Untangle untangles AV testing mysteries (and ant joke)

Fancy seeing you here. It's Friday's IT Blogwatch: in which we find an interesting test of anti-virus engines at LinuxWorld. And did you hear the one about the ladybug and the ant?..

Tim Wilson, all is forgiven:

Oh, antivirus products. They're a commodity item, right? They're all pretty much the same. Wrong, according to a live test of antivirus products for Linux conducted last night at the LinuxWorld event in San Francisco.

In an antivirus "fight club" conducted in front of an audience by network gateway vendor Untangle at the show, 10 antivirus products were confronted with 25 viruses, many submitted by members of the audience. The goal: to see whether the AV tools would catch 'em all. The results: Only three of the antivirus tools caught and blocked all 25 viruses thrown at them ... The "winners" in last night's contest were Linux tools from Kaspersky and Symantec, and the open source Clam AV.
...
Untangle first conducted the AV "fight club" two years ago, when it was trying to decide which AV tool to include in its network gateway, which offers a variety of security and network performance tools. [more]

Untangle CTO Dirk Morris explains:

Two years ago we decided to add antivirus to our network gateway platform ... My theory was that anti-virus was fairly commodity and that all vendors would be roughly equal. I couldn’t have been more wrong! Some vendors were embarrassingly terrible ... We couldn’t be happier with the performance of ClamAV.
...
A year later, I was talking to one of the testing labs ... They would not explain why they refused to test ClamAV, although they did offer that they had tested it and it had done poorly relative to the commercial solutions. Given our testing and customer data had shown the exact opposite, we asked for their test results - to which they repeatedly refused ... I’m left to assume that the testing labs are biased in their testing.
...
Our goal in this test was not to scare people, or even drive people away from some vendors. We simply want to encourage discussion. Tests like these need to be open and transparent. They need to be performed in the open so results can be verified and challenged. They need to be transparent for credibility. [more]

Ryan Nix:

We always knew that ClamAV was a wonderful open source project. Many open source projects that are as large as the ClamAV anti-virus project typically have 90% of what end users want and 100% of what they need most ... the only feature ClamAV is missing right now is a realtime filesystem scanner that Symantec and some of the others have. [more]

His name is Luca Gibelli (he lives on the 2nd floor):

What’s so cool about the AntiVirus Fightclub? The test is conducted in a public and transparent manner using a real-world test set of malware. Untangle doesn’t test for 0-day malware and doesn’t compare functionalities. It is a simple test of whether or not each vendor’s virus engine catches viruses that have been in the wild in wide distribution. [more]

Steven Spalding makes you look smarter:

What they learned probably won’t shock you all that much. A lot of common Anti-Virus software is pretty bad ... The lesson is that just because an Anti-Virus program is expensive, does not mean that it is effective. [more]

Mr. Gill is sans regret:

It has happened to us all. The boss is unconvinced and wants an antivirus (or other solution) that comes in a shiny box with all that “quality” technical support and a well laid out manual. Here is another tool in your arsenal to convince the boss that a shiny box is not always a better product.

For the second year running ClamAV is up there at number 1. Yes ClamAV is open source and free. No ClamAV does not come in a shiny box. [more]

But BearRanger says this is why he runs Linux:

I work in a Windows free environment. I understand that not everyone has this luxury.

Am I a bad citizen because I don't scan for Windows viruses on my Linux systems? It's almost like another Microsoft tax--you're expected to degrade your performance to prevent their victims, uh, customers (yeah, that's it) from infecting each other. Those folks need to be responsible for their own safety and not expect the rest of us to do it for them. They could start by holding Microsoft accountable and making other choices at purchasing time. To me, Windows isn't worth the hassle. [more]

And silverwhisper whispers:

The other successful software were from Kaspersky and Symantec, neither of which surprise me by their performance. [more]

Buffer overflow:

Around the Net

• Martyn Richard Jones: The case of the missing CASE
• Jamie: Why your business may benefit from social bookmarking
• Security and Compliance Connection: College Data Insecurities
• Penguin Pete: Explaining the Google Second Brain Phenomenon
• Edd Dumbill: Mono: A Progress Report
• Nate Anderson: "Can I have your badge number and the source code to your breathalyzer?"

Around Computerworld

• Michael R. Farnum: Building relationships with customers is vital
• Preston Gralla: Music censorship: One more reason to stay away from AT&T
• Shark Tank: Every week, without fail ... OK, with fail
• Martin MC Brown: Auto-starting movies in news feeds is rude
• Douglas Schweitzer: Whistleblower law enacted
• Shark Bait: My IE keeps closing!!!

Previously in IT Blogwatch

• Go green: climate change changing data centers (and !bug)
• New iMacs, iWork, iLife, iEtc. (and pukelight)
• Linux StinkPads ahoy! (and compendium vol 10)
• Dateline Las Vegas: hackers whack a mole hack (and outed-FSJ)
• Who wants a free Google phone? (and comic() {comic();})
• Older posts

And finally... Ant tells joke; ladybug laughs

Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You too can pretend to be Richi's friend on Facebook, or just use boring old email: blogwatch@richi.co.uk.