Feeds

Anti-virus protection gets worse

What is this thing you call heuristics?

The Power of One eBook: Top reasons to choose HP BladeSystem

Antivirus software is getting worse at protecting users from new threats, according to two reports which found malware authors are getting better at disguising their creations.

German computer magazine c't studied 17 antivirus programs and exposed them to completely new samples of malware. What they found wasn't encouraging. Detection rates sank to 20-30 per cent, from 40-50 per cent in a similar test last year.

The c't researchers also created variants of known viruses and found that virtually all of the scanners missed at least some of them.

Plenty of questions remain about the report, which is scheduled to be published in January. (Heise has a brief synopsis of the report here.) It would be helpful to know the methodology and what products were tested.

But taken at face value, the research raise questions about the effectiveness of heuristic engines. Heuristic scans examine the code inside a file for suspicious behavior and flag those it thinks have a high likelihood of being malicious. Because they don't need virus definitions, they can provide better protection immediately following the release of a new virus.

A second report, released Thursday by researchers from Kaspersky Labs, said online scanners may be contributing to the deterioration of heuristics. Sites such as VirusTotal, for instance, allow a user to scan a suspicious file. The site then compares the code against 32 antivirus products to check for malicious code.

"But as so often happens, something that can be used for good - helping users check the integrity of their files - can also be used by virus writers," the researchers note. "They quickly caught on to the fact that services like the ones mentioned above could be used to test how well their creations can evade popular antivirus solutions."

They document websites such as AvCheck.ru, which charge as much as a dollar per scan and promise not to submit the files to antivirus companies. That way, malware developers can be assured their works in progress won't be sent to antivirus companies.

Bright spots in the c't report: Eset's NOD32 detected 68 per cent of the completely unfamiliar attacks. And F-Secure was "able to perform convincingly in the behavioural blocking test", which measured how well a product protected a machine from getting infected. Kaspersky and BitDefender also got high marks. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.