The Antivirus industry has a dirty little secret that they really don’t want anyone to know. Despite their claims, their products are not all that effective. Many of them are only protecting against at best 80% or 90% of the threats out there in the wild at any time.
Let’s look at that a bit more in detail. AV products need to protect against two general types of threats: ones that are known and threats that are unknown. The ones that are known they have a signature for, so that they can detect the threat and get rid of it. This is called reactive detection. Then, there are threats that are still unknown, usually new, fresh threats created by the bad guys. AV products need to protect against those in a proactive way, and antivirus software can be scored looking at how many of those new threats they block.
This type of scoring on both reactive and proactive detection is actually being done by the antivirus industry’s premier site for insiders: Virus Bulletin. They have created so called RAP averages. RAP stands for “Reactive And Proactive”. They test all antivirus products every few months, and measure how each product does in both reactive and proactive detections of a large amount of threats. And they create a graph where these scores are plotted for all products. The proactive score is on the X-axis, and the reactive score is on the Y-axis.
The results are far from pretty. One well known, major antivirus industry player is routinely scoring no better than 75% reactive combined with a 70% proactive. And people wonder how come PCs still get infected by malware. Check out the test results why!
You can stay up to date with how your antivirus vendor is doing over at Virus Bulletin, be prepared for a shocker though.
The bad guys know this, and count on it. The average phishing site is "live" for only 6 hours before the bad guys take it down, and the average time it takes for AV products to get updated is.. guess what... 6 hours. That is why having antivirus (end-point security if you will) creates a false sense of security. It is just as urgent for your defense-in-depth to have all employees do regular Security Awareness Computer Based Training and enforce compliance, because just one employee in a weak moment clicking on a phishing email can cause untold grief, losses of hundreds of thousands of dollars, and massive legal bills. However, do not misunderstand us, you definitely need an endpoint security software solution.