The detection rate of new viruses by antivirus software is currently lower than 5%.
In a Hacker Intelligence Initiative study of 40 antivirus (AV) products (conducted by business security firm Imperva) the results suggest that it can take up to a month for 75% of the products to add viruses to their lists and begin protecting their customers against them. On average it took three weeks between information about threats being made available and AVs addressing them.
The challenge is that new viruses and malicious programs are being created and distributed on an industrial scale every day and that AV software needs to be updated continuously. Hackers and attackers understand AV products in depth and are able to design around their strengths and weaknesses.
The researchers ‘hunted down’ 82 viruses using a mixture of search, hacker forums and ‘honey pots’ and then tested them against 40 AV products. They conclude that AVs are fast to respond to malware that spreads rapidly but that blind spots exist when it comes to viruses with limited distribution.
The anti-virus products tested include paid-for and freeware (e.g. Avast), with little significant difference in performance between the two groups.
Imperva concludes that IT security should continue to use AVs but that they should also focus on what they call ‘aberrant’ behaviour. They give an example of a breach of information security in a US state. Once the initial breach had been successful, systems failed to notice that data was being accessed and moved around several times before eventually being moved out of the network by the hackers.
According to Gartner (2011) the global annual spend on antivirus software is $7.4 billion.
You can read the research findings (including some thoughts on the methodology) here.
Original source: ITProPortal