In an article published just before the New Year, the New York Times suggested that antivirus companies have a “dirty little secret: Its products are actually not very good at stopping viruses.”
The article referenced a study conducted by California-based digital security firm Imperva in November 2012. The study is deeply flawed and is based on a test of just 84 samples and yet it draws wild conclusions:
“We believe that the majority of anti-virus products on the market can’t keep up with the rate of virus propagation on the Internet,” the study stated. “[What] enterprises and consumers spend on anti-virus is not proportional to its effectiveness,” continues Imperva’s report.
I won’t be the first AV vendor to criticise the study and suggest it’s flawed. My industry associates at Kaspersky, Trend Micro and Sophos, have all publicly dismissed the methodology as unsound.
Not only was the sample size ridiculously small, but it was also poorly validated as the researchers used VirusTotal to do the benchmark, which only examines signatures, rather than running the samples on a live protected PC.
The arguments for the lack of credibility of this research are well versed in an article that appeared on Tech News Daily on 2 January headlined “Study faulting Anti Virus effectiveness may itself be flawed.” Check it out.
But first here’s my point of view: Antivirus protection is much more sophisticated than suggested in the study, which focuses on signature-based malware scanning, which most digital security professionals know is only one of several mechanisms used to reveal infected code.
Effective antivirus works in many layers, as even a basic attempt to remove protective software from a device would reveal, and these layers work together under one marquee to keep machines safe.
It’s a bit like vehicle security. A thief would have to pick the lock on the door, trick the ignition and hijack the immobilizer, three security systems that back each other up. And for those who have a lot to protect, they may have even taken the GPS tracker route. Security is all about understanding the value of the asset and then applying the necessary levels of protection.
Leave your car unlocked and the keys in the ignition? Is this what the folks who say AV doesn’t work are really suggesting you do with your digital assets?
To say AV is fundamentally incapable of responding quickly enough to today’s digital security threats is like saying today’s car locks are terrible at preventing high-speed police chases. You can make the argument, or you just park in a secure garage.
When you take into account other methods such as behavioral, heuristic, intrusion detection/prevention, reputation, link scanning and other mechanisms such as firewalls, anti-phishing and anti-spam, all of which are commonplace, it perhaps makes more sense to use another analogy to understand the many levels of AV functioning.
For example, it can be liked to an orchestra of instruments playing together harmoniously to make a composition rather than one lonely trumpeter. And yet still further, an orchestra is only part of what makes a successful concert. There’s the acoustics, the architecture, the audience, the seats they use. Maintaining digital security is a multidimensional endeavor that may appear to start on our desktop or laptop but extends to all of our Internet connected devices, including smartphones, tablets and e-readers.
Even still, to rock the house you need intellectual as well as technological innovation. Software that protects our children from social-media bullies or online predators has nothing to do with viruses and is just as or even more important than stopping your garden-variety click-jacking.
Don’t get me wrong: viruses can be catastrophic. But the likelihood of one completely destroying your digital existence – presuming you have the right security software installed and up-to-date – is much slimmer than the sensationalists would have you believe.
We realise that protecting your digital assets is a major concern for people and businesses. At AVG we offer you a comprehensive number of sophisticated solutions to ensure that our threat protection is as high as any AV vendor in the industry. And yes we are adding and developing new layers of protection to combat new attack methods, which are being developed in the fast moving world of cybercrime.