Only 2 of 13 vendors blocked more than 80% of phishing attacks in recent NSS Labs’ tests and modern Web browsers now surpass many end point products’ anti-phishing defenses
AUSTIN, Texas – January 30, 2013 – NSS Labs today released the latest Comparative Analysis Report™ from its 2013 Group Test for Consumer End Point Protection (EPP), which evaluated 13 leading EPP solutions and their ability to block threats such as exploits, malware and phishing. Phishing attacks represent some of the most common and impactful security dangers consumers face today and NSS’ tests suggest many users’ EPP products may be providing a false sense of security against these risks.
Based on Market Share, over 90% of Consumers are Inadequately Protected
The top two performers in NSS’ test, Trend Micro and Kaspersky, were the only tested products with block rates of over 70% and only account for ~9% of the global end point security software market according to September 2012 OPSWAT report. This leaves over 90% of the market severely under-protected – and in some cases, virtually unprotected – from phishing attacks, which can have disastrous consequences for end users. NSS phishing test results yielded several key conclusions:
- Protection levels vary widely between vendors: Protection levels ranged from 3% at the lowest end (Norman) to 92% at the highest (Trend Micro).
- Web browsers should be the first line of defense against phishing: Modern Web browsers now offer 90% to 94% protection against phishing according to NSS tests. Browser makers’ security progress allows users running their latest versions to benefit from an extra layer of anti-phishing protection. Consumers should still take time to understand more about phishing and best practices for avoiding phishers’ increasingly deceptive attacks.
- Timing is everything: The average time it takes an EPP product to block a new type of phishing attack is critical to overall protection. With phishing attacks having an average lifespan of only 23 hours, effective EPP solutions must identify and begin blocking attacks immediately. Only 2 of the 13 vendors tested, Trend Micro and Kaspersky, were as fast (or faster) than the Web browsers NSS tested at recognizing and adding phishing protection. Both took around 4 – 4.5 hours to block, while the top two web browsers took 2.35 hours and 5.38 hours, respectively.
- Look for balanced protection: Consumers evaluating EPP solutions should consider a product’s ability to block against exploits and socially engineered malware, beyond considering anti-phishing performance alone. These general detection capabilities are essential and complement browser-based security.
Commentary: NSS Labs Research Director Randy Abrams
“The change in the security landscape over the past few years is stark. Web browsers were once the Typhoid Mary that stressed antivirus solutions to the breaking point. However, recent NSS tests of browsers and AV products reveal that the leading browsers are now full fledged partners with antivirus in the fight against phishing and are generally doing a better job of protecting against phishing attacks than end point security suites,” said Randy Abrams, Research Director at NSS Labs. “The generally low protection against phishing offered by antivirus suites would be cause for serious concern if the leading browsers weren’t doing as well as they are at blocking such attacks.”
“The good news for consumers and enterprises is that they can focus on other more important protective capabilities when choosing end point solutions,” Abrams added. “Our tests reveal that when using current browsers, considerations such as exploit protection and socially engineered malware protection are the most important criteria for endpoint security products.”
The 13 vendors tested in this report and in the current group tests include:
- Trend Micro
Results for each additional test area in Consumer End Point Protection – evasions, performance and protection against live malware, drive-by attacks and phishing – are available when released at www.nsslabs.com. NSS Labs did not receive any compensation in return for vendor participation; All testing and research was conducted free of charge.