raw Materials Supply and Demand Analysis
3.4 Manufacturing Process Analysis
3.5 Market Concentration Rate of Raw Materials
3.6 Downstream Buyers
3.7 Value Chain Status Under COVID-19
4 Software Manufacturing Cost Analysis
4.1 Manufacturing Cost Structure Analysis
4.2 Software Key Raw Materials Cost Analysis
4.3 Labor Cost Analysis
4.4 Energy Costs Analysis
4.5 RandD Costs Analysis
5 Market Dynamics
5.2 Restraints and Challenges
5.3.1 Advances in Innovation and Technology for Software
5.3.2 Increased Demand in Emerging Markets
5.4 Software Industry Development Trends under COVID-19 Outbreak
5.4.1 Global COVID-19 Status Overview
5.4.2 Influence of COVID-19 Outbreak on Software Industry Development
5.5 Consumer Behavior Analysis
6 Players Profiles
6.1 Company A
6.1.1 Basic Information, Manufacturing Base, Sales Area and Competitors
6.1.2 Software Product Profiles, Application and Specification
6.1.3 Software Market Performance (2017-2022)
6.1.4 Business Overview
6.2 Company B
6.2.1 Basic Information, Manufacturing Base, Sales Area and Competitors
6.2.2 Software Product Profiles, Application and Specification
6.2.3 Software Market Performance (2017-2022)
6.2.4 Business Overview
7 Global Software Sales and Revenue Region Wise (2017-2022)
7.1 Global Sales and Market Share, Region Wise (2017-2022)
7.2 Global Revenue (Revenue) and Market Share, Region Wise (2017-2022)
7.3 Global Sales, Revenue, Price and Gross Margin (2017-2022)
8 Global Software Sales, Revenue (Revenue), Price Trend by Type
8.1 Global Sales and Market Share by Type (2017-2022)
8.2 Global Revenue and Market Share by Type (2017-2022)
8.3 Global Price by Type (2017-2022)
8.4 Global Sales Growth Rate by Type (2017-2022)
9 Global Software Market Analysis by Application
9.1 Global Consumption and Market Share by Application (2017-2022)
9.2 Global Consumption Growth Rate by Application (2017-2022)
10 Global Software Market Forecast (2022-2029)
10.1 Global Sales, Revenue Forecast (2022-2029)
10.2 Global Sales and Revenue Forecast, Region Wise (2022-2029)
10.3 Global Sales, Revenue and Price Forecast by Type (2022-2029)
10.4 Global Consumption Forecast by Application (2022-2029)
10.5 Software Market Forecast Under COVID-19
11 Research Findings and Conclusion
12.2 Research Data Source
For Detailed TOC –https://marketresearchguru.com/TOC/21068475#TOC
Market Research Guru
Phone: US +14242530807
UK +44 20 3239 8187
Email: [email protected]
Press Release Distributed by The Express Wire
To view the original version on The Express Wire visit Software Market Research Report 2022 Global Industry Size, Share, Growth, Developments, Business Strategies and Top Players Forecast to 2029