Socially-engineered malware tries to trick users into downloading and executing malicious code through tactics that include everything from fake antivirus to fake utilities to fake upgrades to the operating system and trojanized applications. NSS Labs tested several endpoint security products to see how well each would block these attacks.
In 36 days of continuous testing, NSS Labs tested five enterprise products: Fortinet's FortiClient Endpoint Protection; McAfee VirusScan Enterprise and Antispyware Enterprise; Symantec Endpoint Protection; Trend Micro OfficeScan; and Endpoint Security by Bitdefender.
Most did the job well in protecting against socially-engineered malware, which can often shift from one malicious URL to another as part of its evasion maneuvers when an existing URL is discovered and blocked. But there were distinct differences in how fast the endpoint security products were in adding protection, with McAfee's endpoint product seen as especially speedy, according to the NSS Labs report on the test.
The testing environment was based on Windows 7 Enterprise Service Pack 1 32-bit with Windows Defender disabled and Internet Explorer 10.0.9200.16660 with Smart Screen Filter Disabled. NSS Labs notes that some browsers, in particular Microsoft's IE, can block some socially-engineered malware, so there is sometimes overlap in capability between browser and the installed anti-malware agent software from security vendors.
The purpose of the test by NSS Labs was to find out how well five security vendors' endpoint software would provide block-on-demand and block-on-execute protection against a barrage of socially-engineered malware tricks.
In the combined scores for different metrics, McAfee VirusScan Enterprise achieved a combined block rate of 100%, with all of the socially-engineered malware (SEM) blocked on download. Others did well too.
"Symantec Endpoint Protection blocked 100% of the SEM, with 98.8% blocked on download and 1.2% blocked upon attempted execution," the report says. "Bitdefender Endpoint Security blocked 99.8% of the SEM, with 99.6% blocked on download and 0.2% blocked on attempted execution. FortiClient Endpoint Protection achieved a 99.8% block rate, with 99.4% blocked on download and 0.4% blocked on execution." Trend Micro blocked 98% on download and 1.61% on execution.
Since the same socially-engineered malware typically moves from URL to URL as existing malicious URLs are discovered and blocked, speed counts for a lot in providing protection against malware.
In a measurement of speed, NSS Labs found the McAfee VirusScan Enterprise product, which had a 31-second average time to add protection, was the fastest in terms of adding detection for new socially-engineered malware. Symantec clocked in at 15 minutes. Trend Micro averaged 31 minutes. NSS pointed out this makes these three products much faster than the other two products in the group comparative test. The Fortinet product clocked in at 1.32 hours of average time and the Bitdefender product took 2.20 hours.
The full report is available from subscription to NSS Labs tests.