Main Area and Open Discussion > Living Room

Why the popular antivirus products simply dont work

(1/2) > >>

Josh:
http://www.zdnet.com.au/blogs/securifythis/soa/Why_popular_antivirus_apps_do_not_work_/0,39033341,39264249,00.htm

Antivirus applications from Symantec, McAfee or Trend Micro -- the three leading AV vendors in 2005 -- are far less likely to detect new viruses and Trojans than the least popular brands.

This has nothing to do with the quality of the software or how long it takes the respective firms to update their clients with signatures and other malware countermeasures.

AV companies continue to refine their products and most will tell you they stopped relying on purely signature-based systems many years ago. These days they use all sorts of clever methods to try and detect suspicious behaviour but the problem is that malware authors are also very clever. Very, very clever.
--- End quote ---

More at source

JavaJones:
I'm not sure how accurate this is in terms of statistics (8 out of 10, etc.), but it makes logical sense. It's easy to get pirated versions of most A/V apps so it's hard to imagine a malware author *wouldn't* pre-test their creations with at least one of the most popular ones. It's surprising that Norton still has 50+% market share, all the more reason to avoid them as an end user given the info in this story.

Anyone see any reason to dispute this? As I said it just seems logical to me. Of course it's only really important for "0-day" vulnerabilities - getting hit with something that hasn't been seen before. It's not too long before a new signature database is put out that fixes the problem and the likelihood of getting a 0-day attack is pretty low. Still, an interesting thing to consider.

- Oshyan

Josh:
I dont think this applies to just anti-virus products. It applies to any software. I mean, Windows has so many holes found because it is the most used OS. I guarantee, if macosx were the most used, it would have just as bad a name as windows does now. Dont get me wrong, the engines for these a/v's are good, they are just bypassed because its the majority marketshare holder.

JavaJones:
Yep, I tend to agree. In fact it'd be interesting to look at the statistics on exploited vulnerabilities - see if the ~5% market share of OS X corresponds to a similar exploit rate. :D

- Oshyan

Wordzilla:
Viruses are well tested before their release - all the time! Do we see viruses crippled due to internal bugs?

IMO, 'heuristic detection' shall always remain a joke if virus makers test their work against a/v products, and of course they do - you don't often see your a/v product pops up a message box that says "unknown virus/malware - cleaned", do you?  ;D

Well, I don't think those popular a/v products sometimes suck simply because they're market leaders; new viruses emerge and go wild undetected everyday because they are new and unknown.

Large anti-virus companies generally are more willing and able to put more resources into hunting new viruses and update their products, and of course, to fund the R&D of more advanced engines. This gives them a better edge against the less popular vendors. For many of those small vendors, they might not even get aware of new malware until popular vendors update their virus encyclopedias. The more vigilant and responsive your a/v product vendor is, the less vulnerable your system is.

80 percent miss rate
--- End quote ---

actually it talks about 80 percent of new malware, which might be a gross underestimation, if you define 'new' as 'within a week of first discovery/detection by someone'. AFAIK, none of those mentioned popular a/v products are good at detecting/eliminating new malware (actually they are most often blind and deaf even with up-to-the-hour patches.)

My suggestion is to install one or more anti-spyware products (best with real-time detection) in couple with your existing anti-virus program.

Nothing kills new malware - if they are new enough.  ;)

Navigation

[0] Message Index

[#] Next page