Test av Tavis Ormandy...
Gjorde lite research tack vare tidigare inlägg...
Hela artikeln: http://news.softpedia.com/news/google-security-expert-critici...
Some antivirus certification tests are just hilarious
But besides Comodo, Mr. Ormandy also took to heart the criteria Verizon used to certify the high standards of information security that Comodo had to pass.
Since Verizon published its methodology according to which the awards were given out, Mr. Ormandy was quick to point out that they were extremely simplistic.
This reporter also took a look at all the criteria, and in our assessment, most antivirus products would have passed since the certification requirements merely described basic antivirus functions, half of which were related to UI functions.
Some of the certification "criteria" included the likes of: "Enable and disable the Detection of Malware" (which is a basic start/stop button for the scanning process), "Retrieve and apply the latest Engine and Signatures over the Internet" (the antivirus must be able to update itself), "On-Demand Detection" (the antivirus must start a scan when you press a button, or a new file is detected), and "Report no false positives" (well, duh!).
Most antivirus products are a collection of deprecated codebases
But Mr. Ormandy's criticism was not only directed at Verizon and Comodo, and he said that antivirus products, in general, are insecure. "All of the major security vendors are using ancient codebases with no awareness of modern security practices, it’s still hacking like it’s 1999," the researcher said.
And he's right in his assessment. Before cutting Comodo's reputation to bits, Mr. Ormandy also discovered security issues with other security products from companies such as Avast, Malwarebytes, Trend Micro, AVG, FireEye, Kaspersky, and ESET.
He did all of his research with no access to source code, with point-and-click security tools and basic techniques that every security researcher learns.
mm mm. Se länk ovan för hela artikeln. Mycket intressant och kunnig kille.