VB failed - Official KL Statement
Kaspersky Anti-Virus 6.0 fails June VB test
As most people have probably heard, last month Kaspersky Anti-Virus 6.0.2.621 did not pass the test conducted by Virus Bulletin, the respected British publication on computer virology.
As stated in the Virus Bulletin report, this happened because Kaspersky Lab’s product did not detect one malicious program in the VB malware test set - Net-Worm.Win32.Allaple.e.
Extracts from the June edition of VB
In the June issue of Virus Bulletin John Hawes said that “detection (of this worm) was in place both a few days before and a few days after our test, and was presumably removed temporarily for some fixing. This unfortunate timing was enough to spoil Kaspersky’s recent solid record of VB100 awards”.
The quote above was taken from the following paragraph:
 Reduced 75%
 583 x 283 (43,89k)
|
What happened at Kaspersky Lab
The threat signature for Net-Worm.Win32.Allaple.e was added to the Kaspersky anti-virus signature databases on February 1, 2007, i.e. as soon as it emerged in the wild.
As part of Kaspersky Lab’s on-going efforts to improve efficiency and optimize overall performance, the threat signature for this worm was removed from the database - temporarily - for additional testing.
It is important to note, that user security was not compromised in any way due to our multi-faceted approach to security. The Proactive Defense Module, integrated into Kaspersky Anti-Virus 6.0 successfully detects and blocks this worm. As a result, user security is ensured by two complimentary technologies – anti-virus signatures and the PDM.
Unfortunately for Kaspersky Lab, the day that the signature was removed for testing coincided with the day Virus Bulletin was collecting anti-virus databases to conduct their tests. The databases downloaded for Kaspersky Anti-Virus 6.0 did not contain the signature for Net-Worm.Win32.Allaple.e. Since VB only tests signature-based detection, our product did not detect Net-Worm.Win32.Allaple.e.
The Kaspersky PDM
Kaspersky Lab’s Proactive Defense Module is able to block Net-Worm.Win32.Allaple.e and many other malicious programs even if a sample is not available in the threat signature databases.
The user receives a notification, identifying the threat, the potential danger and the history of the actions it has performed. After terminating the malicious program the user can rollback all changes, made by the malicious program in the system.
The screenshot below demonstrate how the Kaspersky Proactive Defense Module’s detects and blocks Net-Worm.Win32.Allaple.e.
Reduced 83%
 874 x 496 (63,17k)
|
Conclusion
Of course, it is a great disappointment for us that a long series of successful Virus Bulletin tests -from August 2003 to May 2007 - has ended due to unfortunate timing.
But we are proud of the fact that our users’ security was not compromised even during the period when the signature was removed for maintenance – because our product’s proactive defense was able to block the malicious program 100%. |
发表于 2007-6-13 09:26:42
楼主
