In October 2008 the leading vulnerability intelligence provider Secunia had been quite convinced that anti-virus products would exhibit poor performance in this discipline, given the name "anti-virus" which suggests a limited focus (though customers may still expect to be protected). This is why they decided to test some more "high-end" product bundles that are being marketed as comprehensive Internet Security Suites, thus leaving the impression that the user is "fully protected against all Internet threats". Secunia tested the following twelve Internet Security Suites against 300 exploits. The test results appear below:
These results clearly show that the major security vendors do not focus on vulnerabilities. Instead, they have a much more traditional approach, which leaves their customers exposed to new malware exploiting vulnerabilities.One could argue that this isn't a problem, since no single product can offer a 100% protection. Yet, many of these suites clearly indicate that they are comprehensive and offer protection against "all" Internet threats, thus many users would rightfully expect these suites to protect them against all current threats. The combination of security vendors not being able to detect exploits and users patching software too infrequently (almost one-third of all installed software lack one or more security related updates) leaves the door wide open for professional Internet criminals.