Antivirus software – are they really protecting your digital goods ?

Imperva gatheres and analyzed about 80 non-catalogued viruses with more than 40 antivirus softwares.

They have learned that less than 5% of the solutions they have tested in their study could initially detect the previously non-catalogued viruses and also a lot of antiviruses took almost a month or even longer after the initial scanning to make an update for their signatures.

Number of weeks required to identify an infected file not identified in the first run

“Enterprise security has drawn an imaginary line with its antivirus solutions, but the reality is that every single newly created virus may subvert these solutions,” said Amichai Shulman, CTO, Imperva. “We do not believe that enterprises are achieving the value of the investment of billions of dollars in anti-virus solutions, especially when certain freeware solutions in our study outperformed paid solutions.”

Imperva worked with different methods for collecting more than 80 viruses. These 82 not reported viruses got tested in a virtual environment that made sure that they showed behavior indicative of viruses and in the same time they restricted the vulnerability of the computing resources.

The key findings of the reasearch and their implications of this report are:

Antivirus solutions have a hard time discovering newly created viruses - Even though antivirus creators are working constantly to update their detection mechanisms, the first rate of detection for new viruses by the analyzed software in the study was less than 5%.

The antiviruses analyzed in the study were unable to offer complete protection because they cannot keep up with online virus propagation.

Antivirus software have delays in updating signatures - In several cases of the study, the anti-virus solutions took up to four weeks after the initial scan to identify the virus.

Investment in antivirus is misaligned - In 2011, Gartner revealed that hom users spent about $4.5 billion on antivirus software while companies spent about $2.9 billion, totaling a $7.4 billion, that is more than a third from the amount of $17.7 billion that was spent on security software. You can add to all that some freeware antivirus in the study proved equally or even more effective than the paid software.

You must know that Imperva was not able to find a single antivirus product to offer complete protection; the solutions that offered the highest detection rate included two freeware antivirus products.

In spite of the inadequacy of the studied antivirus solutions, Imperva doesn’t encourage users nor companies to completely eliminate them. As an alternative, security squads are encouraged to concentrate on detecting unnatural behavior like fast access speeds or high volume of downloads, and adapt their security budgets on advanced solutions to comply with today’s threats.

You cand read the full report here.