Anti-virus products are rubbish, says Imperva
‘Spend not proportional to effectiveness’
A study released in December by US security outfit Imperva has tipped a bucket on the multi-billion-dollar anti-virus industry, claiming that initial detection rates are as low as five percent, and concluding that enterprise and consumer anti-virus spend “is not proportional to its effectiveness”.
Working in conjunction with students from the Technion-Israel Institute of Technology, the company tested 82 malware samples against 40 anti-virus products including offerings from Microsoft, Symantec, McAfee and Kaspersky.
The test revealed that while catalogued viruses are well-detected, “less than 5% of anti-virus solutions in the study were able to initially detect previously non-cataloged viruses and that many solutions took up to a month or longer following the initial scan to update their signatures.”
Interestingly, the study revealed that virus writers improve their chance of evading detection by keeping a low profile. If an infection is spreading rapidly, it provides a large number of identical samples that feed into the anti-virus detection databases.
On the other hand, “variants that are of limited distribution (such as government sponsored attacks) usually leave a large window of opportunity”, the study states. That window of opportunity gives security teams a “blind spot”: if a zero-day virus gets past the first line of defense, security teams might not notice the infection until it’s become a crisis.
While stating that it does not advocate abandoning anti-virus products, Imperva suggests enterprise security should devote more attention to detecting aberrant behavior in systems and servers. Which, unsurprisingly, happens to be the company’s own specialty.
The full study is here. ®
Re: ...spend “is not proportional to its effectiveness”
@Eadon- because it costs less to licence MS + windows + servers than it does to employ a person who is skilled in the pre-requisites of such a Linux setup. £27 per PC gets us windows, all our CALS and office. Another 3k gets us 5 servers with all the VMS we need, sql, exchange, external connector, TMG and system center. Basically less than 20k per year. We cannot get a Linux sysadmin skilled in all the prereqs for that. Not to mention it would need a FULL rollout over the 8 weeks holiday with no system fallback. Me + assistant + guru would be hard pressed. That plus the change of MIS, retraining staff, students is simply not going to happen.
We binned open office (and libre office) due to the complexity of simple tasks such as:
-locking down a GPO of PCs under examination logins to remove spell check and grammar check facilities.
-universal templates based on logins (staff and pupils) with pupil templates residing on a central location edited by staff.
-feature lockdown for pupils i.e. dictionary additions.
-central rollout of default fallback styles
Old open office could accomplish this with a few batch files copying items on logon (the spell check logon was a bit hit and miss for the NEXT person logging in). This also meant that the files copied over needed access by users therefore COULD have been edited manually by certain people. Newer OO and LO do not let you do this anymore. In the end we use MS and GPO with system rights instead. Oddly enough MS then released EEC so we switched back.
I also assume you have never worked in a state school in a not-so-great area? We glue our power buttons so they cant be jammed open. We need to disable the intel hotkeys so all the screens aren't rotated 90 degrees permanently etc. Having an open Linux system would be tantamount to suicide from a tech point of view - I actually run a tech club (we play games for an hour basically) mainly so I can learn from the kids the newest driveby websites that screw up pcs or let them bypass browser lockdowns. I have also yet to see an open source system that can be rolled out and maintained by a small number of staff in the same way a GPO WSUS system can be- don't get me wrong I have 2 openfiler servers a few VMS with various FOG, apache, squid/dansguardian, moodle and "test" Linux distros (I tend to favour debian/ubuntu) and whilst i'm not technically inept MS has its uses.
Whilst open source is great in theory, it is only great if you have either lots of money to start with or lots of skilled staff. In the real world this is not possible and I does gall me to see people thinking open source is somehow free and that everyone should be able to do it.
The whole thing is a vast money making scam.
I wouldn't be surprised if these large companies covertly pay people in Outer Mongolia to create viruses and malware to keep the gravy train going.
I have never paid for AV and follow simple rules.
1 - Avoid warez, porn and dodgy gaming sites
2- Look for free alternatives. I have been running MSE and Spybot S&D for ages and only the odd bit of malware is ever found.
3 - NEVER open an attachment you do not trust or know where it's come from.
If you browse dodgy sites then by all means pay to block shit out, but if you are avoiding all the usual places then there's no need to pay at all.
Re: ...spend “is not proportional to its effectiveness”
@Danny 14 - back in the real world, why the hell is our government spending our tax on a poor operating system like Windows in schools?
Schools should be using open source licenced free software such as Linux and LibreOffice. These systems are mature, open, and are able to teach kids more about computers than a locked down, proprietary-standardised Microsoft (or Apple, come to that) platform.
It's a disgrace that our tax is being used to pay Microsoft to get our kids hooked on MS software. Even if you get discounts (first hit is free) it's still unforgivable.
Schools should be using Linux and then they wouldn't need to spend additional TCO tax payers cash on antivirus and other crap.