- Mar 10, 2012
- 1,030
- 34
- 91
From May 2013 to May 2014 Lastline Labs researchers (later acquired by VMWare) studied hundreds of thousands of malware samples, testing new malware against 47 vendors’ AV signatures featured in VirusTotal to determine which caught the malware samples, and how quickly. They found that, on any given day, at least half of the AV scanners it tested failed to detect new malware and after two months, a third of the scanners were still not detecting it.
On Day 0, only 51% of AV scanners detected new malware samples.
It took an average of two days for at least one AV scanner to detect malware that went undetected on the first day.
Detection rates bumped up to 61% after two weeks, indicating a common lag for AV signatures.
In one year, no single AV scanner caught every new malware sample in even one of the test days.
After a year, 10% of the scanners still do not detect some malware.
The 1-percentile of malware least likely to be detected was undetected by the majority of AV scanners for months, and in some cases was never detected.
[I abstracted this from the article, "Most Antivirus Software Is Lousy At Detecting Advanced Malware," by Engin Kirda, Ph.D., in Forbes Magazine, LINK]
Causes me to rethink whether it's wise to totally rely on MS Windows Defender.
On Day 0, only 51% of AV scanners detected new malware samples.
It took an average of two days for at least one AV scanner to detect malware that went undetected on the first day.
Detection rates bumped up to 61% after two weeks, indicating a common lag for AV signatures.
In one year, no single AV scanner caught every new malware sample in even one of the test days.
After a year, 10% of the scanners still do not detect some malware.
The 1-percentile of malware least likely to be detected was undetected by the majority of AV scanners for months, and in some cases was never detected.
[I abstracted this from the article, "Most Antivirus Software Is Lousy At Detecting Advanced Malware," by Engin Kirda, Ph.D., in Forbes Magazine, LINK]
Causes me to rethink whether it's wise to totally rely on MS Windows Defender.