Antivirus programs are invaluable security tools, but they also have plenty of shortcomings, as a new study shows.
One of the most glaring issues is the failure to protect against malicious e-mail attachments, according to the study by NSS Labs. E-mail attachments are also one of the most common methods of spreading viruses, accounting for 15% of attacks.
Many of the antivirus products tested failed to catch malicious attachments before they landed in a user’s inbox, ComputerWorld reports. Malware was prevented from getting to the inbox just 36% of the time.
The applications did better when preventing malicious attempts from being opened or saved. Protection rates in that test jumped to 74%, a big improvement, but far from perfect.
NSS Labs’ tests also revealed other areas where antivirus programs failed to prevent many infections:
- Local file servers — Servers on a company’s network used to share files among multiple users can become repositories for malware if the server lacks its own security controls. Antivirus programs allowed malware to be downloaded from file servers 30% of the time.
- USB drives — As Internet security has gotten more attention, the popularity of using infected USB drives to spread malware has grown among hackers. Many antivirus applications fail to block those malicious programs, which exploit PCs’ autorun feature.
- “Single-use” malware — This is a newer type of malware that is written only to a machine’s memory, where it often goes undetected. For example, malware can pose as a permitted Dynamic Link Library to avoid security controls.
None of that means antivirus programs aren’t valuable.
However, the security holes in those applications could convince IT managers to rely less on endpoint security tools to keep viruses from being installed and use more tactics that prevent malware from reaching users’ machines in the first place.
That involves both installing perimeter security tools on the network and training users to avoid dangerous behavior.
The full NSS Labs report can be purchased from the security research firm’s website here.