This article can also be found in the Premium Editorial Download "Information Security magazine: Comparing seven top integrated endpoint security suites."
Download it now to read this article plus other related content.
IBM ISS was rated lowest in this series of tests, crashing several times and scoring so poorly as to cause us to double-check that protection was enabled. IBM ISS leaves signature- based antivirus turned off by default, another indication that this product is typically used to augment another vendor's antivirus solution. IBM ISS has licensed BitDefender's antivirus and antispyware functionality in its endpoint suite, which we activated before starting our test regimen. The initial real-time test completed without the tool blocking a single file. According to IBM ISS support personnel, file copies across Windows network shares are not scanned, even with the on-write scanning option enabled. This stance mystifies us, considering that users could copy infected files on a file server back to their clients without any real-time protection.
The on-demand scanning was hardly better. The follow-up on-demand scan started off as expected, but halfway through the scan (according to the progress bar) scanning stopped and we were greeted with the message "Successfully Completed." However, the same GUI listed "Number of Files Remaining: 4,430" and we still counted 58.6 percent of our malware in the target machine's file system. This stop and start repeated several times during the scan. We re-ran this test several times, but 34.7 percent was the best IBM ISS managed in repeated
| on-demand scans.
This was first published in November 2007