A new report into the effectiveness of anti-virus and anti-malware programs concludes that they are all generally hopeless at detecting new threats and therefore paid for solutions are a waste of money. The report, entitled Assessing the Effectiveness of Anti-Virus Solutions, was carried out by the University of Tel Aviv for business security firm Imperva.
In its tests the team at the University of Tel Aviv (UTA from now on) used a collection of 82 new malware files though a system which scans for viruses and malware using 40 different antivirus products. Initially the detection rate was zero! The UTA researchers re-ran the scan periodically over a number of weeks as the new virus samples were added to the various companies’ anti-virus definition updates. It was discovered that even the best-performing anti-virus software solutions took at least three weeks to get up to speed with the latest threats.
Imperva’s CTO, Amichai Shulman said about the startling research “Enterprise security has drawn an imaginary line with its anti-virus solutions, but the reality is that every single newly created virus subverts these solutions without challenge.” Shulman thinks that corporate stipulations to invest in anti-virus software would be better spent on other forms of security paired with any of the free anti-virus solutions. He added that “We cannot continue to invest billions of dollars into anti-virus solutions that provide the illusion of security, especially when freeware solutions outperform paid subscriptions.”
If you want to know where Imperva believes your company’s security budget could be better spent once you have replaced your paid-for anti-virus with something like the free Avast or Windows Defender/MSE then just have a look at its website. Imperva offers application and data security software and hardware as part of its SecureSphere Platform, case studies of its real-world usage can be found here. Hmm, there's nothing quite like getting a bunch of boffs to bash competing products, is there?