A recent study tested 40 antivirus software products — and not a single one detected any of the 82 new malware samples thrown at them. That’s right, zero. What gives?
The study, conducted by the University of Tel Aviv for the security firm Imperva, ran 82 new malware samples through an online malware-checking system that tests the files against 40 antivirus software products.
None of the programs recognized the samples as malware.
The researchers then ran the same samples through the system at one-week intervals to see if the detection rate improved over time.
Not so much — it took at least three weeks for any of the antivirus programs to add the new samples to their databases.
And the more popular antivirus products didn’t perform any better than the lesser known ones.
Imperva recommends rebalancing security spend
Antivirus software is a core part of Internet security. Are IT managers now supposed to abandon it altogether?
Not so fast, says Imperva. They don’t advocate ditching antivirus software entirely. They do however recommend using freeware instead of paying for subscriptions to antivirus products that only provide “the illusion of security.”
Avast and Emsisoft are the two free antivirus products Imperva recommends. Of the paid subscription services, they cited McAfee as an acceptable option.
In light of this eye-opening information, IT managers may be better off focusing on keeping software up-to-date and making sure sensitive data is encrypted.
Experts also recommend using behavior-based rather than signature-based antivirus software and restricting the applications that are allowed to run on your network, i.e., “application whitelisting.”