Anti-virus products fail to protect against attacks

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
IT Pro Portal said:
Anti-virus products on the market provide zero protection against new, unreported computer viruses and take weeks to update their signatures to handle such security threats, according to an eye-opening new report from Imperva.

The data center security solution provider called the more than 40 anti-virus software products it tracked for a recent study "woefully inadequate" at protecting IT assets from 82 newly created viruses that company researchers unleashed on them.

Imperva also reported that it took "up to a month or longer" for 75 per cent of anti-virus solutions to add those viruses to their signature lists and begin protecting against them.

Consumers and businesses spending big money on such products are only getting an "illusion of security" in return, the company said in its most recent Hacker Intelligence report, which details the findings.

"Enterprise security has drawn an imaginary line with its anti-virus solutions, but the reality is that every single newly created virus subverts these solutions without challenge," Imperva CTO Amichai Shulman said in a statement.

"We cannot continue to invest billions of dollars into anti-virus solutions that provide the illusion of security, especially when freeware solutions outperform paid subscriptions," he added.

In fact, Imperva found that two free anti-virus solutions - Avast and Emsisoft - were on the short list of tested products that "provided protection" from emerging IT security threats.

Imperva noted that it would be impossible for any anti-virus product to identify and quarantine a brand new virus, but cautioned that the real issue was the lag time between information about such threats becoming available and the three weeks on average it took the tested AV products to finally address them.

Read more: http://www.itproportal.com/2012/12/05/report-anti-virus-products-fail-guard-against-new-attacks/
 

3link9

Level 5
Verified
Oct 22, 2011
860
Interesting.
Zero-Days are really becoming a bigger problem everyday. You need more than just a simple signature AV.
Nice to see Avast and Emsisoft on the short list of provided protection against Zero-Days
But one question, When did Emsisoft become free?
 

madyrocksin

New Member
Jul 30, 2012
510
3link9 said:
But one question, When did Emsisoft become free?

I think they are referring to the limited free edition
Emsisoft is undoubtedly one of the great, but never new Avast was this good !!
 

Tom172

Level 1
Feb 11, 2011
1,009
IT Pro Portal' dateline='1355165681' said:
Anti-virus products on the market provide zero protection against new, unreported computer viruses and take weeks to update their signatures to handle such security threats

Wrong.
 

madyrocksin

New Member
Jul 30, 2012
510
gave a look at the pdf file and still didn't get why AVAST and why not TrendMicro (didn't read it thoroughly)


Tom172 said:
IT Pro Portal' dateline='1355165681' said:
Anti-virus products on the market provide zero protection against new, unreported computer viruses and take weeks to update their signatures to handle such security threats

Wrong.

mind explaining a bit ???
 

3link9

Level 5
Verified
Oct 22, 2011
860
madyrocksin said:
3link9 said:
But one question, When did Emsisoft become free?

I think they are referring to the limited free edition
Emsisoft is undoubtedly one of the great, but never new Avast was this good !!

But the free version of Emsisoft doesn't provide protection at all, All it is is an Signature-Only OD scanner.
Which means you can't use its Zero-Day behavior blocker (Mamutu) which also isn't free at all.
 

mikey

New Member
Nov 29, 2011
18
3link9 said:
But the free version of Emsisoft doesn't provide protection at all, All it is is an Signature-Only OD scanner.
Which means you can't use its Zero-Day behavior blocker (Mamutu) which also isn't free at all.

I guess you haven't ever heard of OnlineArmor.

Ref; http://www.emsisoft.com/en/kb/articles/tec120710/
 

3link9

Level 5
Verified
Oct 22, 2011
860
mikey said:
3link9 said:
But the free version of Emsisoft doesn't provide protection at all, All it is is an Signature-Only OD scanner.
Which means you can't use its Zero-Day behavior blocker (Mamutu) which also isn't free at all.

I guess you haven't ever heard of OnlineArmor.

Ref; http://www.emsisoft.com/en/kb/articles/tec120710/

Yes I have, I have a running licence for it and used it many times but it doesn't say they used OA, The article says "free anti-virus solutions" Nothing about a Firewall.
That and I'm not 100% sure that the HIPs in OA is free, Correct me if I am wrong since I only used the paid version.
 

Ramblin

Level 3
May 14, 2011
1,014
madyrocksin said:


Tom172 said:
IT Pro Portal' dateline='1355165681' said:
Anti-virus products on the market provide zero protection against new, unreported computer viruses and take weeks to update their signatures to handle such security threats

Wrong.

mind explaining a bit ???



Hi mady, I agree with Tom. Antiviruses are not providing protection against Zero day theats (new threats) when they take weeks to update their signatures. I think the first sentence of that article is not well written.

Programs that don't use signatures, like SBIE and DefenseWall for example, do provide protection against Zero day threats.

Bo
 

3link9

Level 5
Verified
Oct 22, 2011
860
bo.elam said:
madyrocksin said:


Tom172 said:
IT Pro Portal' dateline='1355165681' said:
Anti-virus products on the market provide zero protection against new, unreported computer viruses and take weeks to update their signatures to handle such security threats

Wrong.

mind explaining a bit ???



Hi mady, I agree with Tom. Antiviruses are not providing protection against Zero day theats (new threats) when they take weeks to update their signatures. I think the first sentence of that article is not well written.

Programs that don't use signatures, like SBIE and DefenseWall for example, do provide protection against Zero day threats.

Bo


True, Very little AVs do provide Zero-Day protection but are not always effective. These days, Heuristics and Clouds are not enough.
These days you need Sandbox's, Hips, etc.
Avast(Pro), Emsisoft, and Comodo are great examples for offer good Zero-Day protection.
Nowadays, If you don't want to install more than one program to assist in protection, Its highly recommended that you install an AV with:
The best of both worlds (Signature and Cloud), Heuristics, Sandbox, and HIPS.
 

Tom172

Level 1
Feb 11, 2011
1,009
madyrocksin said:
gave a look at the pdf file and still didn't get why AVAST and why not TrendMicro (didn't read it thoroughly)


Tom172 said:
IT Pro Portal' dateline='1355165681' said:
Anti-virus products on the market provide zero protection against new, unreported computer viruses and take weeks to update their signatures to handle such security threats

Wrong.

mind explaining a bit ???



As Bo stated, that first statement just isn't true.

Many security products contain components which use behavioral techniques to identify malware which hasn't yet been identified with a signature. Norton's SONAR technology is one example off the top of my head.
 

Littlebits

Retired Staff
May 3, 2011
3,893
Tom172 said:
madyrocksin said:
gave a look at the pdf file and still didn't get why AVAST and why not TrendMicro (didn't read it thoroughly)


Tom172 said:
IT Pro Portal' dateline='1355165681' said:
Anti-virus products on the market provide zero protection against new, unreported computer viruses and take weeks to update their signatures to handle such security threats

Wrong.

mind explaining a bit ???



As Bo stated, that first statement just isn't true.

Many security products contain components which use behavioral techniques to identify malware which hasn't yet been identified with a signature. Norton's SONAR technology is one example off the top of my head.



Many antivirus have Generic signatures which can detect many zero-day malware besides of behavioral techniques and cloud technology.

Almost all zero-day malware are just simple fake antivirus and other fake products which can be easily avoided by watching what you download. They require manually download and manual execute in order to be successful infecting a system.

I have never got a zero-day infection and I don't use advanced products like HIPS/ sandboxing/ virtualization, etc.

This test really doesn't impress me because many zero-day malware has to be active in order for a solution to detect it. Just depending on on-demand scan results from VirusTotal is not enough to come to any conclusions.

Thanks.:D
 

Gnosis

Level 5
Apr 26, 2011
2,779
I have never got a zero-day infection and I don't use advanced products like HIPS/ sandboxing/ virtualization, etc

There is always tomorrow. Just give it time. When you do get hit, you will realize that malware evolution and sheer volume have created a need for BB's, HIPS and (or) Sandboxing.


I have never got a zero-day infection and I don't use advanced products like HIPS/ sandboxing/ virtualization, etc

That is what the U.S. military said just before a drone was hacked by Iran's military and landed successfully on enemy turf.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Maybe on Windows XP, but as far as I'm concerned Windows Vista to 8 the chances are considerably lower (IMO).
 

Ramblin

Level 3
May 14, 2011
1,014
Littlebits said:
Almost all zero-day malware are just simple fake antivirus and other fake products which can be easily avoided by watching what you download.

Hey Littlebits, this holds true for you but not for most users who click on anything that jumps around the screen.

Anyway, I rather miss the fun of playing with fake AVs. For me, NoScript blocks them and if anything passes it, I got the sanbbox to contain it. In the four years that I have been using SBIE and NoScript, I haven't seen anything that looks like malware jumping around my computers.

Bo
 

Littlebits

Retired Staff
May 3, 2011
3,893
bo.elam said:
Littlebits said:
Almost all zero-day malware are just simple fake antivirus and other fake products which can be easily avoided by watching what you download.

Hey Littlebits, this holds true for you but not for most users who click on anything that jumps around the screen.

Anyway, I rather miss the fun of playing with fake AVs. For me, NoScript blocks them and if anything passes it, I got the sanbbox to contain it. In the four years that I have been using SBIE and NoScript, I haven't seen anything that looks like malware jumping around my computers.

Bo

Unfortunately there is no hope for users who click on anything, they will always have infections no matter what kind of protection they use.

Most of us here should know better then to click on anything therefore getting a zero-day infection would be very rare for us, kind of like winning the lottery.

Thanks.:D
 

Ramblin

Level 3
May 14, 2011
1,014
Littlebits said:
Most of us here should know better then to click on anything therefore getting a zero-day infection would be very rare for us, kind of like winning the lottery.

Certainly agree with that. Nobody that comes to security forums should ever get infected. It doesn't matter what the strategy or programs they chose to use. I went the SBIE way, you go the standard way, it don't matter.

I always tell my friends in real life that if they would read about security for 3 hours for 30 days, they ll never get infected again. I tell them it doesn't matter where they start or what they start reading about. I totally believe what I just said.

Bo
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top