But one attack vendor where most security companies are still lacking is detecting malicious payloads that are written only to memory, also known as single-use malware. Malware can, for example, masquerade as a permitted DLL (Dynamic Link Library), which skirts around DEP (Data Execution Prevention) security features in OSes.
"This type of attack circumvents protections that lack behavioral analysis for these attacks," NSS Labs wrote. Only three products from Kaspersky, McAfee and Sophos have features to protect against that style of attack.
NSS Labs, which does not accept money from vendors for its testing, is selling the report on its website for $995.
Sign up for Computerworld eNewsletters.