back to article Anti-virus defences even shakier than feared

Anti-virus technologies may be even more ineffective than feared, if a controversial new study is to be believed. A study by web intelligence firm Cyveillance found that, on average, vendors detect less than 19 per cent of malware attacks on the first day malware appears in the wild. Even after 30 days, detection rates …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward


    Another virtually unknown security company tries to make a name for itself with unfounded hyperbole.

    It's getting old. We need headlines like my first sentence, then we don't need to bother reading the story. The trouble is your headline doesn't make it clear what's going on so we waste our time reading the story.

    Sorry. Monday. Nearly 5pm. Grumpy.

    1. beli bouton

      The JAW Syndrome - Just Another Wannabe!

      "an overall total data set of approximately 1,708 confirmed malware files" ?

      Why "approximately" ... can't they count ... and who "confirmed" them as malware ?

      Read on, and all becomes clear ... "every malware file had to be confirmed as malware by at least three AV vendors used in this study".


      Amateurish to the max!

      It's total Cyberwank!

  2. The BigYin

    How about...

    ...running an OS that is less likely to get royally shafted by malware? Y'know, because the user doesn't run as Administrator? Y'know, because the other OS actually has proper user security?

    Just asking.

    (Cue the down-votes)

    1. Anonymous Coward

      The problem is

      Most people I know _don't want_ to practice safe computing. I personally use a limited user account to reduce chances of infection and even go as far as using a virtual instance of Windows to test a software before actually using it if it's for Windows (I insist on doing the configure-make-make-install dance when working on Linux). However, most people I know won't even do that, citing that "it's irritating", "I only go to trusted sites" and "I have adblock plus and noscript, I should be safe".

      I say, personal security should be a course thought at grade/primary school.

      1. Cameron Colley

        Why configure; make; install?

        If the devs at <insert distro here> didn't spot the dodgy code then why do you think you'll fair better?

        Honest question with a slight air of scepticism.

      2. Mountford D

        Agree - users don't practice safe computing but...

        The problem is that Windows frequently require Administrator rights just to do anything. For example, some software we use require access to the registry as with any kind of installation and updates, no matter how trivial. This is the sort of thing users find frustrating and dispense with safe practices so that they can actually use their PC.

        1. Mark 65

          These days

          There is less reason these days to run as an admin in windows as 7 will happily pop up a prompt box for you to escalate your privileges. This means you can run as a pleb and the appearance (note I didn't say the underlying architecture) is much the same as OSX or Linux in this regard. It's more the hang-time of XP that's the issue.

          1. The BigYin

            @These days

            Yeah, and what a piece of crap that is. No password required! So any moron can escalate without needing to know the password for root access. It's bloody stupid.

            1. KarlTh


              [i]If[/i] your account is a member of the local admins then no password is required. If you are not, then one is. I do wish people would actually show they have passing knowledge of the technology before posting shit on these comments pages.

              1. The BigYin


                So if a local admin account is logged in and walks away without locking the PC, then any moron can just click "OK" and do what they want? FFS. It's still crap!

                *ALWAYS* challenge. Or store a time-limited permission or something. But *DO NOT* assume that just because the logged in account is "AdminBill" that the primate bashing the keys is also "AdminBill".

                I do wish people would think through basic security before commenting.

                1. KarlTh

                  @The BigYin

                  And do you know a single OS that does this? If I log into a Linux box, and open a terminal window as root, then walk away, is there any difference? People whinge about UAC enough as it is. At least it's applying the principle of least privilege even if you've logged in as admin.

                  How about non-admin accounts that have access to sensitive data on commercial networks? If JimBloggs has access to \\SecureServer\EmployeeSexualDeviancyRecords, and JimBloggs walks away without locking the PC, then any moron can read \\SecureServer\EmployeeSexualDeviancyRecords. Is that also crap? Should every attempt to access anything require a password?

                  There is a balance between security and usability - the most secure PC has no keyboard, no mouse, no monitor and no network port.

        2. KarlTh

          No excuse

          Installations - that's what Runas is for. Or log in as admin, install, then log out and back in with your limited user account. If the thing has particular locations and registry keys it needs write access to, then use "runas /user:administrator regedit" to set the necessary extra write permissions. Job done. Yes, there are still a few badly written apps that still won't work; again, runas is your friend. Only evelate what must be elevated.

    2. PuffyBSD
      Thumb Up

      That OS is OpenBSD

      .... and that OS is called OpenBSD.

    3. Paul Taylor 1

      Admin rights required ??.

      Unfortunately many corporate applications, such as certain accounting packages actually require the user to have local admin rights. Otherwise they will not run.

      I personally have had 4 machines go down this month, and were undetected by Trendmicro officescan 10.

  3. Trevor_Pott Gold badge

    I have to agree with this.

    Despite all the True Believers in anti-malware software...I've yet to see one that actually works. Something interesting crawls in through the browser, and anti-malware products to sweet FA about it.

    I have zero confidence in, faith in, or respect for anti-malware vendors. It is a lot like trying to believe Microsoft can make a phone or tablet that won’t fail miserably at everything forever. The faith has been lost, any sense of trust is ruined.

    You can’t rely on others to protect you from the big bad internets. It’s the wild west out there and you have to rely on your own abilities and knowledge. Be the quickest draw in town or be dead.

    1. jake Silver badge

      It's in the installer, Trevor.

      "You can’t rely on others to protect you from the big bad internets."

      I disagree. After I re-installed software on my techno-phobe Mom & techno-cant Great Aunt's computers, support calls from them dropped from three or four a month to zero. None. Zilch.[1]

      I switched them from Windows to a highly customized (for them) variation of Slackware. The installer was wetware, not so-called software ... it doesn't hurt if said installer understands the exact needs of the targeted users.

      Expecting a bog-stock OS install to be all things to all people on all hardware is the root of most end user problems, and no number of bandaids will change that.

      [1] To be fair, I had to go plug a new USB printer into Mom's computer a few months ago ... but I would have had to do that regardless of OS; she's afraid to plug anything into it.

    2. PuffyBSD
      Black Helicopters

      A combination of things is key

      When running windows (for the home user at least) :

      1.) You have to know what you are doing #1 (Geeks like us know what we are doing) that means you are less likely to even get infected in the first place.

      2.) You have to have a really good firewall running for Windows, like CoreForce, which is based on OpenBSD's PF firewall so when the anti-virus scanners miss malware you can at least block the malware on your system or just use an extra box with OpenBSD on it acting as a firewall/NAT box instead of CoreForce et. al.

      3.) Run a good anti-virus scanner or better yet three free ones that don't conflict with each other (as some do) and : AVG free antivirus, malwarebytes anti maleware scanner and some other free spyware scanner.

      The point is don't just rely on anti-virus scanners but incorporate them into an overall larger security framework : so don't throw the baby out with the bath water. That works for me on my XP box. I have three FreeBSD , OpenBSD and Windows XP computers. OpenBSD is the most secure and my favorite to use, by far, but certain software is non-trivial to port to it or get to run in binary emulation so I run Windows, as well, for that reason. I believe OpenBSD is the one true way in security but you have to know what you are doing : any idiot admin can make anything insecure.

  4. Kevin Pollock

    Finally moving to Mac

    I recently picked up a drive-by infection on my desktop PC (the AntiMalware Doctor infection).

    Having spent about a day trying to get rid of it with Malwarebytes (usually a good solution), I gave up and just reached for my Acronis image to do a "nuke and pave".

    Even though I operate my PC in a way that's easy for me to recover, I still lost about a day of productive time.

    So after years of resisting all things Apple I just ordered a Macbook Pro. I'll still run Office etc. using Parallels, but I'll do all my browsing through OSX from now on. I assume I'll have to start wearing more pastel shades of polo shirt too :-)

    By the way - I'd also recommend a sandboxed browser option like Sandboxie. It's free and it works pretty well. If I'd remembered to launch the sandboxed browser instead of my default browser I could have avoided the infection.



    1. <h1>Aidan</h1>

      No need for parallels.

      You can get Office for OSX.

  5. Keith Doyle

    Old news

    It's been apparent for quite a few years now that any self-respecting virus program would be tested against current anti-virus programs before its release. Long before a new attack is in the signature databases, it's obsolete. The whole concept is close-the-barn-doors-after-the-horses-have-bolted flawed and has become further corrupted by scare-tactics from Mcafee and Symantec in order to boost their flagging sales. There's much better ways-- keep your os up to date, as the latest features help more than any virus program-- those DEP and UAC features you curse are far better than anti-virus programs as long as you pay a little attention when those popups come up and don't just click OK on everything. Proper anti-virus needs better OS integration anyway, so that it doesn't just become a collossal drag on your system. Avoid using IE, keep your system up to date. Features like NoScript for Firefox and other means of using whitelists to restrict scripting on web pages is a big help, and speeds things up as well.

  6. jake Silver badge


    You have got to be kidding ... Who came up with THAT ugly abomination?

    On the other hand, it contains a handy flag. Remember the mantra: "Use of the word `cyber` in a serious manor means you will be summarily ignored by serious computer & network security people".

    1. John H Woods Silver badge


  7. Eddie Johnson

    The Only News Here

    Is that its actually being reported in the headlines instead of posted in the comments.

    Its been known for years that signature based methods were doomed to failure. While the vendors would never admit it, their secret acknowledgment was watching the default AV update period go from once a week to once a day to every 4 hours. Once they had your computer doing nothing but continuously downloading virus updates and rebooting it became a little hard to hide.

  8. Anonymous Coward
    Thumb Down

    huristics don't count?

    So . . Cyberveillance would seem to be a FUD generator.

  9. Adrian Esdaile
    Black Helicopters

    If they stomped it on Day Zero...

    ...there would be no media panic, no stampede of sheeple to their nearest Wal-Mart to buy the least U-Beaut Anti-Malware for a mere $99/year.

    It's a nice little earner the anti-malware crowd are in... Nice HDD you've got here, be a SHAME if anything HAPPENED to it, eh, sir?

    As for not running as Admin - yeah, sure, just as soon as EVERY software vendor actually catches up to Windows XP era security and stops writing software that NEEDS Admin to install, run, print, copy files, etc.

    Black copters, because are we SURE the Anti-writers aren't ALSO the Pro-writers?

  10. Tigra 07

    Common Sense?

    I don't know about you lot, but having antivirus that works 61.7% of the time sounds better than having no antivirus, which works 0% of the time.

    Careful browsing and scanning is key.

    If your downloaded music file is over 8mb, then use common sense and assume the worst

  11. David Adams

    Definition based detection

    Went to an AV Seminar last year and they admitted that definition based detection wasn't working and all AV providers were moving to Behaviour/Heuristic detection.

    The downside of this is the extra load it puts onto already strained machines.

    If you have a machine that just barely runs XP, AV software running full behaviour detection is going to kill it.

  12. Dick Emery

    Sandbox it!

    Do all web related activities in a Sandbox. Any malware will remain in the sandbox and get deleted on exit if you have it set up right.

  13. Robert Ramsay


    we already know that Norton and McAfee are shit.

  14. Anonymous Coward
    Anonymous Coward

    Obvious is obvious, claims Capt. Obvious, citing obviously flawed research

    I for me welcome this worthwhile contribution of about the same quality and topical aptness as other "security" and "malware protection" research published by everyone else in the industry, including the established anti-bad software vendors.

  15. Anonymous Coward
    Anonymous Coward

    No matter how smart you think you are

    ... malware writers are nowadays likely to be just that little bit smarter than you to allow them to "shaft you royally" as it has been put so nicely above.

    Why? Because they are highly skilled (you probably find most coders with good assembly knowledge on the "dark side") and highly motivated (there's sh*tloads of money to be made with no investment and minimum risk).

    Fact is that online crime pays big time until international crime inverstigators and the anti malware industry get their stuff together and cooperate in the same cross border cross functional way that service providers do, and twice organized crime.

    Because that's what we are facing here, mobs larger and more powerful than what the world has ever seen. Drug crime is a joke in comparison.

    And those guys combine zero moral inhibitions with a high level of creativity. No matter how careful you are about where to go and what you do on the web. Just for being online you will sooner or later get attacked, and without malware protection you will get 0wnd.

    No matter what OS you use, as the prime infection vector is your browser, it's plugins, and other software.

    No matter what firewall you use, as inbound attacks are only conducted by amateurs- pros _make_ you open your doors for them and you will not know what's happening until its over.

    That with over 50.000 new pieces of malware a day 'fingerprint' based approach doesn't cut it is clear to the good and the bad guys. The common anti malware approach nowadays is "if it walks like a duck and quacks like a duck...".

    This renders the article that sparked this discussion moot. And all the "Real men don't need Security Software" crap...

This topic is closed for new posts.

Other stories you might like