Popular Antivirus Apps *Do* Work

You are here : Home→Topics→Latest Threats→Popular Antivirus Apps *Do* Work

Antivirus Software Essentials
Free Virus Removal Tools Top Windows Antivirus Top Spyware Scanners Top Internet Scams Email Hoaxes and Myths

Antivirus Offers
AntiVirus Coupon AntiVirus Gold Hardware AntiVirus Windows 95 AntiVirus AntiVirus McFee

Topics
Antivirus Reviews Free Antivirus Software Spyware / Adware Latest Threats Internet Scams Security Tips Viruses Explained Types of Viruses

Buyer's Guide
Gifts for Geeks and Gamers Antivirus Software for Windows Security Books for Home Users Antivirus Software Review

links
Related Links Helpful Links

Visitor Focus
Software Free Download Freeware Download Global Info System Matrix Directory Free Antivirus Software

Latest Threats

Popular Antivirus Apps *Do* Work

Written by lifang

February 20, 2008 13:59

The more a story gets told, the more the original story gets changed by each new storyteller. Sometimes, the story gets so far removed from the original, that the entire intent of the story is lost and new intent construed. Such is the case with the story of antivirus effectiveness, which was recently put through the spin cycle, wrung out, and reformed by Charlie White, editor of the Gizmodo gadget blog.

The story in question (the real story) revolves around comments made by a different Charlie - Charlie Ingram, GM of CERT Australia (AusCERT) - who spoke at a security breakfast hosted by MessageLabs in mid-July. Referring to emerging new malware, Ingram was quoted by ZDNet Australia as saying, "At the point we see it as a CERT, which is very early on -- the most popular brands of antivirus on the market ... have an 80 percent miss rate."

Ingram went on to hypothesize that this was likely because the malware writers were scanning their creations with the top antivirus scanners to ensure the new malware would evade detection.

No big news here, not even new news or old news. Antivirus is, after all, reactive technology and it's already been established that virus writers do a bit of 'beta' testing before they release their malicious code.

Fast forward to August 3rd and White's version on the story, which he titles "Popular Antivirus Apps Don't Work 80% of the Time". White claims, "Graham Ingram, the general manager of Australia's Computer Emergency Response Team says the most popular antivirus applications are about as impregnable as a screen door in a submarine, letting 80% of the creepy crawlies through."

So we've suddenly gone from the original point - 80% of new viruses may go undetected - to White's version which implies that 80% of all viruses go undetected. White then goes on to claim that "viruses don't come to get you, you have to actively infect yourself with them." Perhaps White has been so gadget-focused he missed out on the past decade of Internet and network worms that exploit security vulnerabilities to spread from system to system, or email worms that launch their infection automatically, or macro viruses hidden in legitimate Office files, or even adware and spyware that hijacks websites and forces drive-by installations on vistors.

Conflicting stories like these can lead to confusion and even distrust. To clear up some of that confusion, consider these points:

Antivirus software is definitely reactive - that's the whole reason behind signature updates. Schedule those updates to automatically check for new signatures at least daily. If your antivirus vendor doesn't offer daily updates, switch to one that does.
AusCERT is actively engaged in virus collection and analysis. That's their job. The threats they gather and dissect are far less likely to be in-the-wild, i.e. far less likely to pose any threat to your system.
Multiple scanners are widely used by ISPs and corporations to mitigate the risk of malware at the gateway - before it reaches your desktop. For example, if Symantec misses a new threat but McAfee detects it (or vice versa) and both scanners are being used, the threat is still stopped.

Still skeptical? As a reality check, consider carefully the impact if 80% of all viruses or even 80% of all new viruses actually did manage to make their way onto your system. It would be big big big news, because there's tens of thousands of existing malware and hundreds of new ones discovered each month (if not each week). Yet, relatively speaking, very very very few of these malware ever go on to infect users. So something must be working somewhere. And that something most likely includes antivirus software.