« SLED 10 : First Looks | Main | Flaming Heck! »

The two most popular anti-virus products on the market miss 80% of new malware threats, Australian Computer Emergency Response Team (AusCERT) general manager Graham Ingram reported late last month. Though he refused to name names, he did suggest they were the most popular products on the market;

"At the point we see it [at] CERT, which is very early on - the most popular brands of antivirus on the market … have an 80 percent miss rate. That is not a detection rate, that is a miss rate."

Why? Because malware makers are testing their products before release;

"I am not suggesting that there is a difference in the quality of the antivirus products themselves. What is happening is that the bad guys, the criminals, are testing their malicious code against the antivirus products to make sure they are undetectable."

His figures are borne out by the crew at Offensive Computing;

"Using our malware database we can confirm this fact. What's interesting is that AV programs fail differently. This is more proof that the closed-source, closed analysis methods have been woefully inadequate, albeit extremely profitable."



Posted by Geoff Palmer on August 10, 2006 5:42 PM |

Comments

I agree with the comment that AV programs slow down internet surfing. Add firewall and anti-spyware programs to the list as well. My dual boot XP Ubuntu Dapper desktop runs Firefox at least twice the speed in Ubuntu. Come to think of it everything runs twice as fast in Ubuntu as XP.

Posted by: rick reiter | September 20, 2006 10:36 PM

Either Graham was misquoted in the article, or he got up on the wrong side of bed that day. The figures are here: http://www.cert.br/docs/palestras/certbr-auscert2006.pdf Go to page 21. You will see that the major vendors DETECT 80% of viruses, not miss them.

Posted by: Anon | August 22, 2006 7:58 PM

And the more "features" they build into AV programs the more bloated they become...
I had a mate visit the other day and plug his XP lappy into my LAN. He was complaining about the delay he was experiencing when surfing and changing from one website to another. He thought my connection was slow, so I visited the same sites as him on my linux box. I had every website up and loaded before he had anything on screen. We tracked it down in the end to his AV program that was trying to pre-scan the website before allowing windows to display it....
At what point does (the unfortunately necessary for Windows) AV software go from being a help to a hinderance?
Disabling the AV program as an experiment enabled him to surf the web at the speed provided by the connection. How many people are complaining about poor connection speeds when just maybe their AV programs are causing the bottleneck?

Posted by: Chris Morris | August 15, 2006 11:45 AM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)