PCSL Latest test report: Cloud security is hard to deal with 0DAY threats

Recently, China independent Security software Evaluation laboratory PCSL released the latest Security software evaluation report, "PCSL security software 0day virus Test-October 2011 report", the report for the first time using a 0DAY virus sample set and cumulative test two new test parameters, Most of the commercial security software that claims cloud protection is underperforming, highlighting cloud security vulnerabilities.

The report shows that in the first scan of the 0DAY virus sample set, all based on the signature engine security software, the virus identification rate of less than 40%, installed with unknown virus engine security software such as 360 antivirus, virus recognition rate of 47.92%, and based on anti-virus virtual machine engine, The hundred-sharp heuristic engine without the virus has the best performance and the virus recognition rate reaches 66.79%.

During the next 4 days of cumulative testing, 360, QQ computer housekeeper, Kaspersky in 3 days to achieve the highest detection rate, Kaspersky highest detection rate of 76.82%, 360 anti-virus highest detection rate of 97.14%, and in the 0DAY Virus sample set test performance of the best hundred security software, is always maintained at 66.79% of the detection rate.

The test introduced Oday virus samples and time to accumulate two new test parameters, PCSL that the Oday sample is the most threat to users of the sample, and time is to verify the true effectiveness of a security software. To ensure the fairness of the tests, 0DAY virus samples are PCSL through the Internet Virus Surveillance Network and Microsoft Virus Sample remote Sensing system to represent the current Internet threat situation.

The report shows that all security software based on signature technology has low initial recognition rate of 0DAY virus, and all security software claiming to have cloud protection technology, although the rate of identification of virus samples increased daily, but all peaked after three days, asked the reason, an industry insider told reporters, At present all security software cloud technology refers to the sample front-end collection and the background processing mechanism, the second stage processing is divided into automatic and manual two ways, for the virus can not automatically identify, it must be judged by the analyst, the number of analysts and the level of the direct decision on the virus samples of the response speed.

Although cloud security technology has greatly shortened the collection cycle of virus samples and the upgrade cycle, but in the processing cycle, is still a cloud security weakness, how to truly shorten the processing cycle of the virus, and improve the virus identification rate, is the future of security software technology competition.

Safety tips:

PC Security Laboratory PCSL is the only private independent third party organization specialized in anti-virus software testing in China, and is currently an independent member of the international anti-Malware testing standards organization AMTSO and the Asian Association of Anti-virus researchers Avar, is also the only one based on a large number of sample sets of testing professional evaluation agencies. The goal of PCSL is to provide credible and reference-worthy test reports by constantly innovating and improving the testing system to simulate the computer environment closest to the user's daily use.

(Responsible editor: Liu Fen)