HD Moore posted up his thoughts to a recent NSS Labs report on some “anti-malware” testing. I’m not surprised too much by the results even though it still is a bit disheartening to see freer products scorer lower (where really they should score below the big boys with money). I just know that surfing the web doesn’t actually scare me, but I’m constantly wary and conscious of what I’m doing and what scripts I am allowing to run. I can’t imagine doing so on a Windows/IE box day-to-day anymore.

The real problems are user education and layered defenses (or risk mgmt), not some expectation that Anti-malware be perfect.