New Studies Proving Non Immediate Reaction of Antivirus Tools to Threats

Pierluigi Paganini February 16, 2015

It has been outlined that most antivirus software do not detect all the malware and other threats that they should, leaving room for infection and motivating companies to look deeper for more effective solutions to the problem of online security.

The safety of an internet user against a threat of a virus infection is analogous to the use that you have on your computer. A computer with an internet connection is definitely an easier target for threats, in comparison to a computer that is simply used for off-line purposes. On the other hand, a computer that is updated regularly on the internet is definitely safer than a disconnected computer.

Recently, the Independent institute AV-Test issued an analysis that recorded 143 Million new malware samples in 2014 and 12 million new variants per month.

Damballa antivirus time to malware discovery

Computers that have specific operating systems, just like Windows, are more attractive to viruses. This is usually the case because most Windows users use their computer as Administrators, therefore they have the right to change their operating system. As a result of this action, the malware gets authorization to perform changes to the system on its own.  It is sure that even if you think that you are careful, it is not impossible for your computer to get infected with a virus that can harm it.

In fact, a recent study by security vendor Damballa that refers to the specific topic, thus the “power” of anti-viruses over companies that rely on them for the safety of their company’s systems, has been proven to be really disappointing as to its findings. To be more specific, this research has proven that the anti-viruses that are in use react really slow to the threats that infect their computers and so all the damage that was meant to happen has already happened.

“Damballa discovered that it can take more than six months for traditional AV tools to create signatures for 100% of the files.” reported Damballa.

The tests had been completed to four specific anti-viruses and have shown that a large percentage of malware threats has not been detected by the AV products and an hour after that Damballa has found them and detected them to be truly dangerous. One of the most surprising things that this research has proven is the fact that, even an hour later, 34 percent of them had the ability to “hide” from Antivirus products and the same situation continued after a whole day. Some days after that, Damballa highlights the fact that there were cases of malware files that were not able to be found, not even after six months.

“Damballa discovered that, within the first hour of submission, AV products missed nearly 70% of malware. Further, when rescanned to identify malware signatures, only two in three (66%) were identified after 24 hours and after seven days, the total was 72%.  It took more than six months passed for AV products to create signatures for 100% of the malicious files. The longer an infection dwells before discovery and remediation, the greater the odds of data exfiltration.” continues Damballa highlighting limits of defence based exclusively on Antivirus systems. 

Last year, malware researchers from Lastline Labs performed another study based on the speed of detection antivirus tools to new kinds of threats. This research also showed that a large percentage of new threats have not been able to be detected from antivirus software. This fact is not based on the lack of experience of researches, and of course is not based on some kind of “weakness” that antivirus scanners have. It is for sure based on the fact that the number if the creation of new kinds of threats cannot be compared to the number of the creation of the new anti-viruses.

After the specific studies, many of the companies that are supposed to use really good antivirus tools have been motivated and instantly started to look for other ways, in order to protect their computers and of course the really precious files that they possess. The ways that they used, such as sample analysis and network anomaly detection, has helped them to feel safer and keep their computers secure as the years pass by. Multilayered security seems to be the most effective tool that can be used, in the direction of safeguarding everything that is valuable and preventing online threats from actually damaging your computer.

Written by: Ali Qamar, Founder/Chief Editor at SecurityGladiators.com

Author Bio:
Ali Qamar is an Internet security research enthusiast who enjoys “deep” research to dig out modern discoveries in the security industry. He is the founder and chief editor at Security Gladiators, an ultimate source for cyber security. To be frank and honest, Ali started working online as a freelancer and still shares the knowledge for a living. He is passionate about sharing the knowledge with people, and always try to give only the best. Follow Ali on Twitter @AliQammar57

Edited by Pierluigi Paganini

(Security Affairs –  Antivirus, malware)



you might also like

leave a comment