Effectiveness of Antivirus Programs - Page 3

MidnightCowboy · 31. May 2014, 06:46 AM

Below are a series of comments moved from the Best Free Antivirus Software review page on the main site. Long and mostly off-topic (in terms of the review) comments belong here in the forum where the pros and cons can be openly debated with greater consistency.

by Wolfram on 30. May 2014 - 20:51 (116515)
"Antivirus software can't keep up with new malware, Lastline Labs analysis finds"

"Much has been said, in recent weeks, about the state of AV technology. To add facts to the debate, Lastline Labs malware researchers studied hundreds of thousands of pieces of malware they detected for 365 days, from May 2013 to May 2014, testing new malware against the 47 vendors featured in VirusTotal, to determine which caught the malware samples, and how quickly.

The focus of this test is to determine how fast the anti-virus scanners catch up with new malware.

On any given day, according to Lastline Labs’ analysis, much of the newly detected malware went undetected by as much as half of the AV vendors. Even after 2 months, one third of the AV scanners failed to detect many of the malware samples. By averaging the daily detection rates, we are able to plot the pace at which the AV scanners catch up with the malware. The least-detected malware - that is the malware in the 1-percentile “least likely to be detected” category - went undetected by the majority of AV scanners for months [!!!], and in some cases was never detected at all.

Some other interesting findings of this Lastline Labs research:

- On Day 0, only 51% of AV scanners detected new malware samples.
- When none of the AV scanners detected a malware sample on the first day, it took an average of two days for at least one AV scanner to detect it.
- After two weeks, there was a notable bump in detection rates (up to 61%), indicating a common lag time for AV vendors.
- Over the course of 365 days, no single AV scanner had a perfect day - a day in which it caught every new malware sample.
- After a year, there are samples that 10% of the scanners still do not detect.

(...)

The 1% of malware that most effectively evaded detection in this dataset is likely to represent the kind of advanced malware created and exploited by cyber-criminals who are persistently and directly targeting and infiltrating organizations, as opposed to more opportunistic malware distributors."

source: http://labs.lastline.com/lastline-la...t-cant-keep-up

Their conclusion? The AV alone is not enough! Although I knew very well that, still, the situation is alarming.

The AV is not enough. The Antispyware is not enough. The Antimalware is not enough. The Firewall is not enough. The Antikeylogger is not enough. The Antirootkit is not enough. The HIPS is not enough. The "common sense" - when you navigate on the Internet - is not enough. Having patched browsers, plugins, and Operating Systems is not enough. Sandboxing and Virtualizing is not enough...

Then, what is "enough"?

Someone - like Mr. M.C., or Mr. Anupam - would tell me that, on his Windows PCs, he uses this, or that "personalized solution X", with excellent results. But is he absolutely sure that his PC is not infected with some sort of "Malware" impossible to be detected with the current "Security Solutions"?

"My machine is perfectly clean. I scanned it with "n" AVs! (where "n" is a Natural number higher than 1). Well, I have serious doubts that, in our days, there are left any "perfectly clean" PCs - no matter what OS they use.

But, why should we worry? After all, we do not manage Data-centers, or who knows what other critical production units. We are "home users". This generic category does not deserve certitudes...

The Final Solution? Let's convince Microsoft to introduce Windows in a ROM!

In a Read Only Memory you can not write ANY data. Therefore, the efforts of all Malware producers, from all over the world, will become useless. As a consequence, we could get rid of those "Security Suites" - which consume lots of computing resources and which shorten the life of our PC components.

Other advantages: if it's in a ROM, the OS will run much faster; there will be no more pirated copies (a ROM chip is much more difficult to be reproduced, than a DVD-ROM); and we will no longer waste our time with "updates". Every two, or three years, Microsoft will release a new version of Windows. We can either replace the ROM - which contains the OS -, or the entire PC.

Is this an utopian desire? You have millions of visitors, here, at Gizmo's Freeware. Why aren't you inviting them to sign an online Petition - addressed to Microsoft; a petition in which to require the company to put their OS in a ROM?

Thus, Windows might become even safer than Linux; or the BSDs; no matter how full of Security Holes will be. If Microsoft wishes so, they can put their Internet Explorer browser too, into the same ROM.

In other words, instead of endlessly solving "contamination" and "PC protection" problems, I propose you TO ABOLISH these problems.-

31. May 2014, 06:46 AM	#1 (permalink)
MidnightCowboy Site Manager Join Date: Aug 2008 Location: South American Banana Republic, third bunch from the left Posts: 14,154	Effectiveness of Antivirus Programs Below are a series of comments moved from the Best Free Antivirus Software review page on the main site. Long and mostly off-topic (in terms of the review) comments belong here in the forum where the pros and cons can be openly debated with greater consistency. by Wolfram on 30. May 2014 - 20:51 (116515) "Antivirus software can't keep up with new malware, Lastline Labs analysis finds" "Much has been said, in recent weeks, about the state of AV technology. To add facts to the debate, Lastline Labs malware researchers studied hundreds of thousands of pieces of malware they detected for 365 days, from May 2013 to May 2014, testing new malware against the 47 vendors featured in VirusTotal, to determine which caught the malware samples, and how quickly. The focus of this test is to determine how fast the anti-virus scanners catch up with new malware. On any given day, according to Lastline Labs’ analysis, much of the newly detected malware went undetected by as much as half of the AV vendors. Even after 2 months, one third of the AV scanners failed to detect many of the malware samples. By averaging the daily detection rates, we are able to plot the pace at which the AV scanners catch up with the malware. The least-detected malware - that is the malware in the 1-percentile “least likely to be detected” category - went undetected by the majority of AV scanners for months [!!!], and in some cases was never detected at all. Some other interesting findings of this Lastline Labs research: - On Day 0, only 51% of AV scanners detected new malware samples. - When none of the AV scanners detected a malware sample on the first day, it took an average of two days for at least one AV scanner to detect it. - After two weeks, there was a notable bump in detection rates (up to 61%), indicating a common lag time for AV vendors. - Over the course of 365 days, no single AV scanner had a perfect day - a day in which it caught every new malware sample. - After a year, there are samples that 10% of the scanners still do not detect. (...) The 1% of malware that most effectively evaded detection in this dataset is likely to represent the kind of advanced malware created and exploited by cyber-criminals who are persistently and directly targeting and infiltrating organizations, as opposed to more opportunistic malware distributors." source: http://labs.lastline.com/lastline-la...t-cant-keep-up Their conclusion? The AV alone is not enough! Although I knew very well that, still, the situation is alarming. The AV is not enough. The Antispyware is not enough. The Antimalware is not enough. The Firewall is not enough. The Antikeylogger is not enough. The Antirootkit is not enough. The HIPS is not enough. The "common sense" - when you navigate on the Internet - is not enough. Having patched browsers, plugins, and Operating Systems is not enough. Sandboxing and Virtualizing is not enough... Then, what is "enough"? Someone - like Mr. M.C., or Mr. Anupam - would tell me that, on his Windows PCs, he uses this, or that "personalized solution X", with excellent results. But is he absolutely sure that his PC is not infected with some sort of "Malware" impossible to be detected with the current "Security Solutions"? "My machine is perfectly clean. I scanned it with "n" AVs! (where "n" is a Natural number higher than 1). Well, I have serious doubts that, in our days, there are left any "perfectly clean" PCs - no matter what OS they use. But, why should we worry? After all, we do not manage Data-centers, or who knows what other critical production units. We are "home users". This generic category does not deserve certitudes... The Final Solution? Let's convince Microsoft to introduce Windows in a ROM! In a Read Only Memory you can not write ANY data. Therefore, the efforts of all Malware producers, from all over the world, will become useless. As a consequence, we could get rid of those "Security Suites" - which consume lots of computing resources and which shorten the life of our PC components. Other advantages: if it's in a ROM, the OS will run much faster; there will be no more pirated copies (a ROM chip is much more difficult to be reproduced, than a DVD-ROM); and we will no longer waste our time with "updates". Every two, or three years, Microsoft will release a new version of Windows. We can either replace the ROM - which contains the OS -, or the entire PC. Is this an utopian desire? You have millions of visitors, here, at Gizmo's Freeware. Why aren't you inviting them to sign an online Petition - addressed to Microsoft; a petition in which to require the company to put their OS in a ROM? Thus, Windows might become even safer than Linux; or the BSDs; no matter how full of Security Holes will be. If Microsoft wishes so, they can put their Internet Explorer browser too, into the same ROM. In other words, instead of endlessly solving "contamination" and "PC protection" problems, I propose you TO ABOLISH these problems.- __________________ Buy a Hoover and prove technology sucks.

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode