Less than 5% of antivirus solutions were able to detect previously non-cataloged viruses and many solutions took up to a month or longer following the initial scan to update their signatures, a new study said.
“Enterprise security has drawn an imaginary line with its antivirus solutions, but the reality is that every single newly created virus may subvert these solutions,” said Amichai Shulman, CTO, Imperva, which conducted the survey. “We do not believe that enterprises are achieving the value of the investment of billions of dollars in antivirus solutions, especially when certain freeware solutions in our study outperformed paid solutions.”
Imperva utilized various methods for collecting more than 80 viruses. They tested these 82 unreported viruses in a virtual execution environment that ensured they displayed behavior indicative of viruses and that limited the vulnerability to computing resources.
The key findings:
• Antivirus solutions have a difficult time detecting newly created viruses – While antivirus vendors may constantly work to update their detection mechanisms, the initial rate of detection of new viruses by antivirus solutions in the study was less than 5%.
• Antivirus solutions lag in updating signatures – In some cases in the study, it took anti-virus solutions up to four weeks following the initial scan to detect a virus.
• Antivirus investment seems high – In 2011, Gartner reported that consumers spent $4.5 billion on antivirus while enterprises spent $2.9 billion, a total of $7.4 billion or more than a third of the total of $17.7 billion spent on security software. Some freeware solutions in the study proved equally or more effective than paid solutions.
While Imperva did not find a single antivirus product that provided complete protection, the solutions that had the best detection rates included two freeware antivirus products.
Click here to download the study.