Testing Detection Rates in
a real online environment

The first in a series of lab tests being conducted by NSS Labs examining the protection capabilities of endpoint protection products, this report examines socially engineered malware.
Source: NSS Labs
Date: September 8, 2009

Customer Story “A new threat emerges every 2.5 seconds and most threats come from the web. That’s why current methods of testing anti-malware on offline PCs and endpoints don’t make sense.”

The first in a series of lab tests being conducted by NSS Labs examining the protection capabilities of endpoint protection products, this report examines socially engineered malware. Subsequent reports will examine phishing and exploit protection.

Socially engineered malware is disguised and/or hidden within another software package so that when a user is enticed to download and install the software, the malware is installed as well. Socially engineered malware attacks pose one of the largest risks to individuals and organizations alike by threatening to compromise, damage or expose sensitive information. With over 50% of malware delivered via the web, protecting against these threats requires more sophisticated techniques and resources and is driving the evolution of security products at the desktop level.

"NSS Labs has developed a unique “Live in-the-cloud” testing framework that emulates the experience of average users."

During July and August, 2009 NSS Labs performed the industry’s most real-world test of anti-virus / endpoint protection suites against socially engineered malware. NSS Labs’ Live Testing measures products against the most current threats as a user would experience them: not against stale or questionable samples in a closed lab environment, like other tests. The results presented here are based upon empirically validated evidence gathered during 17 days of 24x7 testing, performed every 8 hours, over 59 discrete test runs, each one adding fresh new malware URLs. Each product was updated to the most current version available at the time testing began, and allowed access to the live Internet during the entire course of the test.

» Get the unsponsored and noncommissioned test report from NSS Labs

NSS Labs Consumer Report

Read report
Free Trial
Trend Micro™ Internet
Security Pro

NSS Labs Corporate Report

Read report
Free Trial
Try Trend Micro™ OfficeScan Client-Server Suite

Free Trial
5-100 computers
Try Trend Micro Worry-Free Business Security Standard

New methodology tests protection in a real online environment

"NSS Labs developed a new method to test anti-malware against threats using a real-world, online computing environment. The labs conducted independent testing on endpoint products from leading security vendors to reveal the highest levels of malware protection. The testing was unsponsored and noncommissioned."

» Read More ...

In this Article

  • 1 Introduction
  • 1.1 About This report
  • 1.2 Endpoint Protection Products
  • 1.3 Socially Engineered Malware Threats
  • 1.4 In-the-cloud Services
  • 2 The Live Test Environment
  • 2.1 Stages of protection
  • 2.2 Time to Protect and Consistency
  • 2.3 The Tested Products
  • 2.4 Client Host Description
  • 2.5 Network Description
  • 2.6 Test Composition – Malicious URLs
  • 3 Test Criteria and Results
  • 3.1 Blocking URLs with Socially Engineered Malware Over Time
  • 3.2 Proactive and Execution Protection
  • 3.3 Time to Protect Histogram
  • 3.4 Average Response Time to Block Malware
  • 4 Product Assessments
  • 4.1 Recommend
  • 4.2 Neutral
  • 4.3 Caution
  • 5 Test Procedures
  • 6 Test Infrastructure

Testing detection rates against known threats is outdated and misleading.

A new threat emerges every 2.5 seconds and most threats come from the web. That’s why current methods of testing anti-malware on offline PCs and endpoints don’t make sense.

New methodology tests protection in a real online environment

NSS Labs developed a new method to test anti-malware against threats using a real-world, online computing environment. The labs conducted independent testing on endpoint products from leading security vendors to reveal the highest levels of malware protection. The testing was unsponsored and noncommissioned.

NSS Labs proved Trend Micro is best at blocking threats.

Trend Micro scored significantly higher than other security vendors due to the unique cloud-client layered protection in Trend Micro™ Smart Protection Network™. By stopping threats in the cloud, before they get to endpoints, Trend Micro delivers better protection to our customers—from consumers to the largest corporate enterprises.

Rethink Endpoint Security

NSS Report

The Case for a New Benchmark Testing Methodology.

TrendLabs℠ explains why the ability to block threats in the cloud is changing the way anti-malware products are tested.

» Download white paper

"Trend Micro achieved the best download and execution protection with 96.4 overall."

– NSS Labs Source:
NSS Labs Consumer Report, September 2009
NSS Labs Corporate Report, September 2009

What our Customers Say

"We chose the InterScan Web Security Virtual Appliance deployment option for our Internet gateway to avoid the Windows™ license fee and annual maintenance fees on another physical server. Installation of the virtual appliance was very easy and we've been very happy to get a better return on our existing server investments."

- Rudy Dellafiore
IT Manager, Bass Underwriters

"OfficeScan™ 8.0 is catching spyware and other malware that was being missed by other security solutions that we tested. Trend Micro continues to give us the best solution for our North American network."

- Dave Krause
Server Network Engineer, IT
BBDO Detroit, Detroit, Michigan

"Shakopee Schools, Shakopee, Minnesota The reporting capabilities of OfficeScan help us prove compliance, and add another layer of protection from web threats."

- Wade Phillips
Director of Technology