Wednesday, July 19, 2006

80% of new malware does what to antivirus?

here's the backstory - apparently graham ingram, general manager of the australian computer emergency response team (AusCERT) has revealed that 80% of new malware defeats antivirus software...

now, i haven't seen enough of the full text of his talk to know for sure what he was on about (the media are notorious for twisting perfectly valid statements into horrendously misleading sound-bytes) but saying that the anti-virus products aren't working does not inspire confidence...

in fact, framing it the way he does, talking about new malware and an 80% miss rate is rather misleading too...

let's put things into proper perspective, shall we? when malware is new it is unknown to the anti-malware vendors - that's the nature of things... when it's been around for a while it will no longer be new and no longer be unknown... further, the mainstream anti-virus products are essentially known malware scanners...

now ask yourself, are you at all surprised that known malware scanners don't do a very good job of detecting unknown malware? of course not... now ask yourself, is it really a problem or all that big a deal? no again, known malware scanners aren't supposed to be good at dealing with unknown malware, they aren't meant to deal with that part of the malware problem... unknown malware doesn't stay unknown for long so it will be caught by the anti-virus products eventually, but during that initial window of opportunity you need to employ other techniques and technologies to protect yourself... anti-virus products aren't a panacea, they aren't a cure-all, don't depend on them exclusively but rather practice defense-in-depth - use a multi-layered approach to protection...

the only people who should be seeing a problem here are those naive enough to think that anti-virus products should be all they really need... and doesn't that make you wonder what graham ingram, general manager of AusCERT, was thinking giving quotes that made it sound like the sky was falling?

0 comments: