Many antivirus suites are unable to effectively block malware attacks against two recent and serious vulnerabilities of Microsoft, despite the fact that exploits have been circulating since June, as shown in a test conducted by NSS Labs .
The company analyzed the capacity of 13 antivirus suites outdated systems to defend against attacks that exploit vulnerabilities in XML Core Services Vulnerability (CVE-2012-1889) and Internet Explorer 8.0 (CVE-2012-1875), both results were made public in June.
Despite the fact that the two software have been corrected in June and July and should be on the radar of antivirus companies, only four products – Trend Micro, Kaspersky Lab, McAfee and Avast – were able to offer complete protection against exploration test that NSS Labs created for use against vulnerabilities.
The rest of the software was able to offer a degree of protection depended on how the attacks were carried out and that vulnerability was being tested.
Some products have struggled when the attacks were delivered over HTTP, while many others were unable to deal with attacks when performed via HTTPS – as in cases such as when using services like Gmail. Ironically, these included only its Microsoft Security Essentials.
In general poor performance of some products, there seems to be two issues raised by the results presented by NSS Labs.
First, users should not assume that an antivirus offer solid protection for unpatched systems. If a vulnerability is in the public domain and no patch is available (or is available but was not applied), then the system is vulnerable to attack, regardless of what software is defending.
Secondly, malware writers will probably pay attention to strengths and weaknesses of the virus, the same way that testers do, especially with individual products. If a program has a particular kind of weakness, even in the short term, it will be noted.
“The combination of successes and failures are dramatic and need further investigation. But it is clear that many of the products are not blocking exploits,” the researchers conclude.
Antivirus companies, no doubt, point out that the attacks were created in the laboratory, the vulnerabilities were chosen fairly recent, and only two were observed. Make judgments based on stringent tests – such as what was done – could only point out a result.