"We tend to forget that happiness doesn't come as a result of getting something we don't have, but rather of recognizing and appreciating what we do have." ― Frederick Keonig
One of the hardest parts of my job is staying current on all the changes that
happen in the computer industry. In my attempt to keep up, I religiously follow
Stu Sjouwerman, a security expert. The following article was originally
published at his blog site:
http://blog.knowbe4.com/bid/356556/CyberheistNews-Vol-3-49
It's what we've been saying for years. He just says it better and with graphs
The Antivirus Industry's Dirty Little Secret
Let's look at that in more detail. AV products need to protect against two
general types of threats: ones that are known and threats that are unknown. The
ones that are known, they have a signature for so they can detect the threat and
get rid of it. This is called reactive detection.
Then, there are threats that are still unknown, usually new, fresh threats
created by the bad guys. AV products need to protect against those in a
proactive way, and antivirus software can be scored looking at how many of those
new threats they block.
This type of scoring on both reactive and proactive detection is actually being
done by the antivirus industry's premier site for insiders: Virus Bulletin. They
have created so called RAP averages. RAP stands for "Reactive And Proactive".
They test all antivirus products every few months, and measure how each product
does in both reactive and proactive detections of a large amount of threats. And
they create a graph where these scores are plotted for all products. The
proactive score is on the X-axis, and the reactive score is on the Y-axis.
The results are far from pretty, and you see none of the antivirus vendors
promote their results with this test, for good reason. One well known, major
antivirus industry player is routinely scoring no better than 80% reactive
combined with a 70% proactive. And people wonder how come PCs still get infected
by malware.
Click here to see the most recent graph full size at Virus Bulletin: You can
check there how your antivirus vendor is doing, be prepared for a shocker
though: The Antivirus industry has a dirty little secret that they really don't
want anyone to know. Despite the claims of their marketing departments, their
products are not all that effective. Many of them are only protecting against at
best 80% or 90% of the threats out there in the wild at any time.
Let's look at that in more detail. AV products need to protect against two
general types of threats: ones that are known and threats that are unknown. The
ones that are known, they have a signature for so they can detect the threat and
get rid of it. This is called reactive detection.
Then, there are threats that are still unknown, usually new, fresh threats
created by the bad guys. AV products need to protect against those in a
proactive way, and antivirus software can be scored looking at how many of those
new threats they block.
This type of scoring on both reactive and proactive detection is actually being
done by the antivirus industry's premier site for insiders: Virus Bulletin. They
have created so called RAP averages. RAP stands for "Reactive And Proactive".
They test all antivirus products every few months, and measure how each product
does in both reactive and proactive detections of a large amount of threats. And
they create a graph where these scores are plotted for all products. The
proactive score is on the X-axis, and the reactive score is on the Y-axis.
The results are far from pretty, and you see none of the antivirus vendors
promote their results with this test, for good reason. One well known, major
antivirus industry player is routinely scoring no better than 80% reactive
combined with a 70% proactive. And people wonder how come PCs still get infected
by malware.
Click here to see the most recent graph full size at Virus Bulletin: You can
check there how your antivirus vendor is doing, be prepared for a shocker
though:
http://www.virusbtn.com/vb100/rap-index.xml
~Janet