Are the Bad Guys Winning the Malware Wars?

Category: Anti-Virus

The arms race between malware authors and anti-malware developers is constant and frenetic. The bad guys keep getting better at what they do, and the white hats are having a more difficult time detecting and eradicating malware when it attacks a computer. In one test lab, the average efficiency of popular antivirus programs was a pitiful 66.6 percent! But there's one product that succeeds at blocking 99.9 percent of all malware. Let's dig a little deeper into this...

Is Proactive Malware Protection a Myth?

Most popular anti-malware tools use a combination of “reactive detection” and “proactive detection” to detect suspicious software and block it from downloading to or executing on a computer before it can do any damage.

"Reactive testing" indicates how well a security tool scored at detecting known threats, or viruses currently known to exist. This is done by checking the "signature" of a new file against a database of known malware samples. The "proactive testing" portion indicates the tool's ability to detect previously unknown and zero-day threats. Proactive detection is more difficult, because the behavior of the program must be taken into account.

Proactive protection is great, in theory. But a recent study of tests involving many of the most popular anti-malware programs reveals an alarming trend. Test scores of proactive protections have been declining for years, and the dip has become a headlong plummet lately. Average test scores indicate that proactive protection is not very reliable.

Malware Detected

In April, 2014, the average test score on Virus Bulletin’s RAP (Reactive and Proactive) Test was 78.92. By December, 2015, it had slipped to 70.57, and in the following eight months it fell to 66.60. Does that mean one out of every three malware attacks slipped past proactive shields?

Average scores don’t tell the whole story, though. In VB's most recent testing on the Windows 10 platform, a number of popular anti-malware programs had proactive RAP scores in excess of 80%, including Avira (86%), Avast (85%), Bullguard (85%), AVG (83%) and ESET (82%). PC Matic, a product of PC Pitstop, scored an eyebrow-raising 99.9%.

What About False Positives?

VB100 RAP test results
However, PC Matic also scored well above average on the “false positives” metric, meaning it incorrectly tagged legitimate software as “unknown” or suspicious more often than other anti-malware programs. The reason for this is that PC Matic adds "whitelisting" to its approach. With whitelisting, only safe programs and files can run. False positives are a nuisance because they require attention to determine legitimacy and unblock the installation or actions of falsely flagged programs.

If a file is flagged as “unknown”, it is blocked from opening until it can be tested and deemed either safe or malicious within 24 hours by PC Matic's malware research team. If the user chooses to bypass this waiting period, they can whitelist the file so it won't be flagged again. PC Matic's false positive rate is only 1.7% of all programs it scanned in the test.

It’s up to each user to decide whether the "abundance of caution" tradeoff is worthwhile. In other words, do you want a solution that blocks somewhere between 66% and 85% of malware with few or no false positives, or one that blocks 99.9% of malware with some false positives?

Are We Doing Better Against Spam?

Spam filters do much better than Web shields on Virus Bulletin’s tests. Many anti-spam programs scored in excess of 99/100 on the VB anti-spam test. That’s encouraging because phishing emails are especially popular among ransomeware distributors. But a good spam filter alone is not comprehensive protection.

While it remains cyber-suicide to go online without anti-malware protection, it would likewise be dangerous to assume that you don’t have to do anything after installing anti-malware. The VB test scores show significant gaps in proactive protection, which are closed only at the cost of more false positives.

It’s still incumbent upon users to exercise caution and judgment in their online activities. Avoid sketchy websites. If a file is flagged or quarantined do some research before taking a chance on running it. Don’t click on email links or attachments without verifying that they came from trusted contacts. A text or phone call may be necessary to confirm that your friend actually sent the message, and not a virus on his or her computer.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 2 Feb 2017


For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 01 February 2017

The Top Twenty
Next Article:
Avoiding Online Tax Scams

Most recent comments on "Are the Bad Guys Winning the Malware Wars?"

(See all 34 comments for this article.)

Posted by:

Michael Burks
02 Feb 2017

Eyebrow raising or not, this article would lead one to believe PC Matic is God's gift to antivirus. But, Virus Bulletin referenced in the article gives it a failing grade.
https://www.virusbulletin.com/testing/results/latest/vb100-antimalware

EDITOR'S NOTE: The failing grade was due to the number of false positives, an issue I addressed in the article.


Posted by:

Rick
02 Feb 2017

Another informative article, but no mention of the growing trend of Ransomware via social media: http://www.newsfactor.com/story.xhtml?story_id=0010003B4X2E


Posted by:

Frank
02 Feb 2017

I use Advance Systems Care Ultimate(paid) and BitDefender(Free); they "play nice" together as someone mentioned. I have only been using them for about 4-months, and they caught the one (1) virus that attempted to invade my system. I went with ASC because of something you posted nearly a year ago. Totally satisfied with how my machine functions. Wondering why ASC was not tested. BTW, I run Win7 Home Edition -64-bits. So perhaps because this was a Win10 test, it doesn't apply to me. For the record, I dumped Avast, Avila, AVG, Kasperksy(paid), Norton(totally locked up my system). Finally, tried the PCMatic test run offered and quickly uninstalled. Same problem as Kaspersky. Again, perhaps my Win7 is the reason. Any way, keep up the good work; like some others on your thread, I am a "old school fixed income" guy and rely on your judgement and recommendations. Hope you will not have run out of copies of your new "Backup" book before I can spell able.


Posted by:

Dwight
02 Feb 2017

I Use free versions of SUPERAntiSpyware and Malware Bytes. One finds things the other misses and vice versa. Also use the free version of Avast. Win 10 is kept up to date. I don't open attachments I'm not expecting.
Thanks for all the tips and info. Keep up the great work.


Posted by:

mike
02 Feb 2017

Your favorite program does not even show up on the reviews I am reading. Is there a something we are missing that excludes some of the good products listed in comments above?

EDITOR'S NOTE: I never said anything about PC Matic being my favorite, nor did I endorse it. It's one of many alternatives I want you to know about.


Posted by:

RichF
02 Feb 2017

I don't understand people using Kaspersky. With it being a Russian company staffed with exKGB security people and Russia's supposed hacking of our elections (and God knows what else) would make me wonder what was going on inside my machine!


Posted by:

mike
02 Feb 2017

I personally use SecureAPlus which is also a white listing anti-virus, but it's free unlike PCMatic. SecureAPlus runs all unknown/suspicious files through Jotti, which is like VirusTotal and I get the results in seconds. Forget waiting 24 hours to see if a file is safe. The only issue I have with SecureAPlus is it does take some attention to verify whether or not files are harmful, but if you can get past that it's a great product IMHO.


Posted by:

Wayne Lindsay
02 Feb 2017

I have Bitdefender, Malwarebytes, SuperAntispyware, CCleaner, ASC10 (all Professional versions) which all run compatibly. Scheduled scans daily and I haven't had a virus alert for over 5 years,Only PUPs.
I tried PCMatic years ago and found it to be a poor product.


Posted by:

George Ridout
02 Feb 2017

How do you know which software is really a friend? Many features of common anti-malware software look to me like malware ... (!) including nag-ware, silly-popup panicware, secret-renewalware, and stealth-ware installs ... these are not a good sign that you should entrust your PC to these guys. As a computer community ... I would like to work our way some day to "honestware" that never has none of these issues, and treats paying customers like clients, not stooges. Cheers to Bob for starting to clear the path.


Posted by:

Jack
03 Feb 2017

Odd that Symantec (Norton) isn't listed.


Posted by:

Gordon Peterson
03 Feb 2017

I'm surprised the test didn't include the new Ransomfree from Cyberreason. That program is free, and seems to be very, very good.


Posted by:

BaliRob
03 Feb 2017

Bob - you know that I am one of your ardent fans.
To have devoted your most valuable time (and mine) on an article involving PCmatic and W10 is strange
to say the least (and that is being kind). My experience of PCmatic and all reports about them from well-informed and highly respected sources totally disagree with you. I ALWAYS go to your
Comments which are the best available and was most
disappointed to be reminded everyting was about PCmatic which nullifies every comment and left me confused and trying to cherry pick from them anything of value, therefore, was difficult today.

EDITOR'S NOTE: I'm not here to promote or defend PC Matic. My article was meant to highlight the fact that most AV programs are failing at proactive detection, and that PC Matic is apparently the only one that's not. Please see my other replies to commenters.


Posted by:

Frank
03 Feb 2017

@Wayne Lindsey.
Sad to say, I did not know to include CCleaner(Free) and IObit Malware Fighter Pro (Paid) from Advance Systems Care. Your mentioning them reminded me and I had to chime in that I too have these two products. And like you, mine all hum along together in peace and harmony.


Posted by:

Garamond Walker
03 Feb 2017

Another poorly researched article. The AV test itself was presented by you incorrectly. Are you trying to sell PC Matic? How come you say you won't answer emails if they have grammatical errors, but your articles are filled with comma splices, run-on sentences, and seem to have problems with verb agreement. That being said, you're the quintessential sesquipedalian. It's no wonder people get confused about all the trickery and malicious software on the Internet, when people like you, who should know better, publish misinformation like this.

EDITOR'S NOTE: Okay, so I write in a conversational tone, and occasionally flout the rules of grammar. A wise man once said "Freedom of the press belongs to those who own one." I apply that to my blog, and sometimes I'll even throw an apostrophe in "it's" when it doesn't belong. I know the rules, but it just looks pretty sometimes. :-)

As for my poor research, incorrect presentation, and misinformation, you present no specifics. So we'll have to agree to disagree. Have a nice day.


Posted by:

Gary in Southeast Wisconsin
04 Feb 2017

Been using PCMatic (paid, lifetime version) for quite a few years. I have it on two xp pcs and three win7 pcs. NO issues - EVER. -


Posted by:

Clairvaux
04 Feb 2017

What are the arguments against PC Matic some commenters are hinting at ? Not being argumentative or taking sides. Just genuinely curious.


Posted by:

Clairvaux
04 Feb 2017

And another question : from what I understand, PC Matic is a whitelisting product (therefore completely different from other anti-virus). Whitelisting is supposed to be a very efficient anti-malware technique, but possibly difficult to implement or use.

Does anybody know of other reliable whitelisting programs, preferably free ? Sorry to come across as a pauper.


Posted by:

Barry Solotki
05 Feb 2017

Bob, I am getting sick and tired of you guys preaching about PCMatic. Seems that you and your associates are getting paid to tout how great this product is to the masses. I have used Bitdefender for many years now with great success and with no issues whatsoever. Besides there are many great programs available, I am just getting fed up hearing the same old song and dance about PCMatic, seems like overkill to me. I have over the past 25 years tried most of the big dogs and keep coming back to Bitdefender because of their pricing and great service. Cheers.


Posted by:

LindaSView
07 Feb 2017

Bob and other commenters,
I have been reading Bob's public service computer newsletter for years. Never I have been as upset over the amount of 'slams" against Bob as I have read in this article. No, he is not pushing software on anyone, but rather, after having done the research, put together an article about malware/virus/"uglycritters", and writing what he found. Read the whole article-beginning with the title. Yes, there are probably hundreds of us who have used PCMatic and had very bad experiences with it. Heck, I myself have given it three chances and finally said to myself, "self, it goes in the Norton pile of 'destruction". The bottom line is, Bob is supplying a service for the majority of us who read his newsletter and he brings in many other people's expertise in the field as well as his own. Could we all try and be civil, here. I just had to let this out because some of these comments are like two-year-olds in a sandbox fighting over a Tonka truck. Eventually one of the little darlins' is going to whack another off the head and then the "WRATH OF THE MOMMIES PART ONE"! Let's be adults? :)


Posted by:

Brian
13 Feb 2017

The more that I see the lab results --- which don't always entirely agree with each other, anyway --- the more I wonder just how "real world" their findings are.

I've used Norton for years, with Malwarebytes as an on-demand scanner, and have had no problems at all online --- literally none. My brother has surfed safely for years using various free AV software and MWB. And I can't recall my sister (who I think uses McAfee) ever complaining of her system being down by malicious software.

I'm not claiming for a moment that the labs' conclusions are useless; they're not. But a person shouldn't automatically be worried if his/her security software isn't at the top of the lab ratings, either.


There's more reader feedback... See all 34 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Are the Bad Guys Winning the Malware Wars? (Posted: 2 Feb 2017)
Source: http://askbobrankin.com/are_the_bad_guys_winning_the_malware_wars.html
Copyright © 2005 - Bob Rankin - All Rights Reserved