Tracking real-world scans on systems over the first six months of 2017, Malwarebytes says that typical desktop anti-virus solutions are not adequate.
The company examined detection data from nearly 10 million endpoints, and discovered some of the most notable names in the anti-virus industry—even those who rank high in lab testing—are missing basic threats completely.
Report released
Malwarebytes released their data just before Halloween, and the report takes aim at current state of anti-virus lab testing. Coincidentally, while the company usually earns high marks in such tests, they say the true value of lab testing is yet to be determined, “as malware in the wild behaves in a manner significantly different from laboratory samples—even recently captured samples apprehended in security honeypots.”
Malwarebytes has been a key toolbox item to helpdesk and IT staffers for more than a decade. Often loaded on to systems for emergency malware removal, or to confirm that a system is clean after the other anti-virus product has ran, the software is well-known among IT pros.
In order to track what is being missed by typical anti-virus offerings, Malwarebytes examined instances where they were being used for remediation, and not when they had actively blocked a given threat. Moreover, the testing excluded potentially unwanted program (PUP) detections, focusing solely on malware instead.
When a detection was made, Malwarebytes checked to see what antivirus software was registered in Microsoft Security Center and recorded the vendor’s name.
Unnamed
Initially, Malwarebytes did not name the vendors who missed the most malware, however, the company did list a few of the more common failed detections. IRCBot (61%) and Kelihos (26%) were the top two missed bot detections, followed by the HiddenTear (41%) and Cerber (18%) ransomware families.
Malwarebytes repeated the test in October, to coincide with the larger report’s release. This time, they did name names.
Tracking nearly 4 million missed detections, and following the same methodology used earlier in the year; Avast, ESET, AVG, Kaspersky, and Norton were the top five products ranked by missed detections once Microsoft Consumer was removed from the figures (Windows Defender is on every system).
Considering the results after six months of tracking, Malwarebytes said the data shows that ‘new and improved’ AV appear to be the technology of the past, dressed in new packaging.”
“Even the top-rated, highly-lauded, “recommended buy” AV solutions continue to struggle in real-world applications.”
Failure impact
The Malwarebytes report is focused on the risks of missed detections, and the impact that has on consumers and businesses. The other lesson though, one that is not mentioned really, is that antivirus alone is not enough, and this has always been the case.
In the enterprise, long before a threat hits the desktop, it has to face off against other network protections.
The problem is the home users, where things like patching and software updates are inconsistent and awareness training as a whole is non-existent. Here, even though anti-virus has issues, it is still needed and will remain a solid defensive requirement for years to come.
The company has released a tracking map to the public, which is a live view of the test as detections happen.
IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers