Is Traditional Anti-Virus Software Really This Bad?


Is Traditional Anti-Virus Software Really This Bad?

A recent study by Imperva (a digital security company from Redwood Shores, CA) has ruffled some feathers within the anti-virus software community.

The initial detection rate of a newly created virus is less than 5%. Although vendors try to update their detection mechanisms, the initial detection rate of new viruses is nearly zero. We believe that the majority of antivirus products on the market can’t keep up with the rate of virus propagation on the Internet.
Imperva Hacker Intelligence Initiative December 2012

The suggestions within this study surely sparked the fiery rebuttal from those inside traditional anti-virus software circles. However, the follow up article from the New York Times -quoted below – provided the accelerant for the a full-on 5 alarm firestorm.

The antivirus industry has a dirty little secret: its products are often not very good at stopping viruses.
Consumers and businesses spend billions of dollars every year on antivirus software. But these programs rarely, if ever, block freshly minted computer viruses, experts say, because the virus creators move too quickly. That is prompting start-ups and other companies to get creative about new approaches to computer security.
Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt–New York Times 12/31/2012

Methodology is Challenged by Guess Who

“Not only is Imperva’s sample size minutely small, but their test has been based upon an utterly flawed methodology,” Graham Cluley, senior technology consultant at Sophos, an anti-virus software maker near Oxford, England, told TechNewsDaily today (Jan. 2).
“This ‘study’ and its conclusions are deeply flawed, wholly unreliable and massively biased,” tweeted Rik Ferguson of Japanese anti-virus firm TrendMicro yesterday, addressing the author of the New York Times piece.
Kaspersky Lab believes it is necessary to draw attention to a significant drawback in Imperva’s testing methodology, which makes it impossible to take these test results seriously,” a representative of the Russian anti-virus software maker told TechNewsDaily.
Study faulting anti-virus effectiveness may itself be flawed–nbcnews.com 1/2/2013

Forget about offending the AV industry if you like – no-one else worries about it – but consider whether you want to base your security strategy (at home or at work) on a PR exercise based on statistical misrepresentation and misunderstanding. Don’t look for The One True [probably generic] Solution: look for combinations of solution that give you the best coverage at a price you can afford. I’m thinking primarily about business users here, but the principle applies to home users too: the right free antivirus is a lot better than no protection, but the relatively low outlay for a competent security suite is well worth it for the extra layers of protection.
Imperva, VirusTotal, and whether AV is useful–eset.com 1/9/2013

Other experts caution against dismissing the Imperva findings:

The conclusions are consistent with a growing sentiment in IT security that anti-virus, or anti-malware, at best, really doesn’t help much at all,” said Jeremiah Grossman, founder and chief technology officer of White Hat Security in Santa Clara, Calif. “At worst, people who purchase anti-virus products are actually paying billions of dollars annually for their computers to be less secure.
Study faulting anti-virus effectiveness may itself be flawed–nbcnews.com 1/2/2013

Other Coverage:

A recent New York Times report suggests antivirus programs are useless because they don’t always detect new threats. But the report is misleading because it overlooks the fact that antivirus software can detect older threats that are just as dangerous as new ones, according to CIO.com blogger Constantine von Hoffman.
NYT Twists Imperva Antivirus Study into Utter Nonsense–cio.com 1/3/2013

AV vendors will surely dislike the results of a survey that declares their products useless. The truth, however, is that most of us still need what they sell.
Better off without AV? Not yet–blogs.csoonline.com 11/27/2012

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles