By Maria Korolov
Jan. 20, 2017
Is anti-virus software getting worse at detecting both known and new threats?
Earlier this week, Stu Sjouwerman, CEO of security awareness training company KnowBe4, looked at the data published by the Virus Bulletin, a site that tracks anti-virus detection rates. And the numbers didn't look good.
Average detection rates for known malware went down a couple of percentage points slightly from 2015 to 2016, he said, while detection rates for zero-days dropped in a big way - from an average of 80 percent down to 70 percent or lower.
"If the industry as a whole is dropping 10 to 15 points in proactive protection, that's really bad," he said. "Anti-virus isn't exactly dead, but it sure smells funny."
According to Sjouwerman, the Virus Bulletin is the industry's premier testing site. The tests are comprehensive, and consistent from year to year, so that a historical comparison is valid.
Several major vendors aren't included in these statistics, he said, because they declined to participate -- and implied that there might be a reason for that.
What's happening is that current anti-virus vendors aren't able to keep up with the attackers, he said, who can generate new malware on the fly.
"The bad guys have completely automated this process," he said. "It's now industrial strength, millions of new variants daily, in an attempt to overwhelm the existing anti-virus engines -- and guess what, the bad guys are winning."
He's not alone in pointing out the problems that anti-virus has been having lately, and other agree with the main thrust of his analysis.
"The report does sound pretty much in sync with what my feeling is, and what the industry is talking about," said Amol Sarwate, director of vulnerability labs at Qualys. "It's not an easy problem to solve. If they make antivirus too aggressive, it causes too many false positives. I think the hope for the future is a combination of multiple technologies. Anti-virus by itself cannot cut it any more."
It's bad, and it will continue to get worse, said Justin Fier, director of cyber intelligence and analysis at Darktrace.
"I would never tell a customer not to invest in it," he said. "But in regards to whether anti-virus is working any more -- I don't think so."
At its core, security reacts to events.
"It's hard to predict what the next big wave of malware or the next big attack platform is going to be and protect against it," he said.
Ransomware in particular is causing problems, said KnowBe4's Sjouwerman, because the malware is so profitable that the cybercriminals are putting more and more resources into development.