Is It Time to Look Past AV Software?

Carl Weinschenk

Everyone is told to install and update their antivirus programs. This is considered a key element of good computer hygiene. Indeed, we are repeatedly told, only somebody with masochistic tendencies would run their machines without a good program.


Never mind. Secunia assessed the effectiveness of 12 common AV programs against 300 common exploits. The headline is that Symantec won in a landslide by detecting 10 times the number of exploits as the runner up. The fine print is more important, however: Symantec only found 64 of the exploits. Secunia is not alone. Other test organizations have found similar shortcomings in AV packages. The piece notes that AV-Test.org found some fault with the tests.


AV-Test.org also recently released tests, though the press release didn't pass judgment on the overall quality of the sector. The tests covered detection rates on adware and syware, false positive rates, scanning speed, proactive detection and response time to outbreaks. The heart of the release is a comprehensive chart of the results of the broad trial, which covered 35 products. The software was rated in up to eight categories, though some are not relevant to particular products.


Folks concerned with rating their AV products should also visit AV-Comparatives, which positions itself as a clearinghouse of independent information about AV products.


TenTopReviews offers another useful chart. The main categories assessed are features, scanning capabilities, updates, technical support and supported configurations. Each of these features several subcategories. The top finishers were BitDefender, Kaspersky and ESET. The chart is followed by the features Why Buy Antivirus Software? and What to Look for in Antivirus Software.


The canard that AV software is useless is dramatic but not, apparently, without a kernel of truth. PC World presents the views of a Trend Micro expert, who says that standalone AV packages are far less valuable than they were in the past. David Peterson, the consumer segment director for the company's ANZ business, said that most of the top 10 threats are not viruses. He pointed to downloaders, Trojans, keyloggers and phishing scams as more common enemies. What Peterson identified as signature-based approaches -- a more technical description of traditional AV software -- are more valuable in suites that combine a number of approaches.


I don't think that anyone should rip out their AV, and I don't believe that is what anyone is advocating. But the world of computer security is changing, and AV software -- both its makeup and whether it is grouped with other security tools -- must change as well.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Oct 20, 2008 9:35 AM DanielS DanielS  says:
While I've also know this for a while, it's scary at the number which I had no resource for testing them all. 64 out of 300 being the one to beat... Scary indeed! Reply
Oct 20, 2008 11:02 AM Jacob Thomas Jacob Thomas  says:
some defence is better than non at all! Reply
Oct 22, 2008 8:37 AM alex goldstein alex goldstein  says:
Why do we continue to focus on signature matching alone? Should we move towards behavior based products in conjunction with signature based products. Relying on AV alone is completely reactive, where there are tools that offer not only some of the most proactive defense, but also inherently include policy compliance.AV has it's place, but is by far the most resource consuming, and nominally reliable....any end point should have a multi-pronged approach to secure it properly. Reply
Oct 22, 2008 8:49 AM Rob Lewis Rob Lewis  says:
CarlYour article is absolutely correct. We believe our product Trustifier is part of the solution. Trustifier is a security subsystem that retrofits a trusted computing base to discretionary access computers as a defense to viruses, malware, and Cyber attack. It is in the SOLUTIONS Showcase of the AFCEA SOLUTIONS Wiki for Information Assurance at the url below.Robhttp://www.afcea.org/wiki/index.php?title=SOLUTIONS_Showcase Reply
Oct 22, 2008 9:48 AM Pat Bitton Pat Bitton  says:
Anti-virus alone has not been sufficient for comprehensive protection for some time. Today's security needs to encompass multiple layers - signature-based and behavior-based detection, transport mechanism and communication behavior monitoring - for multiple protocols and multiple channels. Every layer, including signature-based a-v - makes a contribution to the total protection. We should also not forget the importance of user education and policy design/implementation. Reply
Oct 23, 2008 4:49 PM Eirik Iverson Eirik Iverson  says:
Excellent article. Don't throw out your legacy tools but don't rely on them only. I've expressed my opinion about AV tests and malware defense in these two posts:http://www.securitynowblog.com/endpoint_security/secunia_report_signature-based_antivirus_misses_most_unknown_malwarehttp://www.securitynowblog.com/endpoint_security/signature-based-antivirus-and-hips-technologies-poor-endpoint-protection Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.