Poorly done tests
They also forgot to test Bitdefender, and from what I can see it blocks the attack. It's rather odd they forgot to test one of the biggest players in the market.
The vast majority of consumer anti-virus products are still failing to block the Operation Aurora exploits used in the high profile attack against Google and other blue-chip firms last December, according to independent tests. NSS Labs evaluated the effectiveness of seven popular consumer endpoint security products to see …
In addition to subject, I am stuck. I sort-of agree with the test that AVG should block the attack in a uniform way, but I also agree with AVG if they block in co-operation with the user using Firefox. At least my government didn't piss around like the British. They said "stop using IE, end of". Of course, few people paid attention (looks like they're still using IE6 at work? I'm not IT so I can't exactly push my boss off his seat and look up the version, but I can tell you it ain't IE8 with the mucked up redesigned ick-factor-heavy URL bar and the stop/reload in the wrong place).
It would be *nice* if we could load a magical piece of software and it made all the problems go away, but that's not reality. We need to be pro-active in this and try to avoid following links that look/sound dodgy, not ordering from non-SSL sites, not running untrusted content, not opening unknown attachments (one of my mother's friends in Oz is compromised, as soon as she sends an email her system sends one from "Hallmark.com" with a zip file containing an eCard; and Yahoo mail says "uh-uh, that's a virus, don't touch it"). Just think what damage it could cause if there wasn't a relatively sane webmail interface in the way.
http://www.theregister.co.uk/2009/06/09/mcafee_update_snafu/ and a potentially revealing blog posting that might helped the Megasploit show that there's more to an anti-virus package than just one pass. How much stuff does it miss? Or, if heuristically-based, how many annoying false positives (why I gave up AVG for Avast).
There's a review at http://internet-security-suite-review.toptenreviews.com/mcafee-review.html which seems mostly favourable, but note that it is a dead dog when it comes to installing - the review says that during the installation process they could type faster than Word could keep up, plus after uninstalling a lot of crap was left behind (both files and in the registry).
Can't say if Avast is better, but - again - there's a myriad of things more than the one single exploit.
Actually i'm lying I don't bother running any AV at all.
There are still basically 0 viruses that effect Linux desktop users so why bother slowing down my machine.
The 1 'virus' that appeared last year involved you having to install a package and put your root password and could not spread to other users.
How can you say that choice of OS has nothing to do with it ?
This vulnerability only effect Windows systems - don't use windows and you are safe from this (and virtually all) vulnerability.
Sure you get hacked Linux servers, there are nearly always a result of mental permissions (i.e 777 in the entire www folder is common..) or silly password (you would be surprised at the amount of clients using admin or password as there FTP (sometime root) password.
Although my home (linux) gateway has snort and ossec installed on it to identify and stop know dos / ddos rootkits - snort also uses clamav signatures to detect any known virus (on any port) - again I do not need to slow down my desktop may having crap I do not need and the system is in place to protect the Windows machines in the house.
I feel I need to defend and continually make people aware of Linux benefits as its not like Linux has any 'real' advertisements.
Another thing I think people should be aware of is that no Linux company (that I know of) donates to the Republican party (unlike Microsoft) , if your happy giving money to those factards then fair enough - I personally believe Microsoft get enough money from me already (as I pay taxes which in turn is used to purchase microsoft products - when alternatives could work for a lots cheaper/free - it is MY tax money...)
anyway - enough ranting for one day.