Testing Labs
"Other security testing labs are available with other examples including AV-Comparatives, AV-TEST, and SE Labs, among others. "
Don't ignore UK based MRG Effitas, they seem to be more comprehensive than the others you listed.
NSS Labs has thrown a hand grenade into the always fractious but slightly obscure world of security product testing – by suing multiple vendors as well as an industry standards organisation. Its lawsuit, filed in California this week against CrowdStrike, Symantec, ESET, and the Anti-Malware Testing Standards Organization ( …
Its always been my experience from my time in the AV dogfood industry... if you can't compete in VB100, you pay NSS some money and presto, they'll find _some_ combination of X and Y axis's where you shine.
So it ends up being a bit of an extortion racket - pay us or we'll move the X and Y axis's back someplace else....
“NSS Labs is issuing a call for industry engagement from both enterprises and NGFW vendors to help shape and evolve the ninth iteration of our NGFW Group Test.” Read the full press release:
NSS Labs is the bastard child of unknown parentage in the testing world. They might as well label their reports "This is a stack rank of vendors who paid us the most".
The bias in this year's report really hurt what little credibility NSS had because IT people aren't dumb and saw through the bravo-sierra. So now they go to the next level of extortion: Lawsuit!
I reached out to one of those AV test labs to report an Android "antivirus" app that was using another companies AV engine that was in reality just a giant ad server and got absolutely no response.
If you want to see what's REALLY going on with these dodgy "antivirus" apps just enter the apps name here:
https://reports.exodus-privacy.eu.org/
You will see that these "antivirus" apps are the worst offenders as far as containg trackers.
Even the larger more well known AV companies are guilty.
Disgraceful.
(Ask Tavis Ormandy what he thinks about all these AV companies)
"the OS vendor should be made to secure their own product and reimburse companies that suffer because of bad security"
That's only part of the problem. The writers of the applications that sit on the OS also need to sort their shit out.
Next time your get one of these "invoice" emails with a MS Word attachment and a misspelled subject line, upload the file to Virustotal. You'll be lucky if half of the engines detect the malware, even two weeks later.
That gives a good inidication how much these "award-winning", "widely tested" packages are worth.