(no title)
wmt | 9 years ago
Uninstalling Flash, Adobe reader, Office and JRE, and using Chrome with adblock also helps you enormously, but is still a far cry for any user having difficulties with finding the download-button from sourceforge.
Getting a signing cert is easy as just buying one from Honest Achmed's Used Cars and Certificates, so the only real use for signed software with malware protection is to manually maintain your own list of trusted signers.
acdha|9 years ago
Of course they do well there – the vendors use those as a primary marketing feature. It's like learning that Oracle does well at a TPC benchmark they'll be printing on glossy brochures.
The question a buyer should be asking is “What percentage of attacks the average Internet user faces are stopped by this product?” and that has been declining steadily since the 90s because virus authors can easily test before releasing a new version and confirm that they've managed to avoid the current signatures. It doesn't matter that your product is great at stopping last year's malware if that's not what exfiltrates or encrypts your data.
> Uninstalling Flash, Adobe reader, Office and JRE, and using Chrome with adblock also helps you enormously, but is still a far cry for any user having difficulties with finding the download-button from sourceforge.
The part that you left out is that using Chrome gets you all of those but ad-blocking. It's true that it's hard for many users to operate securely but millions of them have managed to install Chrome and that's far more effective than any security product on the market.
wmt|9 years ago
I honestly cannot imagine a better way to objectively test how well the products fare against attacks against an average Internet user.
Edit: If I was not clear, nobody tests with historical samples anymore. Only live attacks are being used for tests.