An independent security software testing outfit based in Austria has for the first time tested “next generation” security programs which work without the need for malware signatures.
AV-Comparatives awarded all four products it tested its “Approved next generation security” award, for “decent results in the malware protection tests without issuing too many false alarms.”
The four products are:
- Barracuda NextGen Firewall
- CrowdStrike Falcon Host
- Palo Alto Traps
- Sentinel One Endpoint Protection Platform
In common with other next generation security products, the four products claim to eschew traditional malware signatures.
Signatures are elements of code within a malicious program that can be used to identify it while it’s being downloaded and then stop it. But critics have long derided the idea that traditional anti-malware software is solely based on signature detection.
And AV-Comparatives point out that the four products have little else in common, calling “next generation” a “vague term.”
Some, like Barracuda’s NextGen Firewall, work by monitoring incoming network traffic. Others install client software on endpoints like PCs which is managed and monitored centrally from a console. “The latter type is intended to replace the antivirus software on client PCs, while the former could still be used in conjunction with traditional AV products,” the company says.
Next generation security software is generally sold only to businesses, not to consumers.
All the products scored 98 percent or better in the malware detection tests the company ran, but some did considerably less well protecting against exploits — where the company uses what it calls a “zero tolerance” scoring procedure.
“Unfortunately, a number of vendors refused to participate in this independent evaluation,” the company adds. Earlier this year the company’s CEO Andreas Clementi got involved in a row between security vendors over the VirusTotal malware detection repository.
VirusTotal, owned by Google, is one of the largest libraries of malware and a vital resource for security companies. In May, it changed its rules after complaints that next generation security companies were leaning very heavily on the database, saving on their own research and development costs, while not contributing their own malware samples and research.
Clementi was quoted criticizing next-generation or non-signature based malware vendors as “rely[ing] on the [intellectual property] of other vendors and data stored in the cloud.”
Other critics have pointed out that even signature-based security software nowadays also incorporates behavioral detection elements and other heuristic techniques, rather than relying completely on signatures. “Since the fossils and dinosaurs of what next-gen vendors dismiss as ‘legacy AV’ have been doing all that for decades, I guess we’re all next-gen,” wrote ESET’s David Harley last month.