Are the Bad Guys Winning the Malware Wars?
The arms race between malware authors and anti-malware developers is constant and frenetic. The bad guys keep getting better at what they do, and the white hats are having a more difficult time detecting and eradicating malware when it attacks a computer. In one test lab, the average efficiency of popular antivirus programs was a pitiful 66.6 percent! But there's one product that succeeds at blocking 99.9 percent of all malware. Let's dig a little deeper into this...
Is Proactive Malware Protection a Myth?
Most popular anti-malware tools use a combination of “reactive detection” and “proactive detection” to detect suspicious software and block it from downloading to or executing on a computer before it can do any damage.
"Reactive testing" indicates how well a security tool scored at detecting known threats, or viruses currently known to exist. This is done by checking the "signature" of a new file against a database of known malware samples. The "proactive testing" portion indicates the tool's ability to detect previously unknown and zero-day threats. Proactive detection is more difficult, because the behavior of the program must be taken into account.
Proactive protection is great, in theory. But a recent study of tests involving many of the most popular anti-malware programs reveals an alarming trend. Test scores of proactive protections have been declining for years, and the dip has become a headlong plummet lately. Average test scores indicate that proactive protection is not very reliable.
In April, 2014, the average test score on Virus Bulletin’s RAP (Reactive and Proactive) Test was 78.92. By December, 2015, it had slipped to 70.57, and in the following eight months it fell to 66.60. Does that mean one out of every three malware attacks slipped past proactive shields?
Average scores don’t tell the whole story, though. In VB's most recent testing on the Windows 10 platform, a number of popular anti-malware programs had proactive RAP scores in excess of 80%, including Avira (86%), Avast (85%), Bullguard (85%), AVG (83%) and ESET (82%). PC Matic, a product of PC Pitstop, scored an eyebrow-raising 99.9%.
What About False Positives?
However, PC Matic also scored well above average on the “false positives” metric, meaning it incorrectly tagged legitimate software as “unknown” or suspicious more often than other anti-malware programs. The reason for this is that PC Matic adds "whitelisting" to its approach. With whitelisting, only safe programs and files can run. False positives are a nuisance because they require attention to determine legitimacy and unblock the installation or actions of falsely flagged programs.
If a file is flagged as “unknown”, it is blocked from opening until it can be tested and deemed either safe or malicious within 24 hours by PC Matic's malware research team. If the user chooses to bypass this waiting period, they can whitelist the file so it won't be flagged again. PC Matic's false positive rate is only 1.7% of all programs it scanned in the test.
It’s up to each user to decide whether the "abundance of caution" tradeoff is worthwhile. In other words, do you want a solution that blocks somewhere between 66% and 85% of malware with few or no false positives, or one that blocks 99.9% of malware with some false positives?
Are We Doing Better Against Spam?
Spam filters do much better than Web shields on Virus Bulletin’s tests. Many anti-spam programs scored in excess of 99/100 on the VB anti-spam test. That’s encouraging because phishing emails are especially popular among ransomeware distributors. But a good spam filter alone is not comprehensive protection.
While it remains cyber-suicide to go online without anti-malware protection, it would likewise be dangerous to assume that you don’t have to do anything after installing anti-malware. The VB test scores show significant gaps in proactive protection, which are closed only at the cost of more false positives.
It’s still incumbent upon users to exercise caution and judgment in their online activities. Avoid sketchy websites. If a file is flagged or quarantined do some research before taking a chance on running it. Don’t click on email links or attachments without verifying that they came from trusted contacts. A text or phone call may be necessary to confirm that your friend actually sent the message, and not a virus on his or her computer.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 2 Feb 2017
|For Fun: Buy Bob a Snickers.|
Geekly Update - 01 February 2017
The Top Twenty
Avoiding Online Tax Scams
There's more reader feedback... See all 34 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Are the Bad Guys Winning the Malware Wars? (Posted: 2 Feb 2017)
Copyright © 2005 - Bob Rankin - All Rights Reserved