What the Antivirus Industry Doesn’t Want You to Know

What the Antivirus Industry Doesn’t Want You to Know

Most antivirus products are not that effective when protecting against known AND unknown threats. Learn more about the unique proactive protection provided by PC Matic SuperShield.–PC Pitstop

By Stu Sjouwerman, for KnowBe4.com Security Awareness Training

The Antivirus industry has a dirty little secret that they really don’t want anyone to know. Despite the claims of their marketing departments, their products are not all that effective. Many of them are only protecting against at best 80% or 90% of the threats out there in the wild at any time.

Let’s look at that in more detail. AV products need to protect against two general types of threats: ones that are known and threats that are unknown. The ones that are known, they have a signature for so that they can detect the threat and get rid of it. This is called reactive detection.

Then, there are threats that are still unknown, usually new, fresh threats created by the bad guys. AV products need to protect against those in a proactive way, and antivirus software can be scored looking at how many of those new threats they block.

Article continued here

This excerpt appears with permission from knowbe4.com.

127 total views, 1 views today

(Visited 27 times, 1 visits today)

14 thoughts on “What the Antivirus Industry Doesn’t Want You to Know

  1. Why have you not mentioned G Data out of Germany. I’m using it and it’s very good anti-virus program with a number of other features, that protect my computer.
    Also it’s not free.
    The old saying applies; “you get what you pay for”
    Cheers…..Will

  2. Good Day All! I hope All are enjoying a pleasant one. I haven’t used any Anti-Virus programs in years… I know definitely at least 6 1/2 years. I wasn’t using any Spyware apps neither, until recently when I installed Spyware Blaster… because it doesn’t sit in memory, eating up resources, slowing things down, nor disturbing me with annoying messages, updates, etc. So too, I am not using any Firewall. I am using Windows Vista on one computer and XP on another.

    The One Constant on both systems, since way back when… I have been using Winpatrol Plus. It gives me messages and prompts me when my Startup is being changed… and maybe for something else… but for the most part it leaves me alone, and does whatever it does, and apparently does a good job of it. At least I believe it’s that way. It also has a great database where I can look up files that I feel suspicious about, or the files IT feels suspicious about.

    It may be that I’m just Lucky… VERY Lucky… or that Winpatrol Plus is keeping an eye on things… like a Big Junkyard Dog. I am a heavy web user and spend most of my time there, or my computer is connected to the internet even without my presence, 24/7.

    I installed Avast not too long ago, and tried several AV Apps, because my Sweetheart was going to be Networked with my computer, and although, I feel secure about my stuff… it would be just my Luck to network her computer, and get my first virus, infecting her system to boot… so to speak.

    Avast made a huge mess of things one night when Vista was updating. Hours and hours of troubleshooting and repair for a common issue, talked about on many forums, yet not addressed by Avast at all. Said bye-bye to Avast. I found other AV apps to be resource hogs, and/or annoying in other ways. I ditched them all and took my chances. I installed Spyblaster and that was the end of it.

    If I were “You”, I’d do the same, do your backups, make your boot/rescue disk, and your restore points and keep those up to date… keep your system Lean and Clean… if you don’t Use it, Lose it! …and ditch your AV junk, for Winpatrol Plus and Spywareblaster… have even more guts and turn off your Firewall, and see what happens… Scan your system with whatever you want periodically and see if my theory is true… or if I’m just VERY Lucky…

    I’ll tell you one thing that WiLL happen, as long as you don’t get infected with anything… you’re system will run faster and more “smoothly”. I also use WiseCare 365 which runs every morning and cleans up EveryThing… like a Very Efficient Computer System Garbage Patrol… and Puritan Defrag to keep my file system high and tight. I use Paragon for my Backups, and WinDataReflector for stuff I want to Synch or have a small backup of… and a small variety of Boot/Rescue disks for any emergencies that may occur… like after loading some lousy AV app that vandalizes my file system like a Virus.

    Happy Holidays!

  3. The gist of the article is correct, in that all AV is in "reactive mode" – and only as good as the definitions – which are updated by each company as new threats are identified. A black list/white list is exactly the same thing – must be added by the company via an update to do you any good. So don't be fooled by PC Pitstop claims. I believe most (if not all) of the major players use Symantec's (owner of Norton) virus database, which is probably why they're not listed as they'd all be lumped together at around 90% with PC Pitstop.

    Identifying and removing malware are 2 completely different animals. Frankly, Trend Micro, Norton, McAfee, AVG, etc., etc. are all very similar for scan results – and all highly ineffective at removal – from my experience.

    I'll stick with Avast Free Edition. If your AV claims to be removing anything without rebooting (shutting the operating system down for removal), it's rubbish. I've yet to find something which Avast can't remove during a boot scan.

    You also need separate spyware protection, as all major players are lacking seriously in this department. Don't buy a bundle or suite because they're weak in AV or spyware, or both. I use and recommend Malwarebytes Pro (if you're using free edition, you can only scan after the fact, and must manually update) – with Pro you get active protection and scheduled updates and scans. Best $25 you can spend on your PC (lifetime license, not some rip off yearly fee).

    I can't stand the interface, but Comodo has a very good reputation for identification and removal of all malware. They'd be the exception for me if I were to purchase a bundle/suite. I believe they've been consistently ranked at the top for both categories.

    I don't work for these companies or make any money from them, just a satisfied customer of Avast Free Edition and Malwarebytes Pro.

  4. The 2 graphs seem to test 2 quite different sets of anti-virus tools.
    In the first graph the free MSE seems to out-perform many paid for solutions.

    Also, what does not seem to be discussed ever, is the setup complexities of various tools. I am in the computer business for decades and coming across some of the products I have no idea what the various settings do. Of what good is it to have the best tools which I cannot set up properly?

  5. AV makers have never claimed to stop 100% of malware attacks; they can’t, since they are reactive to specific attacks and can only be proactive in watching for general types of program activity. That they are stopping 80- to 90% of the garbage from getting to you means they are *very* effective, and the rest is up to the user being careful.

    This is yet another article which is slanting the facts to support their conclusion, it seems.

  6. Honestly?? This is just another advertisement for PCPitstop without proving it actually works better. Black and white lists to me slow down your computer so much it isn't worth it. I got rid of McAfee and Norton because of the resource drag on my systems. Surf smart and don't let your email open anything till you see who it is from. Run Malware Bytes often.

  7. This does not in the least surprise me. But what I want is concrete evidence that PCPitstop’s whitelist/blacklist approach achieves better results. (On the face of it, it should. But what I want is hard evidence.)

  8. Like Tom, I find this site lacking. Any reason why one of the biggest AV players, Symantec, is not represented? Can’t take it very seriously I’m afraid.

  9. I find it interesting TrendMicro is not tested and the site you refer to shows the last test of TrendMicro back in 2008. I believe you need a better source. Avid Fan of TrendMicro

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.