- According to an interview with Dave Kennedy, Antivirus detect only 3-5% of currently active threats
- According to a study done by Imperva, the initial detection rate was less than 5%
- According to statistics published by Krebs, antivirus software detects about 25% of the most popular malware currently being emailed to people.
- According to a 2014 Lasline labs study, much of the newly introduced malware went undetected by nearly half of the antivirus venfors. After two months, one third of the antivirus scanners still failed to detect many of the malware samples.
The debate on whether or not an Antivirus solution is worth the money spent is not new. There have been surveys and studies comparing the effectiveness of the various security solutions out there for many years. Expect the debate to continue.
Like all security technologies, no one single line of defense creates ‘bulletproof’ security. Antivirus software is merely one, of many terribly incomplete solutions. Although when combined with other layers of security, it can help make you resilient against attacks.
The issue with antivirus software and malware authors is the fact that it is a cat and mouse game. A game of chase. Antivirus are the ones chasing after the malware authors and are therefore, always one step behind, playing “catch up” if you will. Malware authors simply keep shifting their point of attack or their approach to malware creation. In an article by the New York Times “it doesn’t take a lot to be a step ahead.”
The issue with Antivirus effectiveness is the difficulty in applying techniques that can reliably detect all the “new” malware that are constantly being deployed every day. For example, Heuristic detection is the most popular technique that AV’s currently use to detect new malware but this kind of detection can often cause false positives, which can be as destructive as false negatives. If the antivirus software employs heuristic detection, success depends on achieving the right balance between false positives and false negatives. This proves to be very challenging for the ever changing landscape of software and the fact that 80% of home users had some kind of Antivirus installed (source).
Symantec and McAfee, which built their businesses on antivirus products, have begun to acknowledge their limitations and to try new approaches. The word “antivirus” (https://en.wikipedia.org/wiki/Antivirus_software) does not appear once on their home pages because Symantec rebranded its popular antivirus packages to “Norton Internet Security”, and its corporate offering is now “Symantec Endpoint Protection”.