DOCSLIB.ORG

CORPORATE AV / EPP COMPARATIVE ANALYSIS Exploit Protection

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
CORPORATE AV / EPP COMPARATIVE ANALYSIS Exploit Protection CORPORATE AV / EPP COMPARATIVE ANALYSIS Exploit Protection 2013 – Randy Abrams, Dipti Ghimire, Joshua Smith Tested Vendors AVG, ESET, F-Secure, Kaspersky, McAfee, Microsoft, Norman, Panda, Sophos, Symantec, Trend Micro NSS Labs Corporate AV/EPP Comparative Analysis- Exploit Protection Overview Endpoint Protection Products (EPP) are designed to protect against a broad spectrum of threats. Products originally developed to detect self-replicating code (viruses and worms) have added protection against adware, spyware, rootkits, bootkits, phishing attacks, and exploits, in addition to providing firewall capabilities and more. The ability to block exploits is one of the most significant tasks required of EPP products. When a new vulnerability is exploited, not only can malware, known or unknown, be silently installed, criminals can take over the exploited computer manually, thereby evading signatures and heuristics designed to detect malicious code. If an EPP can block an exploit, it has effectively blocked any and all malware that the exploit may attempt to execute or install. The ability to catch the payload an exploit delivers has value but provides far less protection than blocking the exploit itself. Exploit kits such as Blackhole have essentially made the mass exploitation of websites a low cost franchise operation with a low buy-in and an immediate lucrative return. Software such as Oracle’s Java, Adobe’s Flash and Reader/Acrobat, in addition to web browsers, keep a fresh supply of exploitable vulnerabilities available even as old exploits continue to plague consumers and corporations alike. The exploitation of vulnerabilities in common software programs enables attackers to breach networks, steal intellectual property, hijack email and social network accounts, and engaging in several other types cybercrimes. NSS vulnerability research reveals that the number of reported vulnerabilities rose significantly in 2012 and the vulnerability landscape is going through significant transformations1. Enterprises have several tools to help prevent the exploitation of vulnerabilities. Patching is one of the most important defenses. However many corporations fail to patch all of the applications on their desktops and often are slow to deploy the most current software versions. Intrusion prevention systems (IPS), and in some scenarios next generation firewalls (NGFW), can provide a valuable line of defense against exploits for enterprises. NSS provides extensive comparative testing for IPS and NGFW products. The use of current web browsers is another line of defense. The most widely used browsers have added features such as reputation systems and application blocking to help defend against the exploitation of vulnerabilities. The use of endpoint protection products, colloquially known as antivirus, is also a common defense. NSS tested 11 popular enterprise EPP products to measure their effectiveness in protecting Windows computers against exploits. All of the exploits used during this test have been publicly available for months (and sometimes years) prior to the test, and have also been observed in use on the Internet. Enterprises, especially those employing the BYOD model, that seek protection from exploit driven attacks against desktop PCs and laptops should closely examine results from this test. 1 https://www.nsslabs.com/reports/vulnerability-threat-trends © 2013 NSS Labs, Inc. All rights reserved. 2 NSS Labs Corporate AV/EPP Comparative Analysis- Exploit Protection McAfee 97% Kaspersky 92% Symantec 91% Sophos 88% AVG 79% F-Secure 76% Trend 73% ESET 71% Microso 65% Norman 47% Panda 41% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Figure 1 - Combined Block Rates (including alternate vectors) Figure 1 combines 203 exploit download and payload execution tests with 30 alternate vector attacks to provide the overall exploit protection rate for the tested EPP products. Key Findings: • With a few notable exceptions, endpoint products are not providing adequate protection from exploits. • Enterprise EPP products differ up to 53% in effectiveness at blocking exploits, with protection levels varying between 44% and 97% • Keeping AV software up-to-date does not yield adequate protection against exploits, as evidenced by gaps in coverage for vulnerabilities found to be several years old. • Java is a significant attack vector © 2013 NSS Labs, Inc. All rights reserved. 3 NSS Labs Corporate AV/EPP Comparative Analysis- Exploit Protection Table of Contents Analysis .................................................................................................................................. 5 Test Background – Threat Landscape ........................................................................................................... 5 Stages of Protection ..................................................................................................................................... 6 How This Test Was Conducted ..................................................................................................................... 7 Protection From Exploits Across Protocols .................................................................................................. 7 Exploit Blocking Results ................................................................................................................................ 8 Alternative Attack Vectors ......................................................................................................................... 11 Test Methodology ................................................................................................................. 12 The Tested Products ................................................................................................................................... 12 Client Host Description ............................................................................................................................... 13 The Vulnerabilities ...................................................................................................................................... 13 Appendix A: Definitions ........................................................................................................ 15 Vulnerability ............................................................................................................................................... 15 Exploit ......................................................................................................................................................... 15 Payload ....................................................................................................................................................... 15 Contact Information .............................................................................................................. 16 Table of Figures Figure 1 - Combined Block Rates (including alternate vectors) .................................................................... 3 Figure 2 - How a desktop/laptop computer is exploited ............................................................................... 5 Figure 3 - HTTP vs. HTTPS block rates ........................................................................................................... 8 Figure 4 - Non- IE6 Overall Exploit Block Rate .............................................................................................. 9 Figure 5 - IE6 Overall Block Rate ................................................................................................................. 10 Figure 6 - Overall Exploit Block Rate ........................................................................................................... 10 © 2013 NSS Labs, Inc. All rights reserved. 4 NSS Labs Corporate AV/EPP Comparative Analysis- Exploit Protection Analysis The results of NSS’ in-depth testing of 41 individual exploits and over 200 attack scenarios revealed significant differences in the defensive capabilities of 11 leading endpoint protection solutions. Results are provided for exploits that require Internet Explorer 6 and those that do not. Given that many enterprises are forced to support IE6 because of legacy applications, this capability may be a determining factor in selecting an EPP product. Excluding exploits requiring IE6, the average block rate was 77%, with the weakest product blocking 44% and the best product blocking 98% of the attacks. For exploits requiring IE6 to execute, the average blocking ability was 65%, with the weakest performer blocking 20% of the attacks and the top products blocking 100% of the attacks. Enterprises rely on endpoint security products to help provide a virtual shield against exploits. The number of potentially vulnerable applications that need to be patched taxes the resources of most IT departments and may allow vulnerabilities to persist longer than they ordinarily might on a consumer computer. NSS testing shows that the majority of EPP products fail to block some of the most widely used and dangerous exploits from recent years. Given the importance and growing prevalence of this class of threat, NSS recommends that enterprises give appropriate weight to the quality of exploit prevention technology, as well as performance and threat detection, when selecting EPP products. Test Background – Threat Landscape The layers of defense used in enterprises vary widely. The extent to which technologies such as IPS, NGFW, web and application whitelisting, thin clients, and other
Load more

Recommended publications
  • Revisiting XSS Sanitization
    Revisiting XSS Sanitization Ashar Javed Chair for Network and Data Security Horst G¨ortzInstitute for IT-Security, Ruhr-University Bochum [email protected] Abstract. Cross-Site Scripting (XSS) | around fourteen years old vul- nerability is still on the rise and a continuous threat to the web applica- tions. Only last year, 150505 defacements (this is a least, an XSS can do) have been reported and archived in Zone-H (a cybercrime archive)1. The online WYSIWYG (What You See Is What You Get) or rich-text editors are now a days an essential component of the web applications. They allow users of web applications to edit and enter HTML rich text (i.e., formatted text, images, links and videos etc) inside the web browser window. The web applications use WYSIWYG editors as a part of comment functionality, private messaging among users of applications, blogs, notes, forums post, spellcheck as-you-type, ticketing feature, and other online services. The XSS in WYSIWYG editors is considered more dangerous and exploitable because the user-supplied rich-text con- tents (may be dangerous) are viewable by other users of web applications. In this paper, we present a security analysis of twenty five (25) pop- ular WYSIWYG editors powering thousands of web sites. The anal- ysis includes WYSIWYG editors like Enterprise TinyMCE, EditLive, Lithium, Jive, TinyMCE, PHP HTML Editor, markItUp! universal markup jQuery editor, FreeTextBox (popular ASP.NET editor), Froala Editor, elRTE, and CKEditor. At the same time, we also analyze rich-text ed- itors available on very popular sites like Twitter, Yahoo Mail, Amazon, GitHub and Magento and many more.
    [Show full text]
  • Tinymce Asp Net Mvc Example
    Tinymce Asp Net Mvc Example Jessee is lessened: she derate doubtless and belabour her pikestaff. Substernal Moe serenades no grubbers compelled diametrically after Ivan hypothecating equally, quite arty. Is Jeromy professorial or enunciable after reachable Gerhard Latinise so analogically? Otherwise we should be removed when i pass that can be displayed in an extension method. Tries to their job of these references must be working for a dropdown, they often comes an episerver world has more! You could not looks similar mask for this needs is an object which help you can be customized search service or suggestions and website? One method and a div with html encode data arrays as i interviewed about? In our subscribers list for other links using firebug for. Model binder should review content. Written immediately deleted as guide for production and asking for. In the cdn script on some top section of your page into the database created by the project then editor? Previous product next thing is not accept server. Parece que el enlace que esta página de alguna manera pasarle las credenciales o un sitio desarrollado en una página muestre un token. Adding the image, we offer any more. Url part is this info with javascript framework that one can now, wiki syntax highlighter extension method. Google code that editors can be as it mean by me know it possible security in place on how grepper helps. It showed only your efforts easier, tinymce asp net mvc example of your code, parsable html then i would be? The document inside an example of an iframe is to.
    [Show full text]
  • Xwiki Standard 9.8.1 User Guide Xwiki Standard 9.8.1 User Guide
    XWiki Standard 9.8.1 User Guide XWiki Standard 9.8.1 User Guide Table of Contents Pages Overview .................................................................................................................................................................... 3 XWiki Applications Overview .......................................................................................................................................... 108 Other XWiki Applications Overview ................................................................................................................................ 217 Users and Groups Overview ............................................................................................................................................. 231 Page 2 XWiki Standard 9.8.1 User Guide • Pages Overview • Create a Wiki Page • Simple and Advanced Edit • Common Edit Actions • Editing Modes • XWiki Syntaxes • The CKEditor • Nested Page Actions • Share Page By Email • Page Comments • Page Attachments • Page History • Page Export Formats • Internationalization • Activity Stream • Keyboard Shortcuts • XWiki Applications Overview • Annotations Application • Dashboard Application • Flamingo Skin • Help Center Application • Index Application • Office Importer Application • Search Application • Syntax Highlighting Application • Tag Application • Tour Application • Other Applications • Blog Application • Users and Groups Overview • Registration • Login • User Profile • User Preferences • User Status • Join a Sub-Wiki • Wiki Invitations
    [Show full text]
  • Studio Editor User Guide
    Studio Editor User Guide Version 6.11 Reference Guide Table of Contents Copyright and Legal Notice .................................................................... 1 Copyright............................................................................................................... 1 Release Notes .......................................................................................... 3 Editor 6.11 Release Notes .................................................................................... 3 System Requirements ............................................................................. 6 Hardware Requirements ...................................................................................... 6 Software Requirements........................................................................................ 6 Getting Started in Studio (For New Users)............................... 9 Logging In and Updating Your Profile ................................................ 11 Log into Xyleme Studio ...................................................................................... 11 Studio Home Page: The Document Manager ..................................... 13 What is the Document Manager? ...................................................................... 13 Common Conventions in Studio.......................................................... 17 Helpful Hints ....................................................................................................... 17 Content editing toolbar .....................................................................................
    [Show full text]
  • In PDF Format
    Dellinger & Hart ePortfolios@edu ePortfolios@edu offers a comprehensive examination of best practices in creating, implementing, and assessing an ePortfolio program. Contrib- utors to the edited collection (ePortfolio practitioner/scholars from four EPORTFOLIOS@EDU continents) share triumphs and lessons learned from a first-person per- spective. Designed as a go-to resource for ePortfolio novices, seasoned WHAT WE KNOW, WHAT WE DON’T practitioners, and curious explorers alike, ePortfolios@edu allows read- EPORTFOLIOS@EDU KNOW, AND EVERYTHING IN-BETWEEN ers to close the book and immediately apply whatever information they found most appropriate for their course, program, and/or institution. Re- flecting the emblematic interconnectedness of ePortfolio development, ePortfolios@edu complements other publications on ePortfolios by offer- ing new perspectives and a rich companion website that will be of great value to the expanding network of ePortfolio practitioner/scholars. Mary Ann Dellinger is Professor (emerita) of Spanish Language and Cultures at the Virginia Military Institute, where she served as the Insti- tute’s first Director of the VMI ePortfolio Project. Her most recent book, Indagaciones. Introducción a los estudios culturales hispanos (Georgetown University Press), is the first textbook on cultural studies for students of Spanish as a second language. D. Alexis Hart, Director of Writing at Al- legheny College, is the editor of How to Start an Undergraduate Research Journal. Her work has also appeared in CUR Quarterly, Pedagogy, Writ- ing on the Edge, Composition Forum, and several edited collections. Practice & Pedagogy Series Editors, Mike Palmquist, Aimee McClure, Aleashia Walton, & Karen Rigney-Moroski The WAC Clearinghouse Fort Collins, CO 80523 wac.colostate.edu W University Press of Colorado Louisville, Colorado 80027 upcolorado.com Edited by Mary Ann Dellinger ISBN 978-1-64215-108-4 W and D.
    [Show full text]
  • Linux for Developers Developer’S Library
    Meydan VIP Bridge, Dubai, United Arab Emirates Dubai’s 80-meter Meydan VIP Bridge carries the royal family and guests to the grandstand at the annual Dubai World Cup horse race. Opened in time for the March 27, 2010 World Cup, the bridge’s architecture aims to evoke the flowing mane of a racehorse. At night, the bridge is lit with shimmering royal blue LED lights embedded in its steel cladding and smoothly following its undulations. While few people have the opportunity to cross this private bridge, it has been seen by millions worldwide, as a key location in the movie Mission Impossible: Ghost Protocol. Linux for Developers Developer’s Library Visit informit.com/devlibrary for a complete list of available publications. The Developer’s Library series from Addison-Wesley provides practicing programmers with unique, high-quality references and tutorials on the latest programming languages and technologies they use in their daily work. All books in the Developer’s Library are written by expert technology practioners who are exceptionally skilled at organizing and presenting information in a way that is useful for other programmers. Developer’s Library titles cover a wide range of topics, from open source programming languages and technologies, mobile application development, and web development to Java programming and more. Linux for Developers Jumpstart Your Linux Programming Skills William “Bo” Rothwell Boston • Columbus • Indianapolis • New York • San Francisco • Amsterdam Cape Town Dubai • London • Madrid • Milan • Munich • Paris • Montreal Toronto • Delhi • Mexico City Sao Paulo • Sidney • Hong Kong • Seoul Singapore • Taipei • Tokyo Many of the designations used by manufacturers and sellers to distinguish their products Editor-in-Chief are claimed as trademarks.
    [Show full text]
  • Firefox OS Web Apps for Science
    Firefox OS Web Apps for Science Raniere Silva and Frédéric Wang Mozilla MathML Project June 10, 2014 Abstract In this document, we describe recent work made by the Mozilla MathML team to help publishing scientific content using Web technologies. We focus on the Firefox OS platform currently being developed by Mozilla that provides a good framework to create mathematical user interfaces on mobile devices. Contents 1 The Web Platform 3 1.1 Overview ............................................... 3 1.2 Basic HTML5 Features ........................................ 3 1.3 Styling of Mathematics ........................................ 4 1.4 TeXZilla ................................................ 4 1.5 Advanced HTML5 Features ..................................... 5 2 Firefox OS 6 2.1 Overview ............................................... 6 2.2 Math Suite .............................................. 6 2.3 Math Cheat Sheet .......................................... 7 2.4 TeXZilla App ............................................. 7 2.5 DynAlgebra .............................................. 8 A The Web Platform 12 A.1 1-mathml-in-html ........................................... 12 A.2 2-mathml-in-svg ........................................... 12 A.3 3-mathml-javascript ......................................... 12 A.4 4-mathml-fonts ............................................ 13 A.5 5-canvas ................................................ 15 A.6 6-mathml-in-webgl .......................................... 15 A.7 7-web-component ..........................................
    [Show full text]
  • Asp Net Core Document Editor
    Asp Net Core Document Editor Kid-glove or hydropathical, Fritz never legitimatized any autosome! Inquiline Markus garbs tangly while Gaven always flounced his cultigen knits tunelessly, he fidging so illiberally. Unphonetic Stanwood podding rowdily, he abode his Slavophobe very turbulently. This prototype program illustrates the dialog Control all need to simplify web content contributors easily create a document. Formatter and is published by Esben Petersen We easily get Prettier to format our code when a file is saved in. Choose a document manipulation is especially relevant given the steps will be added to learn asp. Text Control GitHub. 0 Performance issue Asp NET Administration Programming in C Programming. What is a document between pdf editor? Devextreme get quick data AGOGO Shop. Qt text browser vs text edit Bayou Microfund. Net core download Taverna Kia Kropolis. You have to install it is a document from other website uses cookies and documentation developer documentation developer documentation and add your documents from anywhere: choose from other tracking technology to integrate it. Multiplatform Desktop HTML Editor with company Core 3 and. Net core is one because mixed model binding in. ASPNET Core implementation now supports AllowSynchronousIOfalse File upload. How we are doing with asp net core document editor application cannot to help people all modern browsers and you have been easier. C demo to guide how i create read your view download DOCX document in ASPNET and MVC application on server. NET Core supported environment as Windows Linux and Mac EmpId is the. After a set of slide center as some data? It is especially relevant given the best possible experience for is that it down the asp net core document editor with powerful apis is a few login attempts is? You can use although third party component to experience rich text editing within your application Tiny MCE is essential well known major text editor that is power to.
    [Show full text]
  • Carte Care Se Vrea În Esență Despre Internet Și Despre Web Este Cel Puțin Ciudat Să Folosesc Un Astfel De Motto
    Cuprins 1 Introducere ..................................................................5 1.1 Să ne lămurim… .................................................. 6 1.1.1 La început a fost WEB-ul: fals ........................ 6 1.1.2 WEB-ul era la sistemul de operare: fals ........ 6 1.1.3 Sistemul de operare era WEB-ul: fals ........... 6 1.2 Când a început WEB-ul? ..................................... 7 1.3 La început a fost Internetul: aproape corect ...... 9 2 HTML – HTML5 ....................................................... 14 2.1 WWW (World Wide Web)? ................................ 14 2.2 Pagini Web ......................................................... 15 2.3 Adresa unei pagini de Web ................................ 15 2.4 Cum aduce browserul paginile web? ................. 17 2.5 Cum afișează browser-ul paginile web? ............ 19 2.6 Ce este un fișier HTML? ................................... 20 2.7 Structura standard a unui document html5 ..... 21 2.7.1 Primul cod html ............................................ 21 2.7.2 Explicarea structurii standard: ................... 24 2.8 Tag-uri html ...................................................... 26 2.8.1 DOM – Document Object Model .................27 2.8.2 Observații generale ..................................... 29 1 2.9 Marcarea corectă a textului ............................... 31 2.9.1 Marcarea metadatelor ................................. 32 2.9.2 Delimitarea logică a conținutului ............... 34 2.9.3 Tag-uri pentru marcarea structurală a conținutul textului
    [Show full text]
  • ARBETSBOK -.:: Nanaki
    Läromedel för GY2011 Webbutveckling 1 ARBETSBOK WEBBUTVECKLING 1 Lars Gunther 2012 Thelin Läromedel www.skolportalen.se ISBN: 978-91-7379-176-2 ISBN: 978-91-7379-176-2 Licens att använda denna bok är köpt via Licensen gäller enligt villkor www.skolportalen.se i samband med köpet WEBBUTVECKLING 1 ‐ ARBETSBOK FÖRLAGETS FÖRORD Detta är Webbutveckling 1 ‐ Arbetsbok. Boken är anpassad efter gymnasieskolans kursplan GY2011 för kursen Webbutveckling 1 med kurskod WEBWEU01. Boken är skriven av Lars Gunther. Erfaren gymnasielärare inom bl.a. webbutveckling och programmering. Boken är utgiven av Thelin Läromedel. Boken finns även tillgänglig för läsning via internet via Skolportalen eBooks. Om du käre läsare skulle hitta något i boken som du inte tycker stämmer eller om du saknar någon viktig del så får du gärna meddela detta till oss. Vi är oerhört tacksamma för alla kommentarer och tips. Det går bra att e‐posta till [email protected] Eventuella uppdateringar och rättelser till boken som tillkommit efter denna upplagas tryckning finns att ladda hem på Skolportalen, www.skolportalen.se. Facit med svaren på frågorna samt lösningsförslag finns i Lärarhandledningen som kommer att utkomma. I denna finns även värdefulla tips till läraren. Somliga uppgifter ska göras online adressen http://webbteknik.nu/, där finns också instruktionsfilmer i videoform, samt exempelkod. Arbetsboken följer samma typografiska konventioner som läroboken. Numreringen av stycken är dock inte densamma. Thelin Läromedel och Lars Gunther, juni 2012. Samtliga varumärken som förekommer i boken tillhör innehavaren av varumärket. OBSERVERA ATT ALL KOPIERING ELLER ANNAT MÅNGFALDIGANDE AV DENNA BOK ELLER DELAR AV DEN ÄR FÖRBJUDET ENLIGT LAG. THELIN LÄROMEDEL, LIDKÖPING Tel.
    [Show full text]
  • Download Html Textarea Editor
    Download html textarea editor TinyMCE's plugin system allows you to download themes and plugins to It's a simple and no-fuss HTML rich-text editing solution that converts. Download TinyMCE for free, the most advanced WYSWIYG HTML editor Just because TinyMCE is the most powerful rich text editor doesn't mean it is difficult. Download a free trial of RichTextEditor. Thank you for your interest developers to replace any textbox/textarea with an intuitive word-like wysiwyg html editor. Adding rich text editing to your HTML5 or JavaScript application is quite You download the API to your local drive and add links to the required it's easy to add the HTML to accommodate it by typing in the tags directly. Introducing the new CKEditor Ecosystem. Product portfolio of rich text editors and collaboration solutions delivered through fast and secure cloud services. Rich-text editors, also known as online rich-text editors, are web a very intuitive “table creation” feature to help users construct HTML tables. Froala WYSIWYG HTML Editor is easy to integrate and to use. to convert HTML textarea fields or other HTML elements to editor instances. Download a free trial of Rich Text Editor for PHP. Thank you for your interest in evaluating RichTextEditor for PHP software. The day trial version is fully. Textarea Editor demo for the Froala Rich Text Editor. Get to know our WYSIWYG HTML editor through examples. Super Simple WYSIWYG Editor on Bootstrap Summernote is a JavaScript library that helps you create Simply download and attach your js, css with bootstrap.
    [Show full text]
  • Table of Contents
    Table of Contents Welcome 7 Mura CMS Overview 7 Dashboard 9 Site Manager 9 Modules 9 Users 10 Site Config 11 Creating the Site Structure 12 Access the Site Manager 12 Content Types 18 Content Formatting 19 Add Pages for Top Level Pages 20 Setting Page Order 22 Selecting Layout Templates 24 Edit Layout Templates from the Site Manager 24 Edit Layout Templates on the Content Edit Screen 25 Edit Content 26 Basic Tab 27 SEO Tab 29 Mobile Tab 30 Layout & Objects Tab 30 Tags Tab 34 Related Content Tab 34 Advanced Tab 35 Publishing Tab 36 Publishing Options 40 Version History 41 3 About Us 42 Select Layout Template 42 Adding Content to the Page 42 The WYSIWYG Editor (CKEditor) 45 Front End Editing 46 Formatting the About Us Content 48 Adding Images to Content 51 Add Pages Below the About Us Landing Page 55 Adding Sub Navigation 56 Board of Directors 58 Changing Content Type from Page to Folder 58 Add Pages to the Folder 59 News 64 Changing Content Type from Page to Folder 64 Adding Pages Below The News Section 64 Content Sorting 67 Changing Sort Order 68 Category Manager 69 Creating a Category Filter 70 Categorizing Content 74 Featured Categorized Content 75 Placing the Category Filter Content Display Object 76 Blog 79 Copy & Paste 79 Add Content Objects 83 Tagging Content 87 Adding a Tag Cloud 90 Photo Gallery 92 Default Image Sizes 92 4 Change Content Type to Gallery 94 Add Images to the Gallery 95 Setting the Number of Thumbnails Per Page 105 Customizing Photo Gallery Thumbnail Sizes 106 Contact Us 107 Creating a Contact Form 107 Embed a Google
    [Show full text]