Independent research awards first place to Kaspersky Lab’s exploit prevention technology
02 Oct 2012
Comparative Tests, Product news
Kaspersky Lab’s innovative Automatic Exploit Prevention technology is the best tool to protect users against the most dangerous threats. Customized independent research performed by the MRG Effitas testing lab assessed 10 security solutions – and Kaspersky Internet Security 2013 proved the only one capable of successfully protecting a computer against all 13 simulations of highly dangerous prevalent exploits. The result offers a strong endorsement of Kaspersky Lab’s new Automatic Exploit Prevention technology, which is available for the first time in Kaspersky Internet Security 2013.
The ultimate goal of the test, which was commissioned by Kaspersky Lab, was to evaluate how well security solutions could protect against exploits. Exploits are pieces of malicious code, utilizing vulnerabilities in popular software in order to infect the system. This is a complicated task, since every exploiting technique can be embodied in many polymorphed code samples. Known exploits can be detected by a number of features, including their signature, code packing routines, etc. But unknown exploits or those utilizing newly discovered (zero-day) vulnerabilities can be identified by little other than their behavior. Therefore, a security solution has to identify the malicious intent of a program’s code in order to block it – something traditional protection techniques have struggled to do.
In order to achieve this testing goal, the security experts at MRG Effitas used both common exploits that are known to be “in-the-wild” and artificial samples provided by the Metasploit project. In total, 13 samples were selected, each being able to execute malicious code on an unprotected system. The samples were modified in order to avoid detection by traditional protection methods – being blocked by a signature or cloud-based service, detected with a web filtering module, etc. During testing the experts at MRG Effitas conducted regular user tasks with infected objects, like opening a Word or PDF document, and viewing web pages or Flash animations. Thus, the real-life scenarios when users are attacked with new or unknown exploits were carefully simulated.
All security suites were tested with their default settings. To make use of cloud-based security services, an Internet connection was provided. Kaspersky Internet Security 2013 was evaluated in two different modes: one with all default settings and another using only Automatic Exploit Prevention technology to block exploits while all other protection technologies were disabled. Whether in default mode or AEP-only mode, Kaspersky Internet Security was the only product capable of detecting and blocking all 13 exploits. The runner-up missed one exploit (using a vulnerability in the popular Winamp media player), and the product in third place missed two (vulnerabilities in Adobe Reader and Internet Explorer).
Nikita Shvetsov, Vice President of Threat Research at Kaspersky Lab, commented: “When designing the Automatic Exploit Prevention technology we concentrated on the most dangerous threats: new and unknown exploits which are widely used to attack consumers, but have also become an important tool for targeted attacks on businesses and the creation of cyber-weapons. The effectiveness of this technology has already been proved in two real-life cases, where Automatic Exploit Prevention blocked two recent zero-day vulnerabilities using only behavior-based methods. Now MRG Effitas has published a special report, using transparent methodology, to confirm once again that our specialized technology is essential when seeking the best level of protection against the most sophisticated malware attacks.”
A full account of the Comparative Assessment can be found here: http://www.mrg-effitas.com/flash-test-default/