Shocking New Study Evaluates Antivirus Products

Dennis Faas's picture

Security researchers have recently claimed the leading antivirus products demonstrate just a 1-in-20 chance of detecting new malicious software. However, high-profile figures in the security industry have questioned the validity of this new research.

The research was conducted by Imperva, a digital security firm based in California. It intentionally set out to collect samples of virus code. To make sure it was collecting new samples of brand new viruses, Imperva searched discussion forums for hackers offering tips on how to breach security defenses.

After gathering 82 examples of malicious software, Imperva researchers used a free online service that checks files for viruses by comparing them to the databases of known infections maintained by 40 different leading security software products.

Lesser-Known Security Products Perform Worst

The initial results of the study showed a wide variation in security software performance.

McAfee's software, for example, picked up every virus, while lesser-known products like ByteHero and SUPERAntiSpyware found only about five per cent of the malware. (Source:

However, Imperva noted the performance picture was very different when researchers looked at how long the new viruses had been circulating. The total detection rate across all software was just five per cent on viruses that were relatively new.

The research also showed a big variation in how quickly the best-selling security software was updated to recognize the latest threats. That took an average of 1.5 weeks for Trend Micro, two weeks for Symantec, and four weeks for Avast, McAfee, and Kaspersky.

What's more, viruses which escaped detection immediately after their release were also the ones most likely to be undetected several weeks later.

Security Software Makers Find Flaws in the Research

These results have met with a frosty reception from the security software industry. Spokesmen for several firms have argued the sample size (82 viruses) is too small for anyone to draw useful conclusions.

They also argue about the methodology, which they claim is totally flawed because the free database checking service that Imperva used does not simulate how security software really works.

In fact, even the operators of that virus-checking service specifically say it shouldn't be used for comparing different security software products.

What the study missed, according to security software firms, is that most security packages don't just check suspect files against a static database.

Instead, they also use other virus detection techniques, such as heuristic analysis. This involves looking at files for suspicious characteristics, such as efforts to self-replicate, or resemblances to files known to contain past viruses. (Source:

Rate this article: 
No votes yet