新闻来源:Dr.Web
近来我们决定放弃参加Virus Bulletin举行的反病毒评比测试,引来大众媒体的报导和对我们合作夥伴无数的询问。我们认为有必要对此作出官方声明。
VirusBulletin是专注於防护,侦查和移除恶意程序及垃圾邮件的几乎所有反病毒厂商最荣耀的头衔之一,由杂志举办的每年的反病毒评测依然是在竞争失去意义的市场上的重要事件,因为厂商致力於指引恶意程序革命的新趋势并找出一种方式来保护全世界的用户。
Virus Bulletin承办的每两个月一次的反病毒软件评比测试是既定的评测会议,也可以是一个典礼。Dr.Web是最早的参赛者之一,它成功的历史可以追溯到1998年的第二次测试。 VirusBulletin测试凭藉着它的透明性,准确性以及对所有厂商产品的公平性,还有与反病毒公司出色的沟通在市场上脱颖而出。
然而随着近几年行业的发展,让很多厂商开始质疑这项评比。虽然透明度和准确性能保障,但是测试已经不能跟得上恶意程序以及反病毒程序的改革。这就是为什麽长久以来有声望的VB100%不能再作为基准反映反病毒软件的真实质量,更糟糕的是测试现在在影响用户的观点。
Doctor Web发现评比测试的以下4点问题
1.VB100%对反病毒软件的测试是建立在In-the-Wild病毒设置基础上的,只包括可以复制自身的恶意程序,这样肯定限制了用於测试的恶意程序名单。根据Doctor Web的评估,In-the-Wild的病毒样本仅仅包括现在反病毒保护所要抵御的恶意程序总数的10%。
2.以上的准则适用於In-the-Wild种类,而没有涉及到当今的一大类威胁——木马。最近4、5年IT安全问题另一个最主要威胁之一还有rootkits。不管一个杀软在侦查木马方面—包括超多的病毒变体–能力有多强,不管它在防范rootkit方面如何出色,它只能在成功侦查几千个In-the-Wild病毒样本後才能获得VB100%奖项。作为一些市场专家和行业专家认定的最终基准来说,VB100%不能为用户找出真正能抵御木马的反病毒软件。
3.为了迎接新的挑战,Dr.Web反病毒也在不断改进。反病毒厂商应该每天致力於被病毒市场采用的新技术,不断为反病毒程序带来新的改进。并且病毒库日程更新也不能满足现在的需要。 VB100%评测并不进行反病毒厂商为应对风险程序开发的技术改革作评测,这些改革和In-the-Wild病毒无关。
4.收集的文档常规扫描并不能体现一款杀毒软件的性能。风险程序试图入侵电脑或者电脑已经被感染了这样的恶意攻击才能检验一款软件。最近几年创造更严峻的测试环境并检验杀毒软件对付感染活动能力的呼声越来越高。一款在扫描In-the-Wild样本集给出震撼结果的杀软,但是用户不可能知道当恶意程序运行在RAM和控制系统而非储存在硬盘上时,它们是否也表现良好。同时测试也不对反病毒产品的治愈能力进行评测。
Doctor Web认为VirusBulletin举行的评测运用现行的测试方式对自身造成了很坏的负面影响。测试的结果并不能对产品质量做出合理的评估,不能准确验证产品在保护用户抵御当前病毒的能力。活动叫做评估测试,但是事实上VirusBulletin的测试对很多当前使用的对付病毒的功能并不进行评测。在这种情况下,VB100%作为一项很高的荣誉提供给胜利的参评者,但是对於软件对当前病毒威胁的防范能力并不能很好的证明。
所有这些的问题使Doctor Web决定离开Virus Bulletin测试的舞台。但是,我们会高度关注Virus Bulletin评测活动测试方式的改革。我们确定只要评测能迎合最新的反病毒安全的要求,我们会很高兴重新参加活动的。
英文原文地址 http://info.drweb.com/show/3489/en
Doctor Web: statement on Virus Bulletin comparative reviews
August 8, 2008
Given recent announcements in mass media and numerous questions directed to our partners concerning our decision to abandon the comparative review of anti-virus products by Virus Bulletin we consider it necessary to issue our official statement on this subject.
Virus Bulletin is one of the most respected titles devoted to prevention, detection and removal of malware and spam naturally knitting virtually all anti-virus developers; annual anti-virus conferences held by the magazine still remain a unique event where competitiveness on the market loses its significance as vendors focus on pointing out new trends in the evolution of malware and work out methods to protect users all over the world.
The comparative reviews of anti-viruses conducted by Virus Bulletin every two months is an established event, almost a ritual. Dr.Web is one of the oldest participants with the successful history dating back to the second test in 1998. The testing always stood out among others of its kind for its transparent methods, accuracy and unbiased assessment of products of all vendors and perfect communication with anti-virus companies.
However developments of the industry in last years make many vendors question the comparative reviews. Though transparent and accurate the testing methods fail to keep up with the evolution of malware as well as anti-virus applications. That’s why the long prestigious VB100% can no longer serve as a benchmark reflecting the actual quality of an anti-virus and which is worse is nowadays used to manipulate opinion of users.
Doctor Web sees the issues of the comparative testing as follows:
1.Testing of an anti-virus for VB100% is based on In-the-Wild set of viruses which includes only malware capable of replicating itself which surely narrows the list of malicious programs used for the testing. As estimated by Doctor Web the In-the-Wild collection includes only 10 per cent of the total number of malware modern anti-viruses protect against.
2.The above-mentioned criterion applied to In-the-Wild collection leaves out the large segment of the present-day malware – Trojans. The same applies to one of the gravest IT security issues of last 4-5 years, so called rootkits. No matter how good an anti-virus is at detecting Trojans which outnumber viruses manifold, mo matter what are its rootkit counteraction capabilities it will only get the VB100% upon a successful detection of several thousands of samples from the In-the-Wild collection. Alas, VB100% used as an ultimate benchmark by some marketing specialists and industry experts won’t show a user if an anti-virus is really efficient against Trojans.
3.In order to address new challenges Dr.Web is developing as all other AV products. AV vendors have to deal with new technologies of virus-writers on daily basis which makes constant bringing of innovations into an anti-virus a must. And here regular updates of a virus database are not enough. The testing for VB100% doesn’t compare technical innovations of anti-viruses developed to counteract malicious programs that are never included the In-the-Wild collection.
4.It’s not a routine scan of a collection of files that shows how good an anti-virus is. It is a malicious attack when malware is attempting to get to a computer or a computer has already been infected. Recent years saw numerous proposals to create tougher conditions for testing anti-viruses and assess them by their ability to cope with an active infection. An anti-virus can show astounding results detecting samples from In-the-Wild collection but users will never know if it is the same perfect when malware is running in the RAM and controls the system rather than stored on a hard drive. Neither the test compares curing capabilities of anti-virus products.
Doctor Web considers these issues to have negative impact on the efficiency of the comparative reviews conducted by Virus Bulletin using existing testing methods. Results of the reviews don’t provide any reasonable assessment of the quality of products in question, of their capability to protect users against contemporary threats. The procedure is called the comparative review but in fact the testing by Virus Bulletin doesn’t compare many features implemented in present-day anti-viruses. Under the circumstances VB100% presented as a high-quality mark awarded to a successful participant in truth is merely an evidence of passing a certain test that doesn’t have much to do with trying out capabilities of the software that are really relevant for counteracting contemporary malware threats.
All these issues have led Doctor Web to stepping aside as a participant of the Virus Bulletin comparative reviews. However, we are watching over the evolution of testing methods very closely and are sure to rejoin as soon as they are up to the present day requirements for anti-virus security.