Security News

On this page you will find links to selected IT-security related news articles from various sources, including news from conferences and some test results. Posts in this category might be written by externals and students. If you find some interesting news, please let us know!

Data transmission in consumer security products

We have conducted a study on data transmission in consumer security products, addressing the concerns of Internet users regarding the access and usage of their personal information. While computer security software has a legitimate need to send certain system information to its manufacturers, such as details of malware for effective user protection, it is crucial that programs do not indiscriminately transmit personal data without the explicit knowledge and consent of the system’s owner. This report provides valuable insights into the data-sending practices of popular consumer security programs.

We are delighted to announce that more information in addition to this report will be published in a report by PC Magazin, PCgo, The article (in German) can now be found here.

Continue reading…

NGFW Egress C2 Test: Assessing the Effectiveness of Outgoing Network Traffic Prevention and Detection Capabilities

In June 2023, AV-Comparatives conducted an NGFW Egress C2 Test to evaluate the effectiveness of NGFW products in detecting and preventing malicious traffic. In targeted attacks, one of the goals of APT groups is to establish control over a compromised system by opening a command-and-control channel (C2) to the command-and-control server operated by the attacker. If the attacker has already gained access to the system via a trusted relationship, or has delivered malware using phishing or USB drives, they can use C2 malware to open the C2 channel.

Continue reading…

The balance between performance (low speed-impact) and real-time detection – Enterprise products

In our most recent report, we continue our investigation into the potential impact of performance-enhancing measures implemented by anti-virus vendors on the malware detection capabilities of their products. Building upon last year‘s findings, we now shift our attention to enterprise products in this blog post. By applying the same methodology, our objective remains consistent—to assess the consistent malware detection performance of enterprise security products in specific scenarios. We maintain uniformity by utilizing the identical settings employed in our enterprise main-test series.

Continue reading…

Decreasing false alarms in enterprise security products

For many years, AV-Comparatives’ protection tests have included a false-positives test, to ensure that security products do not provide protection at the expense of plaguing the user with false alarms. From time to time, enterprise users send us false-positives samples that they have encountered themselves. This is very helpful to us in our research, and so we are now making it easier to submit FPs to us. 

Continue reading…

Upcoming AV-Comparatives’ Certification Tests 2023

Anti-virus test

As in previous years, we will be running certification tests for the following products:

We also offer various enterprise security tests, EPR/EDR tests and penetration tests.

Security vendors interested in any of above tests are invited to contact us no later than the 31st of March 2023.