Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
How big are your chances to be infected?
Message
<blockquote data-quote="Andy Ful" data-source="post: 916174" data-attributes="member: 32260"><p><strong>How big are your chances to be infected?</strong></p><p></p><p>My idea is simple. First I will gather the data from 2 last years about the samples missed by popular AVs and compare this to the total number of samples. Next, I will calculate the<span style="color: rgb(184, 49, 47)"><strong> chances to be infected in the next 10 years, assuming that the user can see his/her AV to block </strong></span><strong><span style="color: rgb(184, 49, 47)"><strong>one</strong></span><span style="color: rgb(0, 168, 133)"><strong> Real-World</strong></span><span style="color: rgb(184, 49, 47)"><strong> (0-day) and three </strong></span><span style="color: rgb(41, 105, 176)"><strong>Malware Protection</strong></span><span style="color: rgb(184, 49, 47)"><strong> (non-0-day) malware a year</strong></span></strong>.</p><p>The users who can see such malware more frequently (happy clickers) have to increase the chances proportionally.</p><p></p><p>In this post, I have in mind the most important infection vectors tested by popular AV labs (AV-Comparatives, AV-Test, SE Labs). I included the tests from the years 2019 and 2020 (until October) for the popular AVs (Home versions).</p><p>AV-Comparatives used to publish two kinds of reports: Real-World and Malware Protection. <strong><span style="color: rgb(0, 168, 133)">The first is related to web-based threats</span></strong> and <span style="color: rgb(41, 105, 176)"><strong>the second to the threats originated from USB drives & network drives</strong></span>.</p><p>AV-Test combines Real-World and Malware Protection results into one report, but it is possible to separate the results (I will do it later in this post).</p><p>SE Labs used to publish only the results for Real-World type tests.</p><p></p><p>I have used the (<span style="color: rgb(0, 168, 133)"><strong>Real-World</strong></span>-------<span style="color: rgb(41, 105, 176)"><strong>Malware Protection</strong></span>) notation to separate the Real-World and Malware Protection data.</p><p></p><p><strong>2019-2020 (October) missed samples</strong> all types of tests (sorted by the sum of missed samples)</p><p>(SE Labs, AV-Comparatives Real-World, Malware Protection, AV-Test)</p><p>1.Norton (Symantec)........... (<strong><span style="color: rgb(0, 168, 133)">08</span></strong>------<span style="color: rgb(41, 105, 176)"><strong>04</strong></span>)</p><p>2.F-Secure............................ (<span style="color: rgb(0, 168, 133)"><strong>16</strong></span>------<span style="color: rgb(41, 105, 176)"><strong>26</strong></span>)</p><p>3.Kaspersky Lab.................. (<span style="color: rgb(0, 168, 133)"><strong>18</strong></span>------<span style="color: rgb(41, 105, 176)"><strong>29</strong></span>)</p><p>4.Microsoft.......................... (<span style="color: rgb(0, 168, 133)"><strong>36</strong></span>------<strong><span style="color: rgb(41, 105, 176)">25</span></strong>)</p><p>5.Avira.................................. (<strong><span style="color: rgb(0, 168, 133)">42</span></strong>------<span style="color: rgb(41, 105, 176)"><strong>26</strong></span>)</p><p>6.Avast................................. (<span style="color: rgb(0, 168, 133)"><strong>37</strong></span>------<span style="color: rgb(41, 105, 176)"><strong>59</strong></span>)</p><p>7.McAfee............................. (<strong><span style="color: rgb(0, 168, 133)">76</span></strong>------<span style="color: rgb(41, 105, 176)"><strong>37</strong></span>)</p><p>8.TrendMicro...................... (<span style="color: rgb(0, 168, 133)"><strong>11</strong></span>------<span style="color: rgb(41, 105, 176)"><strong>257</strong></span>)</p><p></p><p>The horrible scoring for Trend Micro follows from AV-Comparatives Malware Protection tests from the year 2020:</p><p>[URL unfurl="true"]https://www.av-comparatives.org/tests/malware-protection-test-september-2020/[/URL]</p><p>[URL unfurl="true"]https://www.av-comparatives.org/tests/malware-protection-test-march-2020/[/URL]</p><p></p><p>The average number of missed samples in the Real-World scenario ~ 30 samples.</p><p>The total number of samples in Real-World scenario ~ 7340 samples</p><p>c1 ~ 10 * 30/7340 * 100% ~ 4%</p><p></p><p>The average number of missed samples in the Malware Protection scenario ~ 60 samples.</p><p>The total number of samples in Real-World scenario ~ 213000 samples</p><p>c2 ~ 10 * 3 * 60/213000 * 100% ~ 1%</p><p></p><p></p><p><strong>So, the chance to be infected in the next 10 years is close to 5% (the chance is always smaller than c1+c2)</strong>.</p><p>If one can see the AV alarms more frequently than one 0-day and three widespread malware a year, then the chances have to be increased proportionally.</p><p>The c1 chance of the 0-day (web-based malware) infection can be decreased to 1% (or less) when using the AV with aggressive reputation checking (like Norton) or using Edge web browser (SmartScreen+PUA protection enabled).</p><p></p><p><strong>Edit1</strong></p><p>The calculation details are included in the attachment: chances_to_be_infected.txt</p><p></p><p><strong>Edit2</strong></p><p>The above calculation method is suitable only for a sufficiently small number of years. The precise formula is slightly more complex:</p><p><strong>c = {1 - { [ (1 - r)^a ]*[ (1 - R)^b ] }^n } * 100%</strong></p><p>In our example: a=1, b=3, r=30/7340, R=60/213000, n=10, <strong>c= 4.82%</strong></p><p><strong></strong></p><p><strong>Edit3</strong></p><p>This result could be refined by including the increasing number of new malware each year. But in fact, the number of new malware a year seems approximately constant. According to AV-Test, it is about 140 mln new malware a year.</p><p><a href="https://www.av-test.org/en/statistics/malware/" target="_blank">Malware Statistics & Trends Report | AV-TEST (av-test.org)</a></p><p></p><p><strong>Edit4.</strong></p><p>Sorting the AVs by the sum of missed samples is not an especially good idea, because such a sum is like adding apples to oranges. The more appropriate sorting is presented there:</p><p><a href="https://malwaretips.com/threads/how-big-are-your-chances-to-be-infected.105400/post-918280" target="_blank">How big are your chances to be infected? | MalwareTips Community</a></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 916174, member: 32260"] [B]How big are your chances to be infected?[/B] My idea is simple. First I will gather the data from 2 last years about the samples missed by popular AVs and compare this to the total number of samples. Next, I will calculate the[COLOR=rgb(184, 49, 47)][B] chances to be infected in the next 10 years, assuming that the user can see his/her AV to block [/B][/COLOR][B][COLOR=rgb(184, 49, 47)][B]one[/B][/COLOR][COLOR=rgb(0, 168, 133)][B] Real-World[/B][/COLOR][COLOR=rgb(184, 49, 47)][B] (0-day) and three [/B][/COLOR][COLOR=rgb(41, 105, 176)][B]Malware Protection[/B][/COLOR][COLOR=rgb(184, 49, 47)][B] (non-0-day) malware a year[/B][/COLOR][/B]. The users who can see such malware more frequently (happy clickers) have to increase the chances proportionally. In this post, I have in mind the most important infection vectors tested by popular AV labs (AV-Comparatives, AV-Test, SE Labs). I included the tests from the years 2019 and 2020 (until October) for the popular AVs (Home versions). AV-Comparatives used to publish two kinds of reports: Real-World and Malware Protection. [B][COLOR=rgb(0, 168, 133)]The first is related to web-based threats[/COLOR][/B] and [COLOR=rgb(41, 105, 176)][B]the second to the threats originated from USB drives & network drives[/B][/COLOR]. AV-Test combines Real-World and Malware Protection results into one report, but it is possible to separate the results (I will do it later in this post). SE Labs used to publish only the results for Real-World type tests. I have used the ([COLOR=rgb(0, 168, 133)][B]Real-World[/B][/COLOR]-------[COLOR=rgb(41, 105, 176)][B]Malware Protection[/B][/COLOR]) notation to separate the Real-World and Malware Protection data. [B]2019-2020 (October) missed samples[/B] all types of tests (sorted by the sum of missed samples) (SE Labs, AV-Comparatives Real-World, Malware Protection, AV-Test) 1.Norton (Symantec)........... ([B][COLOR=rgb(0, 168, 133)]08[/COLOR][/B]------[COLOR=rgb(41, 105, 176)][B]04[/B][/COLOR]) 2.F-Secure............................ ([COLOR=rgb(0, 168, 133)][B]16[/B][/COLOR]------[COLOR=rgb(41, 105, 176)][B]26[/B][/COLOR]) 3.Kaspersky Lab.................. ([COLOR=rgb(0, 168, 133)][B]18[/B][/COLOR]------[COLOR=rgb(41, 105, 176)][B]29[/B][/COLOR]) 4.Microsoft.......................... ([COLOR=rgb(0, 168, 133)][B]36[/B][/COLOR]------[B][COLOR=rgb(41, 105, 176)]25[/COLOR][/B]) 5.Avira.................................. ([B][COLOR=rgb(0, 168, 133)]42[/COLOR][/B]------[COLOR=rgb(41, 105, 176)][B]26[/B][/COLOR]) 6.Avast................................. ([COLOR=rgb(0, 168, 133)][B]37[/B][/COLOR]------[COLOR=rgb(41, 105, 176)][B]59[/B][/COLOR]) 7.McAfee............................. ([B][COLOR=rgb(0, 168, 133)]76[/COLOR][/B]------[COLOR=rgb(41, 105, 176)][B]37[/B][/COLOR]) 8.TrendMicro...................... ([COLOR=rgb(0, 168, 133)][B]11[/B][/COLOR]------[COLOR=rgb(41, 105, 176)][B]257[/B][/COLOR]) The horrible scoring for Trend Micro follows from AV-Comparatives Malware Protection tests from the year 2020: [URL unfurl="true"]https://www.av-comparatives.org/tests/malware-protection-test-september-2020/[/URL] [URL unfurl="true"]https://www.av-comparatives.org/tests/malware-protection-test-march-2020/[/URL] The average number of missed samples in the Real-World scenario ~ 30 samples. The total number of samples in Real-World scenario ~ 7340 samples c1 ~ 10 * 30/7340 * 100% ~ 4% The average number of missed samples in the Malware Protection scenario ~ 60 samples. The total number of samples in Real-World scenario ~ 213000 samples c2 ~ 10 * 3 * 60/213000 * 100% ~ 1% [B]So, the chance to be infected in the next 10 years is close to 5% (the chance is always smaller than c1+c2)[/B]. If one can see the AV alarms more frequently than one 0-day and three widespread malware a year, then the chances have to be increased proportionally. The c1 chance of the 0-day (web-based malware) infection can be decreased to 1% (or less) when using the AV with aggressive reputation checking (like Norton) or using Edge web browser (SmartScreen+PUA protection enabled). [B]Edit1[/B] The calculation details are included in the attachment: chances_to_be_infected.txt [B]Edit2[/B] The above calculation method is suitable only for a sufficiently small number of years. The precise formula is slightly more complex: [B]c = {1 - { [ (1 - r)^a ]*[ (1 - R)^b ] }^n } * 100%[/B] In our example: a=1, b=3, r=30/7340, R=60/213000, n=10, [B]c= 4.82% Edit3[/B] This result could be refined by including the increasing number of new malware each year. But in fact, the number of new malware a year seems approximately constant. According to AV-Test, it is about 140 mln new malware a year. [URL='https://www.av-test.org/en/statistics/malware/']Malware Statistics & Trends Report | AV-TEST (av-test.org)[/URL] [B]Edit4.[/B] Sorting the AVs by the sum of missed samples is not an especially good idea, because such a sum is like adding apples to oranges. The more appropriate sorting is presented there: [URL='https://malwaretips.com/threads/how-big-are-your-chances-to-be-infected.105400/post-918280']How big are your chances to be infected? | MalwareTips Community[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
