Modern endpoint products (EPP), commonly referred to as antivirus suites, provide protection for a vast array of threats. Once offering protection against only viruses, most suites today also claim to provide protection against Trojans, bootkits, phishing, spyware, rootkits, identity theft, exploits and other threats. In this test NSS specifically examines the anti-phishing capabilities of 11 popular consumer suites.
"Phishing" attacks pose a significant risk to individuals and organizations alike, by threatening to compromise or acquire sensitive personal and corporate information. Phishing attacks can be constructed in two basic ways. The first is an attempt to persuade a victim to provide personal information to the attacker.
The information may consist of credit card details, login information for email or social media accounts, or other personal information that can be used for identity theft and other information-based attacks. The second type of phishing attack attempts to lure users into installing a malicious application, or navigating to a website where malicious software will be installed through the exploitation of vulnerable software. Common to both phishing attacks is that they can arrive via email, instant messages, SMS messages, and links on social networking sites.
Historically consumers have relied upon endpoint security products to protect them from anything perceived to be a threat on the Internet. Antivirus companies began to add phishing protection to their offerings with questionable success. The results of this test indicate that phishing protection is not a significant technological focus for most antivirus companies.