Jump to content



Photo

Impervia antivirus effectiveness report


  • Please log in to reply
4 replies to this topic

#1 DocM

DocM

    Neowinian Senior

  • Joined: 31-July 10
  • Location: Michigan

Posted 02 January 2013 - 12:53

http://www.imperva.c...s_Solutions.pdf

Executive Summary

In 2012, Imperva, with a group of students from The Technion – Israeli Institute of Technology, conducted a study of more than 80 malware samples to assess the effectiveness of antivirus software. Based on our review, we believe:

1. The initial detection rate of a newly created virus is less than 5%. Although vendors try to update their detection mechanisms, the initial detection rate of new viruses is nearly zero. We believe that the majority of antivirus products on the market can’t keep up with the rate of virus propagation on the Internet.

2. For certain antivirus vendors, it may take up to four weeks to detect a new virus from the time of the initial scan.

3. The vendors with the best detection capabilities include those with free antivirus packages, Avast and Emsisoft, though they do have a high false positive rate.

These findings have several ramifications:

1. Enterprises and consumers spend on antivirus is not proportional to its effectiveness. In 2011, Gartner reported that consumers spent $4.5 billion on antivirus, while enterprises spent $2.9 billion, a total of $7.4 billion. This represents more than a third of the total of $17.7 billion spent on security software. We believe both consumers and enterprises should look into freeware as well as new security models for protection.

2. Compliance mandates requiring antivirus should ease up on this obligation. One reason why security budgets devote too much money to antivirus is compliance. Easing the need for AV could free up money for more effective security measures.

3. Security teams should focus more on identifying aberrant behavior to detect infection. Though we don’t recommend removing antivirus altogether, a bigger portion of the security focus should leverage technologies that detect abnormal behavior such as unusually fast access speeds or large volume of downloads.
>




#2 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 3
  • Joined: 30-November 01
  • Location: Iowa

Posted 04 January 2013 - 22:41

Thanks, that was a great read.

Glad Avast did pretty good. Besides the 4 week thing. Did better than MSE. But that's no surprise.

#3 Detection

Detection

    Detecting stuff...

  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 04 January 2013 - 22:54

Thanks, that was a great read.

Glad Avast did pretty good. Besides the 4 week thing. Did better than MSE. But that's no surprise.


Slightly offtopic, but everything digital is numbers these days right ? :D

I was wondering how long we had to wait for another milestone video, and to my amazement..... :laugh:

Posted Image

#4 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 3
  • Joined: 30-November 01
  • Location: Iowa

Posted 04 January 2013 - 23:00

^ aww already past.

#5 +goretsky

goretsky

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 12-March 04
  • Location: Southern California

Posted 05 January 2013 - 07:28

Hello,

For a differing point of view, here's something a colleague of mine who has been involved in testing anti-malware software for a long time wrote: Imperva, VirusTotal, and whether AV is useful.

Regards,

Aryeh Goretsky