Today's malware is, arguably, the number one threat on networks of all shapes, sizes and persuasions. It used to be that we talked about malware and blended threats as if they were things separate from each other. These days there are hardly any distinctions between the two. The malware has become the blended threat.
The exact number of new viruses per month is a very uncertain thing. A cursory scan of web articles shows numbers ranging from 40 to 1,000. Estimates of existing viruses ranges upward to 60,000. Part of this problem is the definition of a virus that makes it into the research. For example, are we really talking about viruses (code snippets that attack other files for the purpose of replicating and delivering payloads), worms (stand-alone programs with many of the characteristics of viruses), Trojan horses (malicious code dressed up to look like legitimate code) or any of several other types of malware that are not (though they might contain) viruses?
The WildList (www.wildlist.org/) is the definitive source for viruses appearing in the wild. To be on the primary wild list, a virus must be reported by at least two observers in the month. There is a supplementary list of viruses that have been reported only once during the month. They may be new to the list or they may be falling off. In February 2000, both lists had a combined number of viruses reported in the wild totalling 474. In February 2007, the most recently published statistics, that number was 1,972. While that is nowhere near a rate of 1,000 new viruses per month, it highlights three important points. First, these are viruses only (on the WildList), not Trojans, spyware or any other malware. Second, this is a significant rate of increase over time of virus activity. And third, perhaps most importantly, just the virus part of malware poses a significant threat.
However, the prevalence of new viruses in the wild is beginning to shrink while the new players increase their presence. This means that today there are arguably more spyware writers than there are virus writers. The same is true for other emerging types of malware. Taken as a whole, malware is the biggest security issue for organisations.
There are too many anti-malware products on the market to review them in detail, so we have focused on solutions that could manage large numbers of users in an enterprise. That means deployment, updating and activity reporting as well as such things as isolating the source from the destination.
HOW WE TEST AND SCORE THE PRODUCTS
Our testing team includes SC Magazine Labs staff, as well as external experts. In our group tests, we look at several products around a common theme.
Generally, we do not compare products to each other. We test and review them within the group based on a predetermined set of standards, which have been compiled from several sources.
The general test process is a set of criteria built around the six review areas (performance, ease of use, features, documentation, support and value for money) and comprises roughly 50 individual criteria in the overall process.
We develop the second set of standards specifically for the group under test and use the Common Criteria (ISO 1548) as a basis for the test plan. Given that we need to give a good picture in 350 words, reviews focus on operational characteristics.
Once the testing is completed, we rate each product according to the results, assign star ratings and, if appropriate "Best Buy" and "Recommended" awards.
Our final conclusions and ratings are subject to the judgement and interpretation of the tester and are validated by the reviewer.
All reviews and tests are reviewed for consistency, correctness and completeness by the technology editor prior to being submitted for publication. Even so, errors, though rare, are possible. If you believe that an error of fact has affected a review of your product, please contact the technology editor directly.
WHAT THE AWARDS MEAN
Best Buy goes to products the SC Lab rates as outstanding. Recommended means the product has shone in a specific area. Lab Approved is awarded to those tools that are extraordinary stand-outs that fit into the SC Lab environment.
WHAT THE STARS MEAN
Our star ratings indicate how well the product has performed against
each of our test criteria.
These are marked as follows:
* Seriously deficient
** Fails to complete certain basic functions
*** Carries out all basic functions to a satisfactory level
**** Carries out all basic functions very well