Last Updated on Thursday, 04 October 2012 18:13 Published on Thursday, 04 October 2012 18:13
If you pick the average person off the street and ask them about information security, most of them will likely associate the term with the antivirus software on their computers. Most "civilians" are unfamiliar with terms such as "HIPS," "IDS," "IPS" and the vast assortment of other security products commonly in use. Those sorts of things operate behind the scenes. But, AV packages are widely deployed and are often offered free of charge when you buy a new computer -- at least for the first 30 days.
But, as the malware war continues to escalate, it is reasonable to question the level of effectiveness that antivirus software, as a category, brings to the table.
"When last I looked, there were 78,500,000 unique instances of malware, according to AV-Test.org," said Paul Henry, security and forensic analyst at Lumension, a Scottsdale, Ariz.-based endpoint security company. "How in the world is anyone going to keep up with the signatures to inspect that large of a database?"
According to a survey released by FireEye, a Milpitas, Calif.-based company that specializes in defense against advanced targeted threats, malware that can slip through signature-based detection has nearly quadrupled in the past year alone.
"The problem with signature-based defenses is a scaling issue," explained Ali Mesdaq, security researcher at FireEye. "There are so many new exploits coming out every day that the signature databases can't scale to that level. Some sort of technology development will be needed before they will be able to handle the rapid increase in volume."
Meanwhile, a separate survey, conducted by Carbon Black, a Sterling, Va.-based vendor that focuses on security-related data collection, suggests that in most cases, just about any bug will be able to be detected by at least one of 43 antivirus packages on the market today. The bad news is that an effective matchup between the specific bug and the specific AV package on your customers' systems is nearly coincidental.
The Carbon Black team then tested how long it would take for the individual AV packages to catch up with the ones they had missed. "The results were a big surprise to us," said CEO Mike Viscuso. "What we found was that if an antivirus package did not detect the virus within the first week, it probably never would." [crn]