Today’s malware is, arguably, the number one threat on networks of all shapes, sizes and persuasions. It used to be that we talked about malware and blended threats as if they were things separate from each other. These days there are hardly any distinctions between the two. The malware has become the blended threat.

The exact number of new viruses per month is a very uncertain thing. Acursory scan of web articles shows numbers ranging from 40 to 1,000.Estimates of existing viruses ranges upward to 60,000. Part of thisproblem is the definition of a virus that makes it into the research.For example, are we really talking about viruses (code snippets thatattack other files for the purpose of replicating and deliveringpayloads), worms (stand-alone programs with many of the characteristicsof viruses), Trojan horses (malicious code dressed up to look likelegitimate code) or any of several other types of malware that are not(though they might contain) viruses?

The WildList (www.wildlist.org/) is the definitive source for virusesappearing in the wild. To be on the primary wild list, a virus must bereported by at least two observers in the month. There is asupplementary list of viruses that have been reported only once duringthe month. They may be new to the list or they may be falling off. InFebruary 2000, both lists had a combined number of viruses reported inthe wild totalling 474. In February 2007, the most recently publishedstatistics, that number was 1,972. While that is nowhere near a rate of1,000 new viruses per month, it highlights three important points.First, these are viruses only (on the WildList), not Trojans, spyware orany other malware. Second, this is a significant rate of increase overtime of virus activity. And third, perhaps most importantly, just thevirus part of malware poses a significant threat.

However, the prevalence of new viruses in the wild is beginning toshrink while the new players increase their presence. This means thattoday there are arguably more spyware writers than there are viruswriters. The same is true for other emerging types of malware. Taken asa whole, malware is the biggest security issue for organisations.

There are too many anti-malware products on the market to review them indetail, so we have focused on solutions that could manage large numbersof users in an enterprise. That means deployment, updating and activityreporting as well as such things as isolating the source from thedestination.

HOW WE TEST AND SCORE THE PRODUCTS

Our testing team includes SC Magazine Labs staff, as well as externalexperts. In our group tests, we look at several products around a commontheme.

Generally, we do not compare products to each other. We test and reviewthem within the group based on a predetermined set of standards, whichhave been compiled from several sources.

The general test process is a set of criteria built around the sixreview areas (performance, ease of use, features, documentation, supportand value for money) and comprises roughly 50 individual criteria in theoverall process.

We develop the second set of standards specifically for the group undertest and use the Common Criteria (ISO 1548) as a basis for the testplan. Given that we need to give a good picture in 350 words, reviewsfocus on operational characteristics.

Once the testing is completed, we rate each product according to theresults, assign star ratings and, if appropriate “Best Buy” and”Recommended” awards.

Our final conclusions and ratings are subject to the judgement andinterpretation of the tester and are validated by the reviewer.

All reviews and tests are reviewed for consistency, correctness andcompleteness by the technology editor prior to being submitted forpublication. Even so, errors, though rare, are possible. If you believethat an error of fact has affected a review of your product, pleasecontact the technology editor directly.

WHAT THE AWARDS MEAN

Best Buy goes to products the SC Lab rates as outstanding. Recommendedmeans the product has shone in a specific area. Lab Approved is awardedto those tools that are extraordinary stand-outs that fit into the SCLab environment.

WHAT THE STARS MEAN
Our star ratings indicate how well the product has performed against
each of our test criteria.
These are marked as follows:
* Seriously deficient
** Fails to complete certain basic functions
*** Carries out all basic functions to a satisfactory level
**** Carries out all basic functions very well
***** Outstanding.