test internet security

Reviews

Tags

internet security test, norton internet security test, internet security, Internet Security Test, test Internet security, Security Test, internet security software, network security, penetration testing, viren scanner

Stats

views:: 41
rating:: not rated
reviews:: 0
posted:: 2/1/2009
language:: English
pages:: 0

Public Domain

Internet Security Suite test October 2008 Secunia – Exploits vs Internet Security Suites - October 2008 Page 1/9 Introduction Secunia has tested the ability of various high-profile Internet Security Suites to detect exploitation of vulnerabilities. For a long time, we have been quite convinced that anti-virus products would exhibit poor performance in this discipline, given the name “anti-virus” which suggests a limited focus (though customers may still expect to be protected). This is why we decided to test some more “high-end” product bundles that are being marketed as comprehensive Internet Security Suites, thus leaving the impression that the user is “fully protected against all Internet threats”. Secunia decided to test the following twelve Internet Security Suites: • • • • • • • • • • • • McAfee Internet Security Suite 2009 Norton Internet Security 2009 Windows Live OneCare ZoneAlarm Security Suite 8 AVG Internet Security 8.0 CA Internet Security Suite 2008 F-secure Internet Security 2009 TrendMicro Internet Security 2008 BitDefender Internet Security Suite 2009 Panda Internet Security 2009 Kaspersky Internet Security 2009 Norman Security Suite 7.10 Exploits As part of our Binary Analysis Service, we have developed hundreds of exploits for vulnerabilities in high-end or commonly used products. These exploits have all been developed in-house by Secunia based on the indepth analysis of vulnerabilities and have been supplied to various security vendors over the last two years in order for them to test the performance of their own products. The test cases are a mix of three different kinds of exploits: ● Proof of Concept (PoC) – The purpose of a PoC is to just trigger the vulnerability. It does not carry a payload. If a security product can reliably detect a PoC, then it can detect all attempts to exploit the vulnerability independent of the payload. ● GameOver PoC – The purpose of a GameOver PoC is to prove that code execution is possible by gaining control of the program flow, without actually launching any code. ● Exploit – Exploits carry a payload and will execute it if used against a vulnerable application. In real life, an attacker would always use an exploit. However, if a security product can not detect a PoC it also can not detect an exploit reliably. Secunia – Exploits vs Internet Security Suites - October 2008 Page 2/9 History Historically, malware has been delivered as a file that could be executed on a system. This is what the antivirus vendors need to analyse and make a signature of. Browsers and e-mail clients usually warn the user when he/she tries to download or open such executable files e.g. most users have already learned not to open .exe, .scr, and other common, potentially dangerous file types. However, when talking about vulnerabilities and exploits, it is no longer clear that the file is of a “dangerous” type. In fact, the file may be an innocent-looking .doc or .jpg file. When a specially crafted file is opened by a vulnerable program, it is possible to trigger the vulnerability and inject code into the program opening the file. From this point forward, an attacker literally has the same level of control of the computer as the user behind the keyboard. Vulnerabilities may also be exploited in many other ways depending on the vulnerable program. The test All tests were carried out on Windows XP SP2 missing certain patches and with a number of vulnerable programs. ZoneAlarm was tested on an SP3 machine due to compatibility issues. The test cases were separated into two groups: 1. The first group consisted of 144 malicious files (e.g. .gif, .bmp, .mov, and office documents). 2. The other group consisted of 156 malicious web pages triggering e.g. ActiveX and browser vulnerabilities. The testing process consisted of the following steps: 1. The malicious files were first tested by unpacking a ZIP archive containing the files in order to test the efficiency of real-time access scanning. 2. Then the folder was scanned manually to ensure that all files were scanned, regardless of any policy limitations on the real-time scanning. 3. Malicious web pages were tested using Internet Explorer to visit the individual pages one by one. This was done using regular http connections to ensure that none of the products would be foiled by encrypted https traffic (even though a good product should not be affected by this). Out of the 300 test cases, 126 are considered particularly important. These 126 test cases affect very popular products and have either been discovered as zero-day threats, public exploits exist, or Secunia has developed working exploits. Note: Secunia does not usually develop working exploits as the Secunia Binary Analysis service is defensive in nature; thus working exploits are not necessary for developing and testing signatures. Generally speaking, Secunia focuses on developing PoCs for the analysed vulnerabilities, since these are better suited for signature development. Secunia – Exploits vs Internet Security Suites - October 2008 Page 3/9 The results* *Important threats emphasized in purple colour BitDefender TrendMicro ZoneAlarm Kaspersky Found! F-Secure OneCare SAID SA14896 SA20748#1 SA21061 SA21061 SA21061 SA22127#1 SA23540 SA23676#2 SA23676#2 SA23676#2 SA23676#3 SA23676#4 SA23676#5 SA24152 SA24359#1 SA24359#3 SA24359#4 SA24359#8 SA24359#9 SA24659 SA24664 SA24725 SA24784 SA24784 SA24884 SA24973 SA25023 SA25034 SA25044 SA25052 SA25089 SA25150#1 SA25150#1 SA25150#3 SA25178 SA25278 SA25426 SA25619#1 SA25619#2 SA25619#2 SA25826 SA25952 SA25952 SA25952 SA25988 SA25995#1 SA25995#2 SA25995#2 SA25995#3 SA26034#4 SA26145 SA26145 SA26433 SA26619 SA26619 SA27000 SA27151 SA27151 SA27270 SA27304#1 SA27304#1 SA27304#1 SA27304#2 SA27304#2 SA27361#4 CVE CVE-2005-0944 CVE-2006-3086 CVE-2006-3655 CVE-2006-3656 CVE-2006-3660 CVE-2006-4694 CVE-2007-0015 CVE-2007-0028 CVE-2007-0028 CVE-2007-0028 CVE-2007-0029 CVE-2007-0030 CVE-2007-0031 CVE-2006-1311 CVE-2007-0711 CVE-2007-0713 CVE-2007-0714 CVE-2007-0718 CVE-2007-0038 CVE-2007-1735 CVE-2007-1867 CVE-2007-1942 CVE-2007-1942 CVE-2007-2062 CVE-2007-2194 CVE-2007-2244 CVE-2007-2366 CVE-2007-2365 CVE-2007-2363 CVE-2007-2498 CVE-2007-0215 CVE-2007-0215 CVE-2007-1214 CVE-2007-1747 CVE-2007-2809 CVE-2007-2966 CVE-2007-0934 CVE-2007-0936 CVE-2007-0936 CVE-2007-3375 CVE-2007-6007 CVE-2007-6007 CVE-2007-6007 CVE-2007-1754 CVE-2007-1756 CVE-2007-3029 CVE-2007-3029 CVE-2007-3030 CVE-2007-2394 CVE-2007-3890 CVE-2007-3890 CVE-2007-3037 CVE-2007-4343 CVE-2007-4343 CVE-2007-5279 CVE-2007-3899 CVE-2007-3899 CVE-2007-5709 CVE-2007-5909 CVE-2007-5909 CVE-2007-5909 CVE-2007-6008 CVE-2007-6008 CVE-2007-2263 Filename PoC.mdb PoC.xls POC1.ppt POC2.ppt POC3.ppt PoC.ppt PoC.qtl Exploit1.xls exploit2.xls PoC.xls PoC.xls PoC.xls PoC.xls PoC.rtf PoC.3gp PoC.mov PoC.mov PoC.qtif GameOver.ani PoC.wpd GameOver.ani Exploit.bmp PoC.bmp GameOver.cue GameOver.xpm PoC.bmp GameOver.png GameOver.png GameOver.iff PoC.mp4 PoC1.xls PoC2.xls PoC.xls PoC.xls GameOver.torrent PoC.lzh PoC.vsd GameOver.vsd PoC.vsd PoC.lzh PoC1.psp PoC2.psp PoC3.psp PoC.pub PoC.xls PoC1.xls PoC2.xls PoC.xlw PoC.mov PoC1.xlw PoC2.xlw PoC.wmz Exploit.pal GameOver.pal PoC.bh GameOver.doc PoC.doc GameOver.m3u GameOver1.rtf GameOver2.rtf PoC1.rtf PoC1.eml PoC2.eml PoC.swf Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! CVE-NOMATCH PoC.jp2 Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Secunia – Exploits vs Internet Security Suites - October 2008 Page 4/9 Norman McAfee Norton Panda AVG CA BitDefender TrendMicro ZoneAlarm Kaspersky F-Secure OneCare SAID SA27849 SA27849 SA27849 SA28034 SA28034 SA28034 SA28034 SA28083#2 SA28092#1 SA28209#10 SA28209#10 SA28209#10 SA28209#10 SA28209#10 SA28209#10 SA28209#10 SA28209#10 SA28209#11 SA28209#12 SA28209#13 SA28326 SA28326 SA28506#1 SA28506#1 SA28506#2 SA28506#2 SA28506#2 SA28506#4 SA28506#7 SA28506#7 SA28506#7 SA28563 SA28563 SA28765 SA28765 SA28802#1 SA28802#1 SA28904#2 SA28904#2 SA28904#3 SA29293#1 SA29321#2a SA29321#2b SA29321#2b SA29620 SA29650#5 SA29704#1 SA29704#2 SA29838 SA29838 SA29934 SA29934 SA29934 SA29934 SA29941 SA29941 SA29972 SA30143#1 SA30953 SA30975 SA30975 SA31336#2 SA31336#4 SA31336#5 SA31336#5 SA31336#5 SA31385 CVE CVE-2007-6593 CVE-2007-6593 CVE-2007-6593 CVE-2007-0064 CVE-2007-0064 CVE-2007-0064 CVE-2007-0064 CVE-2007-0071 CVE-2007-4706 CVE-2007-5399 CVE-2007-5399 CVE-2007-5399 CVE-2007-5399 CVE-2007-5399 CVE-2007-5399 CVE-2007-5399 CVE-2007-5399 CVE-2007-5399 CVE-2007-5399 CVE-2007-5399 CVE-2008-0064 CVE-2008-0064 CVE-2008-0081 CVE-2008-0081 CVE-2008-0111 CVE-2008-0111 CVE-2008-0111 CVE-2008-0114 CVE-2008-0117 CVE-2008-0117 CVE-2008-0117 CVE-2008-0392 CVE-2008-0392 CVE-2008-0619 CVE-2008-0619 CVE-2007-5659 CVE-2007-5659 CVE-2008-0105 CVE-2008-0105 CVE-2007-0108 CVE-2008-1581 CVE-2008-0118 CVE-2008-0118 CVE-2008-0118 CVE-2008-0069 CVE-2008-1017 CVE-2008-1083 CVE-2008-1087 CVE-2008-1765 CVE-2008-1765 CVE-2008-1942 CVE-2008-1942 CVE-2008-1942 CVE-2008-1942 CVE-2008-1104 CVE-2008-1104 CVE-2008-2021 CVE-2008-1091 CVE-2008-1435 CVE-2008-2244 CVE-2008-2244 CVE-2008-3018 CVE-2008-3020 CVE-2008-3460 CVE-2008-3460 CVE-2008-3460 CVE-2008-2245 Filename GameOver1.123 GameOver2.123 GameOver3.123 PoC1.asf PoC2.asf PoC3.asf PoC4.asf PoC.swf PoC.mov PoC_bcc.eml PoC_cc.eml PoC_date.eml PoC_from.eml PoC_imp.eml PoC_prio.eml PoC_to.eml PoC_xmsmail.eml PoC.eml PoC.eml PoC.eml GameOver1.hdr GameOver2.hdr Exploit.xls PoC.xls PoC1.xls PoC2.xls PoC3.xls PoC.xls Exploit.xls GameOver.xls PoC.xls Exploit_CommandName.dsr GameOver_CommandName.dsr PoC.m3u PoC.pls GameOver.pdf PoC.pdf PoC1.wps PoC2.wps GameOver.wps PoC.pct PoC.ppt GameOver.ppt PoC.ppt GameOver.sld crgn_PoC.mov PoC.emf PoC.emf Exploit.bmp GameOver.bmp PoC_ExtGState.pdf PoC_Height.pdf PoC_MediaBox.pdf PoC_Width.pdf Exploit.pdf PoC.pdf PoC.ZOO PoC.rtf PoC.search-ms PoC1.doc PoC2.doc PoC.pict PoC.bmp PoC1.wpg PoC2.wpg PoC3.wpg PoC.emf Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Secunia – Exploits vs Internet Security Suites - October 2008 Page 5/9 Norman McAfee Norton Panda AVG CA BitDefender TrendMicro ZoneAlarm Kaspersky F-Secure OneCare SAID SA31441 SA31454#X SA31454#2 SA31454#2 SA31675#3 SA31675#4 SA31675#X SA31675#X SA31675#5 SA31821#6 SA31821#6 SA20807 SA22251 SA22251 SA22251 SA22251 SA22603 SA22896 SA23032 SA23032 SA23043 SA23043 SA23469 SA23475 SA23475 SA23583 SA23583 SA23677#1 SA23677#2 SA24170 SA24170 SA24422 SA24422 SA24422 SA24422 SA24466 SA24466 SA24692 SA24692 SA24710 SA24710 SA24714 SA24714 SA25173 SA25173 SA25215 SA25215 SA25514_1 SA25514_1 SA25514_2 SA25514_3 SA25514_3 SA25514_3 SA25514_3 SA25514_3 SA25514_3 SA25514_4 SA25514_4 SA25514_4 SA25514_4 SA25514_4 SA25514_4 SA25514_4 SA25514_4 SA25514_4 SA25514_4 CVE CVE-2008-4434 CVE-2008-3005 CVE-2008-3005 CVE-2008-3013 CVE-2008-3014 Filename PoC.torrent Exploit.xls PoC.xls PoC.gif PoC.wmf CVE-NOMATCH PoC.xls CVE-NOMATCH PoC.emf CVE-NOMATCH PoC.wmf CVE-2008-3015 CVE-2008-3626 CVE-2008-3626 CVE-2006-5579 CVE-2007-1559 CVE-2007-1559 CVE-2007-1559 CVE-2007-1559 CVE-2006-4704 CVE-2007-1205 CVE-2007-0348 CVE-2007-0348 CVE-2006-6442 CVE-2006-6442 CVE-2007-3893 CVE-2007-0018 CVE-2007-0018 CVE-2006-6488 CVE-2006-6488 CVE-2007-0024 CVE-2007-0979 CVE-2007-0979 CVE-2007-1637 CVE-2007-1637 CVE-2007-1637 CVE-2007-1637 CVE-2007-1498 CVE-2007-1498 CVE-2007-1819 CVE-2007-1819 CVE-2007-2323 CVE-2007-2323 CVE-2006-5820 CVE-2006-5820 CVE-2007-2584 CVE-2007-2584 CVE-2007-2955 CVE-2007-2955 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 PoC.ppt PoC1.mp4 PoC2.mp4 PoC.html Exploit1.html PoC1.html Exploit2.html PoC2.html Exploit.htm PoC.html Exploit.html GameOver.html Exploit.html PoC.html PoC.html Exploit.html PoC.html Exploit2.html PoC2.html PoC.html Exploit.html PoC.html Connect_GameOver.html Connect_PoC.html WebConnect_GameOver.html WebConnect_PoC.html PoC1.html PoC2.html Exploit.html PoC.html gameover.html PoC.html Exploit.html PoC.html Exploit.html GameOver.html Exploit.html GameOver.html Exploit.html GameOver.html GameOver.html Exploit2.html PoC2.html Exploit1.html GameOver1.html SetAdvisePresent_PoC.html SetPicShareAdvise_PoC.html Exploit.html GameOver.html RecvVideo_Exploit.html RecvVideo_GameOver.html RemoveImage_Exploit.html RemoveImage_GameOver.html SendCommand_Exploit.html SendCommand_GameOver.html SendTo_Exploit.html SendVideo_Exploit.html Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! CVE-NOMATCH PoC.html Secunia – Exploits vs Internet Security Suites - October 2008 Page 6/9 Norman McAfee Norton Panda AVG CA BitDefender TrendMicro ZoneAlarm Kaspersky F-Secure OneCare SAID SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25514_5 SA25547#1 SA25547#1 SA25547#2 SA25547#2 SA25627#5 SA25627#5 SA25627#5 SA25627#5 SA25627#5 SA25627#5 SA25718#1 SA25718#2 SA26011 SA26426 SA26447 SA26579 SA26579 SA26579 SA26644 SA26970 SA26970 SA26970 SA26970 SA27248 SA27795 SA27795 SA27885#1 SA27885#1 SA27885#1 SA27934 SA27994 SA28036#1 SA28036#4 SA28134 SA28134 SA28145 SA28184#1 SA28184#1 SA28184#1 SA28184#1 SA28399 SA28399 SA28660 SA28660 SA28715 SA28757#2 SA28757#2 SA28903#2 CVE CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-2918 CVE-2007-3147 CVE-2007-3147 CVE-2007-3148 CVE-2007-3148 CVE-2007-2222 CVE-2007-2222 CVE-2007-2222 CVE-2007-2222 CVE-2007-2222 CVE-2007-2222 CVE-2007-3829 CVE-2007-3829 CVE-2007-4034 CVE-2007-4336 CVE-2007-2223 CVE-2007-4515 CVE-2007-4515 CVE-2007-4515 CVE-2007-4467 CVE-2007-5217 CVE-2007-5217 CVE-2007-5217 CVE-2007-5217 CVE-2007-5601 CVE-2007-6144 CVE-2007-6144 CVE-2007-6016 CVE-2007-6016 CVE-2007-6016 CVE-2007-5989 CVE-2008-0935 CVE-2007-3902 CVE-2007-5347 CVE-2007-6493 CVE-2007-6493 CVE-2007-6530 CVE-2007-4474 CVE-2007-4474 CVE-2007-4474 CVE-2007-4474 CVE-2007-6250 CVE-2007-6250 Filename VAddContact_GameOver.html VApplySettings_GameOver.html VDeleteContact_GameOver.html VDropPictures_GameOver.html VGetContactUserName_GameOver.html VGetPiconURL_GameOver.html VImportContacts_GameOver.html VImportPictures_GameOver.html VInitCall_GameOver.html VIsContactMember_GameOver.html VIsContactOnline_GameOver.html VSelectAudioInputSource_GameOver.html VSelectAudioOutputSource_GameOver.html VSelectVideoSource_GameOver.html VSendMessage_GameOver.html VSetCurrentPictureFolder_GameOver.html VSharePicture_GameOver.html VVibeDoctor_GameOver.html VVideoMailWizard_GameOver.html Exploit.html GameOver.html Exploit.html GameOver.html FileName_PoC.html Find_Exploit.html Find_GameOver.html InitAudioSourceDirect_Exploit.html DestroyResultsObject_GameOver.html GrammarFromStream_GameOver.html GameOver.html PoC.html GameOver.html GameOver.html PoC.html GameOver_fvCom1.html GameOver_fvCom2.html GameOver_info.html GameOver.html Exploit1.html Exploit2.html GameOver1.html GameOver2.html GameOver.html Exploit.html GameOver.html DOWText_Exploit.html DOWText_GameOver.html MonthText_PoC.html PoC.html Exploit.html PoC.html PoC.html Exploit.html PoC.html GameOver.html Exploit1.html Exploit2.html GameOver1.html GameOver2.html Exploit.html GameOver.html Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! Found! CVE-NOMATCH GameOver1.html CVE-NOMATCH GameOver2.html CVE-2008-0659 CVE-2008-0625 CVE-2008-0625 CVE-2008-0077 GameOver.html Exploit.html GameOver.html Exploit.html Found! Found! Secunia – Exploits vs Internet Security Suites - October 2008 Page 7/9 Norman McAfee Norton Panda AVG CA BitDefender TrendMicro ZoneAlarm Kaspersky CA F-Secure OneCare SAID SA28903#2 SA28903#2 SA28903#2 SA28903#3 SA29315 SA29328#1 SA29330 SA29330 SA29330 SA29408 SA29408 SA29712 SA29712 SA29714 SA29837 SA30037 SA30403 SA30667#2 SA30667#3 SA30667#4 SA30667#6 SA30667#8 SA30667#9 SA30709 SA30709 SA30709 SA30883 SA31370 SA31675#1 SA31675#1 SA31375#2 SA31724 SA31744 SA31744 CVE CVE-2008-0077 CVE-2008-0077 CVE-2008-0077 CVE-2008-0078 CVE-2008-1309 CVE-2006-4695 CVE-2007-6253 CVE-2007-6253 CVE-2007-6253 CVE-2008-1472 CVE-2008-1472 CVE-2008-0083 CVE-2008-1086 CVE-2008-1786 CVE-2007-6339 CVE-2008-0955 CVE-2008-2431 CVE-2008-2431 CVE-2008-2431 CVE-2008-2431 CVE-2008-2431 CVE-2008-2431 CVE-2008-2908 CVE-2008-2908 CVE-2008-2908 CVE-2008-2463 CVE-2008-2436 CVE-2008-2254 CVE-2008-2254 CVE-2008-2255 CVE-2008-3008 CVE-2008-3007 CVE-2008-3007 Filename PoC1.html PoC2.html PoC3.html PoC.html PoC.html GameOver.html Exploit.html GameOver1.html GameOver2.html Exploit.html GameOver.html PoC.html PoC.html GameOver.html PoC.html GameOver.html PoC.html PoC.html PoCs.html PoC.html Exploit.html Exploits.html GameOver1.html GameOver2.html GameOver3.html Exploit.html PoC.html PoC1.html PoC2.html PoC.html GameOver.html PoC1.html PoC2.html Found! CVE-NOMATCH PoC_intOF.html Found! Found! Found! Found! Found! Found! Found! Found! Totals (ranked by discovery rate) BitDefender TrendMicro ZoneAlarm Kaspersky F-Secure OneCare Norman Page 8/9 McAfee Norton SAID All test cases CVE Filename 21,33% 2,33% 2,33% 2,00% 1,67% 1,00% 1,00% 1,00% 1,00% 0,67% 0,33% 0,00% 30,95% 3,97% 3,97% 3,97% 2,38% 2,38% 2,38% 2,38% 1,59% 1,59% 0,79% 0,00% Important test cases Source: Secunia. Conclusion These results clearly show that the major security vendors do not focus on vulnerabilities. Instead, they have a much more traditional approach, which leaves their customers exposed to new malware exploiting vulnerabilities. One could argue that this isn't a problem, since no single product can offer a 100% protection. Yet, many of these suites clearly indicate that they are comprehensive and offer protection against “all” Internet threats, thus many users would rightfully expect these suites to protect them against all current threats. The combination of security vendors not being able to detect exploits and users patching software too infrequently (almost one-third of all installed software lack one or more security related updates) leaves the door wide open for professional Internet criminals. While we did expect a fairly poor performance in this field, we were quite surprised to learn that this area is Secunia – Exploits vs Internet Security Suites - October 2008 Panda AVG Norman McAfee Norton Panda AVG CA more or less completely ignored by most security vendors. Some of the vendors have taken other measures to try to combat this problem. One is Kaspersky who has implemented a feature very similar to the Secunia PSI, which can scan a computer for installed programs and notify the user about missing security updates. BitDefender also offers a similar system, albeit this is more limited in scope than the one offered by Kaspersky and Secunia. We do, however, still consider it to be the responsibility of the security vendors to be able to identify threats exploiting vulnerabilities, since this is the only way the end user can learn about where, when, and how they are attacked when surfing the Internet. This does not mean that the user shouldn't patch. On the contrary, patching remains of key importance since this is the only proper and efficient way to secure a system against covert attacks hidden in “legitimate” files and web sites. The best of it all – patching is free-of-charge! Secunia – Exploits vs Internet Security Suites - October 2008 Page 9/9