The State of PC Security

May 13, 2010 by in The Pit Blog

PC Pitstop Research analyzed 50,258 computers and found the following:

  • 23% of computers have no active security protection.
  • 14% of the computers had some sort of high level threat.
  • Spyware is the most common malware threat followed by Rogue Security Software.
  • Kaspersky protects the best against Rogue Security Software and Trend Micro is the worst.
  • Symantec protects against spyware the best, and Kaspersky the worst.
  • Trend protects the best against keyloggers and Avast fares the worst.
  • Kaspersky protects against viruses the best, and Symantec tails the pack.

Security Providers

This analysis looks at the security software actively running on the computer. A separate analysis, not part of this report, would analyze security software that has been installed but not active. The findings are that 23%, close to 1/4th of the computers, had no security software active. The analysis found a total of 40 different security products running on the target computers. For the purposes of brevity, this analysis focuses on the top 8 providers. Of those, Symantec/Norton is the king of the hill with 15.9% market share.

Malware Analysis

This study focuses on high level threats such as Rogue Security Software, Spyware, Viruses and Keyloggers. The study excludes lower levels threats such as malicious Browser Helper Objects, home page hijackers and tracking cookies. The good news is that 86.1% of the computers had no high level threats at all. Of the remaining 14%, the most prevalent form of malware is spyware. 10.5% of the computers studies had some form of spyware.

A new growing segment of malware is rogue or phony security software. This software becomes installed by popping up phony malware warnings. At the time of this analysis, 8.4% of the computers had an infection from this category.

Viruses were found on 1.8% of the computers. Last but certainly not least, key loggers and other surveilance software were found on 1.5% of the computers. This is a rather dangerous category since this form of malware can be used for identity theft, stalking, and other ugly and criminal activity.

This chart can be used to estimate the effectiveness of various security vendors across the malware categories. In the case of Rogue Security Software, Kasperspy was the winner. Of the computers that had Kaspersky protection enabled, only 6.7% of those systems had rogue security software installed. Contrast that to Trend Micro protection. Computers that had Trend Micro protection activated had rogue security software 14.5% of the time.

We define spyware as the software that is unintentionally installed on the target computer. Once installed, the software tracks user activity with the purpose of displaying advertising. Although perhaps the least malicious of the malware categories, it is also the most annoying. The king of the hill in spyware protection is Symantec/Norton antivirus. Only 9% of Symantec systems had some sort of spyware, as compared to Kaspersky which had 18% of their systems infected with spyware.

The reason why the entire security industry exists is because of viruses. Viruses are software written specifically to be mischevious or worse malicious. The king of virus protection is Kasperspy, and amazingly enough, the worst guardian against viruses is the market leader, Symantec.

Keyloggers are a category of software that is intended to monitor the activity of a target computer. Keyloggers can also be used for legitimate uses if the owner is aware that the software has been activated. However, once the user is unaware, they are suceptible to having their privacy invaded in a very major way. Trend Micro leads the pack and only .9% of their PC’s have a keylogger. The worst is avast! with 2.3% of their protected computers with known keyloggers.

Conclusion

The key conclusion is that no matter which software is running, users are still running a substantial risk of becoming infected. As we have done, one can analyze the strengths and weaknesses of all the competitors, but no matter which one chooses, there are still real and tangible risks. We believe that the customer expectation is markedly different than the reality. Customers believe that once they download or purchase a security software, they are invincible. Security software reduces the risk of infection, but it does not in any way eliminate that risk.

No one security provider is good at protecting against all aspects of security. As the analysis suggests, each vendor has some strengths and some weaknesses.

About The Study

This study analyzed 50,258 computers in April 2010. The data set was compiled by test records of PC Pitstop’s PC Matic or CA’s PC Tune Up. PC Pitstop developed PC Tune Up for CA. Both PC Tune Up and PC Matic are built on the principles of cloud computing. One of the major benefits is that all the malware scan information is stored on our servers. This enables us to quickly analyze, compile and share this report.

Both PC Matic and PC Tune Up use CA’s anti virus engine and signature file. Therefore this study analyzes strictly how well we as an industry detect the malware in CA’s signature file. CA has been omitted from the analysis, since CA does a great job of cleaning malware from its own signature.

Although this is a large study by most standards, we omitted many of the smaller security vendors for the purposes of accuracy and brevity. Speaking of brevity, this report was intended to be a summary. The scan records of 50,258 computers is enormous, and one can imagine all the other data that can be mined. Based on interest, we will continue to share more information about the state of the security industry.

We are very excited about the potential of this new data set and the potential of our cloud approach to security. We hope that by sharing this information that we all can build better products in the battle against malware.

More to Come

We are very excited about this report, but we feel that we are just scratching the surface. All of the information has already been collected, and based on public response, we are hoping to investigate the following areas in more detail.

Free vs pay software – Four of the eight security vendors distribute their software for free; Microsoft, AVG, Avira and avast!. Do the free vendors protect better or worse then their pay brethren?

Virus demographics – In many cases, we have cross tabs available for the data set for gender, age, and PC location. We can do an analysis whether our senior citizens are more likely than our youngsters to be infected. Or perpaps, whether women are more careful than men. Or on a serious note, whether infections happen more frequently in the home or business.

Malware prevalence – We are able to track real time which specific pieces of software are on the rise.

None – As noted, close to 1/4th of the computers had no security software. How well do they fare versus their protected friends?

Do you like this report? Do you want to see more? Leave us a comment below.

72 Responses to The State of PC Security

  1. how do I use this product and put into my computer?


  2. Edward says:

    Hmm, no NOD32? This is inconclusive.


  3. Pedro59 says:

    To give a complete analysis I feel CA should have been included in the lists.
    The comment “CA has been omitted from the analysis, since CA does a great job of cleaning malware from its own signature.” and the information that PCPitstop use it does not provide any statistical data to enable readers to select an anti-virus program to use.


  4. Mark says:

    I have had a computer in the house for over 25 years. The first came loaded with a very early version of CA EZ Antivirus and worked. I replaced that computer when the hard drive crashed due to overload. The next one and my current one also use CA, until they combined their product into their 2010 suite, at which time I started to have many site “access” issues – on secure sites. The final straw was when I uninstalled the program and became locked out internet access except for incoming text e-mail. I had to hire a consultant in an attempt to repair – resulting in having to restore my system back to factory delivery setting – losing all files (had back up on remote drive for most) .. still a pain to “reconfigure”. I now use Vipre and am very satisified with function, usage and customer support. I urge people to be careful – all systems respond differently to products – what works for one doesn’t necessarialy work for another.


  5. Van Heady says:

    Great article, Give us more more more. VH


  6. Richard says:

    I used AVG freeware for quite a while and I thought it was good as I had no problems with it,I then paid for it and everything was going well so I thought I would trust them with my malware on my e mails. To cut a long story short it didnt work and I could not un install it or re install it. I asked AVG for help and it was almost non existent. My PC suddenly went into a mode of starting and restarting and it took me 7 hours to get my PC in a working order. I then had to take it to a PC shop and I had to pay £70 to have it fixed. AVG did not want to know even thought I had just renewed for the next 2 years so just be warned all you people who are thinking of buying AVG


  7. Mack says:

    Having a hardware router is a great plan, and it’s possible to turn an older PC into one. If machines are dual boots, have different security software on them so that they can work on their strengths when needed. I have used Zone Alarm for a while, but running several machines, I tend to mix it up a bit. Lately ZA (Win XP) has been forgetting it’s settings and the machine has only failry recently had a fresh install. Vista Ultimate 64 bit has Comodo on Firewall and Virus scan and I will use other software now and then to check for spyware. Have just added Win 7 also for a while until I get the time and parts to build a new machine which will be dual boot with openSuse (I suspect).

    The answer it seems though, is to use Linux more for web browsing. It’s not infalible, but it’s a darn site better than Windows. I also use Paragon Hard Disc Manager to image my hard drives.


  8. P Quinn says:

    Thank you for a provocative report! Makes re-thinking a “must”.
    If no one single software solution is adequate, can you discuss the effects of running more than one vendor’s software simultaneously? Does this make sense? Does it create conflicts and sluggishness?
    Thank you!


  9. CJ Miller says:

    I’ve had and worked on computers since the 80′s and to this day the two best software programs for recovery and repair are Malwarebytes and Antivir. Up until two years ago I was reinstalling my operating system (wife and daughter also use the computer) at least once every six months. I’ve installed both and work well togther (paid subscription). What one doesen’t catch the other does! Malwarebytes tech support is the best! Help is usually available within a couple of hours. Solved every problem with one email. By the way wife and daughter now have their own computer. Security problem solved!


  10. Shayne says:

    Sweet article, well done.
    Personally I have used Norton, it’s hopeless.
    I then used CA, started off ok but went downhill, also no good.
    For the past year I have been using ESET security Suite, have found it to be fantastic. I ran/run all of these on 5 PC’s. ESET rocks!


  11. john says:

    I have used CA since it was orignally called Thunderbyte, before they went to the general public. Have used since 1995 and not had a problem ever. They are well worth the cost of $40. a year.


  12. Jack Matisoff says:

    Most users seem to have anti-virus and anti-spyware protection from my experiences, involved with the administration’s computer club here in Riderwood. In this Retirement community, of some 1700 residents, the free products offered have proven qualified, but additional web based scans would be desirable.

    Your comments will be appreciated. Thank you.


  13. jerry says:

    Most interesting but you say some 50,000 plus, computers analysed… I am maybe naive but this seems to be a very small sample. Unless you need to sample in a very small space of time. I have no idea how many computers PC Pittstop analyses but I hope, for you, that it is more than this. It could well be that with a greater sampling the numbers would change… who knows, unless you do it but I like your analysis and the idea of what you are doing


  14. David W says:

    This report is a decent attempt at decyphering data and gererating conclusions, but needs to be taken with a grain of salt.

    I don’t really see the point in not including all AV/Anti-Spyware solutions. The statistics should be generated by percentage infected systems with each software. Then it would make no difference if a company is big or small.

    The responses that always make me laugh are the ones saying “I’ve used so-and-so for years and never had an infection”. Um, the point of this article (which is the best point of the article) is that if you don’t occasionally scan with various products, you’ll never know if you have an infection or not. Each definitions signature is different. Just because yours doesn’t include certain malware definitions doesn’t mean that they’re not on your system. :-)

    Personally, I’d never run a single AV or all-in-one solution and assume that my system is clean. We have AVG Internet Security Suite on our home server scanning all systems daily, and a hardware firewall on our Draytek modem. Each system also has Avast 5, Malwarebytes Pro, SuperAntiSpyware Pro, and CounterSpy 4. Each and every one of these apps finds various things that the others don’t. I feel pretty good about our protection, but wouldn’t swear they’re completely clean either.

    If Eset (Nod32) wasn’t always conflicting with other programs, I’d still be using that. As it is, its not worth my time and effort.

    Also curious to the definition of “Rogue Security Software”. Does that include key generators? Because if so, and since 90% of the time that’s a false positive, I find that statistic to be very misleading. And since when is it the job of malware protection to police DRM? :-)


  15. JIM GALLOWAY says:

    Dont know for sure why Vipre is hardly ever mentioned but they have a product that works great and a good firewall is included.PC Pitstop and some of its products have been OK but they have marketed some really useless dogs too. I Pain good money for some of their products for years untill I finally figured out they did absolutely nothing to improve a computers performance. Jim G.


  16. Matt says:

    @Ann Distin: I wouldn’t use two different active virus scanners such as AVG and Norton at the same time. You may have as many virus scanners as you want on your computers, but only use ONE active guard. You could also get, say, AVG and Norton and just disable one of the active guards and leave the other running. Just make certain only one active guard (Like AVG’s resident shield) runs at a time. Running multiple active guards can cause them to clash and/or slow down your computer a lot.

    Very good report, by the way. Very useful. One thing I found funny though is this:

    “Do the free vendors protect better or worse then their pay brethren?”

    If you have to even ask that question, why would you pay for your anti-virus solution?


  17. Charles F Jones says:

    Great analysis and summary!

    One item of interest for your consideration in future analyses: what is the risk of creating problems, conflict with other security software, and/or potential for slowdown from having two or more such apps active on a computer? For example, I have AVG Free running, as well as Windows Defender (hard to get rid of…); is there a risk of the above considerations with such an arrangement. I also have MalwareBytes and AdAware on the system, but as far as I can tell, they are not actively running…or are they?

    Another item: I have used at various times Kaspersky, Norton, McAfee (“free” from Comcast), and Webroot Spy Sweeper. They all so hogged my computer’s resources that I uninstalled them. Can you consider an analysis of such resource use. I have a reasonable current system–1.9G processor, 1G RAM, 250G HDD–with a few TSRs operating.

    Keep up the good work!


  18. Ann Distin says:

    Thanks was Annoyed to find none are going to cover all my needs, may I use 2 products?


  19. BernM says:

    I do run various antivirus, etc. programs but, in my opinion, the most helpful in preventing any type of malware from entering my system is Email Remover.
    In being able to preview and know the sender of your incoming emails before downloading (or NOT downloading) them into your system is one of the best safety measures I can think of.


Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Scan with PC Matic

Sign up for our FREE Newsletter

Our weekly newsletter is packed with computer tips & tricks.
As a bonus, receive monthly emails with exclusive offers.

Which device is the most important to you?

View Results

Loading ... Loading ...


Contributors