How big are your chances to be infected?

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Minimalist

Level 6
Oct 2, 2020
287
The total number of malware. The increase is about 140 mln each year (2013-2020).
If we assume that bad actors replace old malware with new then old malware is not in circulation any more and actively used malware has probably not increased that much in last few years. So I don't know if that would affect a likelihood to encounter malware.
Also we could assume that most AVs would block old malware and their protection score would increase if that malware ever reached user, lowering the chance to get infected.

Well, really I'm just thinking out loud, before going to sleep, so I might be wrong.
 

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,110
The infection rate for the fresh and for the widespread malware will be probably the same, but increasing the number of new malware causes more events of AV alerts. So, in the period 2021-2030 there will not be 10 alerts about fresh malware samples but rather 15. The same for widespread malware. So, the correction is required.
We will see in 10 years for sure.:)

Edit.
If the infection rates will decrease in a few next years due to improving the AV protection then your prediction will be true.
 
Last edited:

Minimalist

Level 6
Oct 2, 2020
287
The infection rate for the fresh and for the widespread malware will be probably the same, but increasing the number of new malware causes more events of AV alerts.
That's what I'm wondering about. From chart above it seems that number of new samples is not increasing but it's steady at about 140 million new malware samples per year for past few years (assuming that chart shows total malware as old + new malware). So if old malware is replaced with new then malware in circulation stays approx. at same level (not taking into account volume of distribution).
 

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,110
That's what I'm wondering about. From chart above it seems that number of new samples is not increasing but it's steady at about 140 million new malware samples per year for past few years (assuming that chart shows total malware as old + new malware). So if old malware is replaced with new then malware in circulation stays approx. at same level (not taking into account volume of distribution).
Thank God you are right. :)(y)
I misunderstood the table. AV-Test gives also information about 350000 new malware a day (in the year 2020), which gives 126 mln new malware a year. This is close to the 7-year tendency (140 mln a year).
So, the number of 0-day malware and wide-spread malware (one-month malware) do not change significantly. The correction is not required.
 
Last edited:
F

ForgottenSeer 89360

The number of new malware is extremely variable and not predictable. I am on dark web forums, as well as pretending to be a "needy client" on Telegram, I let hackers remotely connect to my PC and befriend them. I have many hacker tools already obtained, such as remcos, NJRAT, last night I obtained a copy of Taurus.
All these tools build a server (which can produce tens/hundreds of malware samples per day) and then this server can be distributed by various downloaders and droppers. With one server I can generate 10 K unique malware pieces, or I can not generate anything, just spread it. It all depends on hackers mood.

1606821172070.png

Each one of the options will generate a new malware sample.
1606821714541.png
Simply changing the contacted host will generate a unique malware piece as well.

1606822671693.png

Hackers are actually giving me paid editions (sometimes, like with NJRAT), which I do not misuse, but can utilise for security audit purposes.
 
Last edited by a moderator:

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,110
It is interesting that the number of new malware a year is approximately constant for the last 7 years. It is easy to create many malware variants. In fact, over 90% of all malware samples are kinda polymorphic, if we agree to the popular (not precise) definition: "The term ‘polymorphic malware’ refers to the types of malware that constantly change for evading detection". Yet, still the number of new malware a year does not change for several years, despite the increase of computerization.:unsure:
 
F

ForgottenSeer 89360

It is interesting that the number of new malware a year is approximately constant for the last 7 years. It is easy to create many malware variants. In fact, over 90% of all malware samples are kinda polymorphic, if we agree to the popular (not precise) definition: "The term ‘polymorphic malware’ refers to the types of malware that constantly change for evading detection". Yet, still the number of new malware a year does not change for several years, despite the increase of computerization.:unsure:
I think McAfee's threat reports may be a more reliable source of information.
According to McAfee, 419 threats are detected per minute.
That makes 25140 per hour, 603360 per day and if the tendency continues, 18 100 800 per month.
For a whole year, this would be 217 209 600.
If next year you increase that with just 1%, that would be an increase of 2 172 096 samples or a total of 219 381 696.

Or Trend Micro

Or Avast

Or Kaspersky:

Bitdefender

How much of this malware will reach you, as a user, depends on security posture, habits, malware form, methods of propagation, hackers mood, location and many other variables.

Let me also back this up with a "for instance".

John is a regular user, who uses paid services, such as Netflix, Apple Music and others to stream contents. He doesn't use much software and has never had an alert from his antivirus product in the past 5 years.
John is looking for a specific movie, which is not available in his region, so a friend of his tells him about torrenting.
"Bro I find everything on torrents, just google <movieName torrent> and it will come up, I'm telling you"
John follows the advise and searches on Google. He opens the first result, and downloads a suspicious *.exe.
This exe is not a movie, but rather a brand new ransomware downloader.
Behavioural blocker detonates the malware in few minutes, but files are already encrypted.

This is a very innocent scenario in fact, John may have downloaded a credentials stealer and his bank account may have ended up drained.
It even happened to me, I shopped on a friend's computer once, as soon as I finished shopping, my bank notified me about a transaction of £157 for "Diesel Online Store, Milano, Italy" when I was actually shopping for a vape. This was of course blocked.
When I scanned the PC, I found Dridex was running and his AV was expired.

So from the example above, we can see how CHANGE OF HABITS and one simple mistake might render an average, not-so-unsavvy user infected, even though for the past 5 years he never had an infection.

Conclusion: with so many variables in users behaviour, current trends (what's going on in the world), malware form and malware authors skills, it is completely impossible to predict accurately how big your chances of infection are tomorrow, even less in 10 years from now.
Security is to be taken seriously.
 
Last edited by a moderator:

silversurfer

Level 74
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,314

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,110
Unfortunately, it is hard to find other sources than AV-Test, that present the several-year statistics of total malware growth. Although the numbers are different for different sources, the most important is the linear tendency in total malware growth. I found similar statistics for malware infections and malware attacks, but these are different categories. So far, I did not found the statistics about the total malware growth, which was not approximately linear (for 7 last years).
 
Last edited:
F

ForgottenSeer 89360

Unfortunately, it is hard to find other sources than AV-Test, that present the several-year statistics of total malware growth. Although the numbers are different for different sources, the most important is the linear tendency in total malware growth. I found similar statistics for malware infections and malware attacks, but these are different categories. So far, I did not fount the statistics about the total malware growth, which was not approximately linear.
You can have a look at Symantec Internet Security Threat report archives to see how much new malware they discover every year and calculate it, but don’t expect to see arithmetic progression there. Numbers will be totally random.
 
Last edited by a moderator:

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,110
You can have a look at Symantec Internet Security Threat report archives to see how much new malware they discover every year and calculate it, but don’t expect to see arithmetic progression there. Numbers will be totally random.
New Malware Variants (Added Each Year)
2013 252
2014 317
2015 431 (355) <----- two reports give different values.
2016 357
2017 670
2018 246

Yes. Pretty much random. Could not find data from 2019 and 2020.(y)

2015 Internet Security Threat Report, Volume 20 (broadcom.com)
istr-21-2016-en (broadcom.com)
istr-22-2017-en (broadcom.com)
istr-23-2018-en (broadcom.com)
istr-24-2019-en (broadcom.com)
 
F

ForgottenSeer 89360

New Malware Variants (Added Each Year)
2013 252
2014 317
2015 431 (355) <----- two reports give different values.
2016 357
2017 670
2018 246

Yes. Pretty much random. Could not find data from 2019 and 2020.(y)

2015 Internet Security Threat Report, Volume 20 (broadcom.com)
istr-21-2016-en (broadcom.com)
istr-22-2017-en (broadcom.com)
istr-23-2018-en (broadcom.com)
istr-24-2019-en (broadcom.com)
It looks like there is a change and they now do smaller, incremental reports for few months.
 

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,110
Norton scores so well in those tests, but always ends being infected on malware hub samples :unsure:
These tests use fresh samples only for the Real-World scenario. The Malware Protection tests are made on widespread samples (usually several days old). Malware Hub is a Malware Protection test for fresh samples. So, we have three different testing scenarios. From a couple of months, I can see also URL tests in MH and Norton scorings are very well.
Norton has very good scorings in the Real-World scenario due to the web-protection based on reputation. This is like testing any other AV with Edge web browser (SmartScreen reputation and PUA protection enabled).
 
F

ForgottenSeer 89360

These tests use fresh samples only for the Real-World scenario. The Malware Protection tests are made on widespread samples (usually several days old). Malware Hub is a Malware Protection test for fresh samples. So, we have three different testing scenarios.
Norton has very good scorings in the Real-World scenario due to the web-protection based on reputation. This is like testing any other AV with Edge web browser (SmartScreen reputation and PUA protection enabled).
Yes, it traps PEEXE files in a scenario where if they mutate too little, they will be identified by standard antivirus. If they mutate too much, they become totally unknown and get removed. Because real-world protection test, as well as other tests most probably only use PEEXE files, it's normal that Norton will get great results, whereas in the Hub I am frequently seeing scripts and Java malware amongst others.
 

Moonhorse

Level 30
Verified
Content Creator
May 29, 2018
1,949

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,110
Having the data from the OP (chances_to_be_infected.txt) we can compare the infection rates for the years 2019 and 2020 to see if they are changing.

The number of Real-World samples tested in the year 2019 (AV-Test + AV-Comparatives + SE Labs):
309+277+307+368+335+331+ 752+703+ 400 = 3782
The number of Real-World samples tested in the year 2020 (AV-Test + AV-Comparatives + SE Labs):
402+304+339+370+334+ 754+758+ 300 = 3561

The number of Malware-Protection samples in the year 2019 (AV-Test + AV-Comparatives):
13668+6572+2428+13521+25933+20428+10970+10556 = 104076
The number of Malware-Protection samples in the year 2020 (AV-Test + AV-Comparatives):
20606+20236+21851+13571+12316+10249+10102 = 108931

Missed samples 2019
1. Norton..............(2_______2)
2. TrendMicro.....(7_______0)
3. Avira..................(15______9)
4. Microsoft........(12_____13)
5. F-Secure..........(12_____25)
6. Kaspersky.......(14_____24)
7. McAfee............(35_____30)
8. Avast................(26_____57)

r1=(2+7+15+12+12+14+35+26)/3782 = 0,033
R1=(2+0+9+13+25+24+30+57)/104076 = 0.0015

Missed samples 2020 (up to October)
1. F-Secure............(4_______1)
2. Norton...............(6_______2)
3. Kaspersky.........(4_______5)
4. Avast..................(11______2)
5. Microsoft..........(24_____12)
6. Avira...................(27_____17)
7. McAfee..............(41______7)
8. TrendMicro......(4_____257)

r2= (4+6+4+11+24+27+41+4)/3561 = 0.034
R2=(1+2+5+2+12+17+7+257)/108931= 0.0028

The results for Real-World infection rates (r1 and r2) are equal in the range of the expected error. If we would increase the total number of missed 0-day samples in the year 2019 by 5 then the infection rates for Real-World samples will be the same (0.34).

Because of the Trend Micro results, the infection rate R2 for Malware Protection tests in the year 2020 is greater as compared to the year 2019 (R2 ~2 * R1). Anyway, this infection rate is much smaller than for Real-World tests. Without Trend Micro, we could get the opposite result (R1 ~3.5 * R2). So, we cannot say for sure if the infection rate R is really growing with time.
 
Last edited:

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,110
Sorting the AVs by the sum of missed samples is not an especially good idea, because such a sum is like adding apples to oranges. Anyway, it works here for most AVs (except for Trend Micro and McAfee) if we slightly average the data (in the limit of statistical error):

1.Norton (Symantec)........... (08------04)
2.F-Secure, Kaspersky......... (17------27)
3.Avira, Microsoft................ (39------27)
4.Avast................................. (39------59)

Now the sorting is OK, similarly to the example:
1 apple + 3 oranges < 2 apples + 3.5 oranges
which is equal to:
1apple < 2 apples
and
3 oranges < 3.5 oranges.

Including McAfee and Trend Micro requires a more complex sorting method which will depend on the users' habits. For most users we should see something like that:
1.Norton (Symantec) ................................ 10 points
2.F-Secure, Kaspersky............................... 20 points
3.Avast, Avira, Microsoft, Trend Micro..... 40 points
4.McAfee ................................................... 80 points

Points ~ (missed Real-World) + 1/10 * (missed Malware Protection)

The factor 1/10 can be approximately calculated when knowing how often the user's AV alerts about Real-World and Malware Protection samples (for example a=1, b=3 parameters). This will give:
(b/a)*(7340/213000) ~ 1/10

For a=b
(b/a)*(7340/213000) ~ 1/30
1.Norton (Symantec) ................................ 10 points
2.F-Secure, Kaspersky, Trend Micro......... 20 points
3.Avast, Avira, Microsoft, ......................... 40 points
4.McAfee ................................................... 80 points

For people who use frequently flash drives, pirated software, and cracks the parameters can be a=1, b=10
(b/a)*(7340/213000) ~ 0, 345
1.Norton (Symantec) .................................10 points
2.F-Secure, Kaspersky ...............................25 points
3.Avast, Avira, Microsoft, ...........................50 points
4.McAfee, Trend Micro...............................95 points

With error += 6 points.
 
Last edited:
Top