Proactive Detection Rates Over Last 12 Months
As technology advances, you would think your anti-virus would too, right? After all, that too is technology. However Stu Sjouwerman from KnowBe4, recently posted an article regarding the plummeting proactive detection rates for most security solutions. Stu stated,
“You would expect that with modern machine-learning techniques, proactive protection would improve, but it is going the opposite direction.”
In October 2015, according to Virus Bulletin, the average proactive detection rate was 78.56%. Since, the proactive average has been decreasing, and has currently dropped 11.96% to 66.60%.
PC Matic Historic Virus Bulletin RAP Test Results
|Date of Test||RAP Score||RAP Average||RAP High||RAP Low||PC Matic Proactive Score||RAP Proactive Average|
Is Your AV Proactively Protecting You?
With remediation being increasingly difficult after malware infections, taking a proactive approach is the best option. However, what solution provides that, considering the proactive detection rating continues to drop? PC Matic. As you can see from the chart below, PC Pitstop — makers of PC Matic — scored an average of 99.9% in both proactive and reactive detection.
Now, if you notice, the chart above is different from what is featured in Stu’s post. This is because PC Pitstop, and a few others are left out. PC Pitstop was not included in the Virus Bulletin chart featured in Stu’s post due to the false positives that flagged during the test. A false positive occurs when a safe file is categorized as “unknown”, therefore it was unable to execute. Virus Bulletin has a zero tolerance for false positives; therefore, PC Pitstop did not pass the test. The Virus Bulletin chart within Stu’s post features only those security solutions that passed the test.
That being said, we flagged 13,753 files as “unknown”, out of 850,000 good files. This leaves us with a false positive rate of 1.7%. Some may question our protection, due to the 1.7% false positive rate. However, many also feel the minor inconvenience of a false positive is most certainly acceptable if 99.9% of all malware is being blocked.
In the event of a file being classified as “unknown”, the file is blocked from executing until it can be tested and categorized as either safe or malicious by our malware research team. This takes place within 24 hours. If the user chooses not to wait until testing, they are able to bypass the waiting period, and whitelist the application/file on their own. This however, is not encouraged, but is doable.
What About Spam Filters?
Some may believe, what their security solution doesn’t catch, a spam filter will. This may be true for a portion of the phishing attacks, malicious attacks sent via email. However, they cannot catch them all. Stu breaks this down for us, stating,
“Simple math shows that 100+ billion spam emails are sent every day. Of those, 2.3 billion have a malicious attachment. One half of one percent (one in 200) of those makes it through the filters, showing a surprisingly high number of 11,500,000 every day. But let’s be conservative and just say millions.”
Virus Bulletin also provides a spam filter test. You may view the most recent results here.
To read Stu’s full article featuring additional details on the plummeting proactive detection rates, you may do so here.