Commentary
Is Antivirus Software Slipping?
A "study," released by a security firm just yesterday, points out the well-known weakness in signature-based antivirus software. But does this mean you shouldn't rely on antivirus software?A "study," released by a security firm just yesterday, points out the well-known weakness in signature-based antivirus software. But does this mean you shouldn't rely on antivirus software?The study, which was conducted by anti-botnet vendor Damballa (which has an obvious chip in the game at pointing out the weaknesses of antivirus), says that the antivirus software it used immediately spotted barely half of all of the malware samples the company threw at it.
From DarkReading.com:
More Security Insights
White Papers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
Reports
More >>Webcasts
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
- Maximize ROI with Database Consolidation onto Private Clouds
Antivirus software immediately discovered only 53 percent of malware samples, according to data gathered by Damballa in a six-month study that used McAfee Scan Engine v5.3.00 to scan more than 200,000 malware samples. Another 32 percent were found later on, and 15 percent were not detected at all. The average delay in detection and remediation was 54 days.There are a couple questions I have about this analysis. First, only one antivirus engine was used, which limits its usefulness, despite McAfee Scan Engine being widely used. No where in the DarkReading story, or on Damballa's site, could I find details on how the 200,000 malware samples were picked, or where they were picked from.
Certainly, if you pick newly released, low-risk, barely spread bots and Trojans -- and there are tens of thousands of them -- antivirus will fare quite poorly. Many times, because the torrent of malware runs so fast, antivirus firms need to focus their resources on the real-world threats first. Just as they should.
A decent study would be to take a number of systems protected by antivirus and a basic firewall, and model the possible usage patterns of low-risk individuals (technically-savvy folks who don't go to risky places and aren't easily duped into opening risky attachments), and medium and high-risk users who would be more inclined to perform such behavior. Use real people, going to commonly used Web sites and peer-to-peer networks (for the risky group), and see how the technology does.
My bet is that the low-risk group would run into very little trouble.
That said, antivirus won't, and never has, done a good job at protecting people from targeted and zero-day attacks. That's what your firewall, coupled with a lot of common sense, should do.
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Resource
This is your portal to all the news, product information, technical data, and other information related to the topic of computer user authentication and certification. Visit us to find out how to ensure that computer users are who they say they are.
Learn More
