Skip to content

Major AntiVirus Software Offers ZERO Protection: Hacker Intelligence Initiative 2012 Report from Imperva

December 5, 2012

Results of Testing: More than 40 tested AV solutions provide zero protection against new viruses, and take weeks to update their signatures, according to new report from Imperva 2012 in-depth analysis. Thank you to Bill Mullins for finding this data. Thank you to Imperva

I have a PDF link to the report below and an executive summary of the findings.

It’s not a long report and I consider it a must read for this week! Lot’s of graphs and charts – easy to understand.

Hard to know what do do about it though…

HII_Assessing_the_Effectiveness_of_Antivirus_Solutions.pdf application/pdf Object.

Executive Summary:

Assessing the Effectiveness of Antivirus Solutions
Executive Summary
In 2012, Imperva, with a group of students from The Technion – Israeli Institute of Technology, conducted a study of more than 80
malware samples to assess the effectiveness of antivirus software. Based on our review, we believe:
1. The initial detection rate of a newly created virus is less than 5%. Although vendors try to update their detection
mechanisms, the initial detection rate of new viruses is nearly zero. We believe that the majority of antivirus products on the
market can’t keep up with the rate of virus propagation on the Internet.
2. For certain antivirus vendors, it may take up to four weeks to detect a new virus from the time of the initial scan.
3. The vendors with the best detection capabilities include those with free antivirus packages, Avast and Emisoft,
though they do have a high false positive rate.
These findings have several ramifications:
1. Enterprises and consumers spend on antivirus is not proportional to its effectiveness. In 2011, Gartner reported that
consumers spent $4.5 billion on antivirus, while enterprises spent $2.9 billion, a total of $7.4 billion. This represents more
than a third of the total of $17.7 billion spent on security software. We believe both consumers and enterprises should look
into freeware as well as new security models for protection.
2. Compliance mandates requiring antivirus should ease up on this obligation. One reason why security budgets
devote too much money to antivirus is compliance. Easing the need for AV could free up money for more effective
security measures.
3. Security teams should focus more on identifying aberrant behavior to detect infection. Though we don’t
recommend removing antivirus altogether, a bigger portion of the security focus should leverage technologies that detect
abnormal behavior such as unusually fast access speeds or large volume of downloads.
To be clear, we don’t recommend eliminating antivirus.

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: