The Antivirus industry has a dirty little secret that they really don’t want anyone to know. Despite the claims of their marketing departments, their products are not all that effective. Many of them are only protecting against at best 80% or 90% of the threats out there in the wild at any time.
Let’s look at that in more detail. AV products need to protect against two general types of threats: ones that are known and threats that are unknown. The ones that are known, they have a signature for so that they can detect the threat and get rid of it. This is called reactive detection.
Then, there are threats that are still unknown, usually new, fresh threats created by the bad guys. AV products need to protect against those in a proactive way, and antivirus software can be scored looking at how many of those new threats they block.
This type of scoring on both reactive and proactive detection is actually being done by the antivirus industry’s premier site for insiders: Virus Bulletin. They have created so called RAP averages. RAP stands for “Reactive And Proactive”. They test all antivirus products every few months, and measure how each product does in both reactive and proactive detections of a large amount of threats. And they create a graph where these scores are plotted for all products. The proactive score is on the X-axis, and the reactive score is on the Y-axis. An example is the one at the top of this post.
The results are far from pretty, and you see none of the antivirus vendors promote their results with this test, for good reason. One well known, major antivirus industry player is routinely scoring no better than 80% reactive combined with a 70% proactive. And people wonder how come PCs still get infected by ransomware, banking Trojans and other malware.
The bad guys know this, and count on it. That is why having antivirus (end-point security if you will) creates a false sense of security. Yes, you need antivirus, but don't rely on it for 100% protection. It is just as urgent for your defense-in-depth to have all employees do regular Internet Security Awareness Training and enforce compliance. Just one employee in a weak moment gets social engineered, clicks on a phishing email, and can cause untold grief, losses of hundreds of thousands of dollars, and massive legal bills.
Source: blog.knowbe
Comments
Post a Comment