Comp-U-News from Comp-U-Talk
January  2014


"We tend to forget that happiness doesn't come as a result of getting something we don't have, but rather of recognizing and appreciating what we do have." ― Frederick Keonig

 


 

 

One of the hardest parts of my job is staying current on all the changes that happen in the computer industry. In my attempt to keep up, I religiously follow Stu Sjouwerman, a security expert. The following article was originally published at his blog site:
http://blog.knowbe4.com/bid/356556/CyberheistNews-Vol-3-49

It's what we've been saying for years. He just says it better and with graphs 


The Antivirus Industry's Dirty Little Secret



The Antivirus industry has a dirty little secret that they really don't want anyone to know. Despite the claims of their marketing departments, their products are not all that effective. Many of them are only protecting against at best 80% or 90% of the threats out there in the wild at any time.

Let's look at that in more detail. AV products need to protect against two general types of threats: ones that are known and threats that are unknown. The ones that are known, they have a signature for so they can detect the threat and get rid of it. This is called reactive detection.

Then, there are threats that are still unknown, usually new, fresh threats created by the bad guys. AV products need to protect against those in a proactive way, and antivirus software can be scored looking at how many of those new threats they block.

This type of scoring on both reactive and proactive detection is actually being done by the antivirus industry's premier site for insiders: Virus Bulletin. They have created so called RAP averages. RAP stands for "Reactive And Proactive". They test all antivirus products every few months, and measure how each product does in both reactive and proactive detections of a large amount of threats. And they create a graph where these scores are plotted for all products. The proactive score is on the X-axis, and the reactive score is on the Y-axis.

The results are far from pretty, and you see none of the antivirus vendors promote their results with this test, for good reason. One well known, major antivirus industry player is routinely scoring no better than 80% reactive combined with a 70% proactive. And people wonder how come PCs still get infected by malware.

Click here to see the most recent graph full size at Virus Bulletin: You can check there how your antivirus vendor is doing, be prepared for a shocker though: The Antivirus industry has a dirty little secret that they really don't want anyone to know. Despite the claims of their marketing departments, their products are not all that effective. Many of them are only protecting against at best 80% or 90% of the threats out there in the wild at any time.

Let's look at that in more detail. AV products need to protect against two general types of threats: ones that are known and threats that are unknown. The ones that are known, they have a signature for so they can detect the threat and get rid of it. This is called reactive detection.

Then, there are threats that are still unknown, usually new, fresh threats created by the bad guys. AV products need to protect against those in a proactive way, and antivirus software can be scored looking at how many of those new threats they block.

This type of scoring on both reactive and proactive detection is actually being done by the antivirus industry's premier site for insiders: Virus Bulletin. They have created so called RAP averages. RAP stands for "Reactive And Proactive". They test all antivirus products every few months, and measure how each product does in both reactive and proactive detections of a large amount of threats. And they create a graph where these scores are plotted for all products. The proactive score is on the X-axis, and the reactive score is on the Y-axis.

The results are far from pretty, and you see none of the antivirus vendors promote their results with this test, for good reason. One well known, major antivirus industry player is routinely scoring no better than 80% reactive combined with a 70% proactive. And people wonder how come PCs still get infected by malware.

Click here to see the most recent graph full size at Virus Bulletin: You can check there how your antivirus vendor is doing, be prepared for a shocker though: http://www.virusbtn.com/vb100/rap-index.xml  

 ~Janet