Monday, December 14, 2009

Anti-spam test finds more is better

Using multiple spam filters increases the chance that junk e-mail will be blocked, while decreasing the chance that legitimate messages will be mistakenly classified as spam, Virus Bulletin, an industry intelligence firm, said on Monday.

In its latest tests of 14 anti-spam filters, the company found that a hypothetical filter — when given its test data, a collection of 200,000 messages — was 99.89 percent accurate, if it only categorized an e-mail message as spam when at least five of the individual engines classified the message as such. In addition, the meta-filter did not misclassify any legitimate e-mail message as spam.

"Anyone who has ever worked with an anti-spam solution will know that some spam emails are notoriously hard to filter, while some legitimate messages end up being marked as spam," Martijn Grooten, the firm's anti-spam test director, said in a statement. "It's therefore no surprise that no spam filter is faultless. However, the results of VB's test demonstrate that what is easy to filter for one product may cause trouble for another and vice versa."

The experiment matches results in the antivirus industry. University of Michigan researchers found that a single antivirus engine only detects 40 to 80 percent of malicious code in the first week following detection. Using multiple engines increased the chance of detecting new code. For example, four engines would increase to 90 percent the likelihood of identifying a malicious program.

Virus Bulletin called on anti-spam companies to cooperate and share information in an attempt to better detect spam.


No comments:

Post a Comment