By Maria Korolov
Jan. 20, 2017
Criminals earned $1 billion from their ransomware last year, showing that it's consistently getting through defenses.
But there are some new, early-stage products that specifically target ransomware, he added.
"Some of them work, some of them don't -- this is still very early days," he said. "Sophos has acquired one of those companies and now have an additional module that specifically protects against ransomware, and that actually works fine, so Sophos is actually scoring well but they're one of the few that do."
Sophos, which offers both network and endpoint security products, is not included in the Virus Bulletin, but received a 100 percent score for blocking zero-day attacks in the latest antivirus reports.
"One of our major advantages is that we don't rely on any one technology," explained Dan Schiappa, senior vice president and general manager of end user and network security groups at Sophos. "We have a little mini analytics engine, and when it's scanning a file or looking at a behavior, it can call on a bunch of different pieces of technology to determine if it's malware."
The new Intercept X product, which is designed specifically for zero-day threats, looks at how malware attacks systems.
"There are only about 24 different ways that you can exploit a vulnerability," he said. "We might get a couple of new techniques a year, and as long as we keep up with those techniques, we're in pretty good shape. For example, one new technique is to get into the pre-boot environment, and we're building protections against that."
Some vendors dispute whether the results of this one set of tests is conclusive.
"Test scores tend to fluctuate as attackers create new techniques and defenders continue to innovate," said Mark Nunnikhoven, vice president of cloud research at Trend Micro.
Trend Micro was not included in the Virus Bulletin report.
"I can't speak to why we did not participate in this specific round of testing, we do have a lot of respect for Virus Bulletin," said Nunnikhoven.
Instead, he pointed out to his company's performance with AV Test. There, Trend Micro scored at 100 percent in 11 out of the last 14 zero-day detection tests for Windows 7 and Windows 10, and 99 percent on the other three tests.
In fact, average scores on the AV Test of zero-day detection have been going up, from under 97 percent in early 2015 to over 99.7 percent during the last Windows 10 testing round.
Another problem with some tests is how they measure successful detection, said David Dufour, senior director of engineering at Webroot.
Signature-based antivirus can spot malware early, but behavior-based systems have to wait for the malware to actually try to do something.