How effective is security software at blocking exploits?
Much of the malware in circulation now focuses on using exploits in popular applications such as browsers and office packages in order to remotely execute code. Security suites and specialized anti-exploit tools are aimed at blocking these but how well do they work?
A new study by testing lab PCSL commissioned by Malwarebytes has set out to find the answer. It looks at the exploit mitigation capabilities of 12 different products: Avast Internet Security, AVG Internet Security, Bitdefender Internet Security, Enhanced Mitigation Experience Toolkit from Microsoft, ESET Smart Security, HitmanPro.Alert3, Kaspersky Internet Security, Malwarebytes Anti-Exploit Premium, McAfee Internet Security, Norton Internet Security, Panda Internet Security and Trend Micro Titanium Maximum Security.
Each product was tested against 58 different exploit samples in a range of payload configurations. Only two products managed to block more than 80 percent, Norton on 81.03 and Malwarebytes on 93.10 -- we should point out here that although Malwarebytes commissioned the research it didn't select the samples used.
In the mid range, ranked as "inadequate" by PCSL, Microsoft EMET scored 74.14 percent, Kaspersky 72.41 equal with Avast, and ESET scored 70.69.
The remainder of the products scored under 60 percent and were therefore classed as "failed". Lowest score came from AVG which blocked only 24.14 percent of the samples. McAfee and Panda both managed 29.31 percent, Bitdefender 31.03, Trend Micro 48.28 and HitmanPro 58.62.
Protecting against exploits is of course partly about keeping all of your software up to date as well as using security tools but even so these results are revealing. If you want to read more detail of the tests the full report is available to download as a PDF.