Study questioning effectiveness of anti-virus software comes under fire

Tools

Security firm Imperva has come under fire after publishing a study last month which suggested that anti-malware software may not be worth its often hefty investment.

In a report titled "Assessing the Effectiveness of Anti-virus Solutions" (pdf), Imperva concluded that the initial detection rate of a newly created virus is less than 5 percent, and that antivirus vendors may take "up to four weeks" to detect a new virus.

The ramification, says Imperva, is that enterprise and consumer spending on anti-virus software is not proportionate to its effectiveness. Though Imperva made it clear that it isn't asking companies to stop deploying anti-virus software, the company recommends that security teams should focus more on identifying "aberrant behavior" to detect infection.

As reported by PC Magazine, security experts have questioned the conclusions drawn from the Imperva study. For one, the meager 82 samples of malware that were tested were not deemed to be representative of real-world conditions; AV-Test alone receives a million samples of new and unique malware per week.

The use of online tool VirusTotal to perform the tests was also cited as a critical weakness of the study. It was pointed out that the anti-malware engines used by VirusTotal were standalone scanners that do not benefit from proactive scanning capabilities and cloud technologies found in a typical, modern anti-virus software suite.

NSS Labs research director Randy Abrams was highly critical of the study. As reported, Abrams said: "It is rare that I encounter such an incredibly unsophisticated methodology, improper sample collection criteria and unsupported conclusions wrapped up in a single PDF."

For more:
- check out this article at PC Mag

Related Articles:
Microsoft Security Essentials loses AV-Test certification
Tips and tricks for catching inside threats