Along with firewalls and good passwords, antivirus software is considered to be on the front lines of good computer and network security.
But now we find that we may not be able to trust those antivirus programs. According to an article in Computerworld, NSS Lab tested the software from 10 major security companies to see how the packages detected client-side exploits. The results were not encouraging. The article stated:
A majority of security software suites still fail to detect attacks on PCs even after the style of attack has been known for some time. The attacks are often done by tricking a user into visiting a hostile Web site that delivers an exploit, or a specially crafted code sequence that unlocks a vulnerability in a software application.
However, how reliable is the NSS Labs testing? Brian Krebs investigated the issue a little deeper at his blog, Krebs on Security. He wrote:
NSS doesn't make a lot of information available about its methodology, and this omission has driven much of the criticism of previous NSS Labs reports.
If nothing else, the report shows that no program is perfect, and business users may be safer with having more than one antivirus program, as well as making sure to keep up with the latest patches.