Fortinet, McAfee, Trend Micro, Bitdefender battle in socially-engineered malware prevention test

Five enterprise products faced 36 days of continuous testing

Socially-engineered malware tries to trick users into downloading and executing malicious code through tactics that include everything from fake antivirus to fake utilities to fake upgrades to the operating system and trojanized applications.

NSS Labs tested several endpoint security products to see how well each would block these attacks.

In 36 days of continuous testing, NSS Labs tested five enterprise products: Fortinet's FortiClient Endpoint Protection; McAfee VirusScan Enterprise and Antispyware Enterprise; Symantec Endpoint Protection; Trend Micro OfficeScan; and Endpoint Security by Bitdefender.

Most did the job well in protecting against socially-engineered malware, which can often shift from one malicious URL to another as part of its evasion maneuvers when an existing URL is discovered and blocked. But there were distinct differences in how fast the endpoint security products were in adding protection, with McAfee's endpoint product seen as especially speedy, according to the NSS Labs report on the test.

+More on Network World: Best browsers for safe surfing | Can anti-virus technology morph into breach-detection systems?  +

The testing environment was based on Windows 7 Enterprise Service Pack 1 32-bit with Windows Defender disabled and Internet Explorer 10.0.9200.16660 with Smart Screen Filter Disabled. NSS Labs notes that some browsers, in particular Microsoft's IE, can block some socially-engineered malware, so there is sometimes overlap in capability between browser and the installed anti-malware agent software from security vendors.

The purpose of the test by NSS Labs was to find out how well five security vendors' endpoint software would provide block-on-demand and block-on-execute protection against a barrage of socially-engineered malware tricks.

In the combined scores for different metrics, McAfee VirusScan Enterprise achieved a combined block rate of 100%, with all of the socially-engineered malware (SEM) blocked on download. Others did well too.

"Symantec Endpoint Protection blocked 100% of the SEM, with 98.8% blocked on download and 1.2% blocked upon attempted execution," the report says. "Bitdefender Endpoint Security blocked 99.8% of the SEM, with 99.6% blocked on download and 0.2% blocked on attempted execution. FortiClient Endpoint Protection achieved a 99.8% block rate, with 99.4% blocked on download and 0.4% blocked on execution." Trend Micro blocked 98% on download and 1.61% on execution.

Read more: Trend Micro releases free heartbleed scanners

Since the same socially-engineered malware typically moves from URL to URL as existing malicious URLs are discovered and blocked, speed counts for a lot in providing protection against malware.

In a measurement of speed, NSS Labs found the McAfee VirusScan Enterprise product, which had a 31-second average time to add protection, was the fastest in terms of adding detection for new socially-engineered malware. Symantec clocked in at 15 minutes. Trend Micro averaged 31 minutes. NSS pointed out this makes these three products much faster than the other two products in the group comparative test. The Fortinet product clocked in at 1.32 hours of average time and the Bitdefender product took 2.20 hours.

The full report is available from subscription to NSS Labs tests.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail:

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags NSS LabsFortinetmcafeesymantectrend microsecurityendpoint securityWide Area Network

More about FortinetIDGMcAfee AustraliaMicrosoftSmartSymantecTrend Micro Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place