Antivirus software so ineffective it's a waste of money, report suggests

Antivirus software so ineffective it's a waste of money, report suggests

Poor detection means that free programs offer better value

Article comments

Antivirus software is now so ineffective at detecting new malware threats most enterprises are probably wasting their money buying it, an analysis by security firm Imperva has concluded.

Reports questioning the protection offered by antivirus suites has become a staple theme among researchers in recent times and the study Assessing the Effectiveness of Anti-Virus Solutions, carried out for Imperva by the University of Tel Aviv, is another addition to that sobering collection.

The team ran a collection of 82 new malware files through an online malware-checking system that tests files against around 40 different antivirus products, finding that the initial detection rate was a startling zero.

The company then ran the same scan a number of times at intervals of a week apart to see whether detection improved over time, discovering that even the best-performing products took at least three weeks to add a previously undetected sample to their databases.

Some files marked as "unclassified malware"

Across products, 12 files that were poorly detected when new were still not detected by half of the software when scanned at later dates. In some detections, files were simply marked as "unclassified malware," a designation that would harm the effectiveness of malware removal.

It is hard to say which individual products did best from this bad job (readers can judge for themselves on Imperva’s website) but there appeared no connection between popularity and success.

More strikingly, Imperva’s researchers end up recommending two free antivirus products, Avast and Emisoft, as the “most optimal” of those looked at with McAfee an acceptable performer too.

So what about businesses?

According to Imperva, organisations continue to buy licensed antivirus software because compliance regimes mandate that they should do so. This stipulation should be eased to allow them to use free products instead, putting the money saved into other forms of security, the company suggested.

"To be clear, we don’t recommend eliminating antivirus.  We do, however, recommend rebalancing and modernizing security spend to meet today’s threats," said the report.

Using Gartner figures, Imperva reckoned that antivirus software was consuming around a third of total software security spend, an investment not justified by its returns.

Freeware solutions outperform paid subscriptions

"Enterprise security has drawn an imaginary line with its anti-virus solutions, but the reality is that every single newly created virus subverts these solutions without challenge," commented Imperva’s CTO, Amichai Shulman.

"We cannot continue to invest billions of dollars into anti-virus solutions that provide the illusion of security, especially when freeware solutions outperform paid subscriptions."

Admins might equally point out that free antivirus programs are aimed at consumers and rarely offer the sort of business deployment and management capabilitiies they require.

In August NSS Labs noticed that many antivirus products were unable to block malware attacks exploiting two prominent Microsoft vulnerabilities that had been patched weeks before.

Over the years a variety of new technologies have been employed to improve antivirus security, usually now defences built into programs such as browsers; at least one startup, ZeroVulnerabilityLabs, has launched a beta of a plug-in that abandons malware detection entirely in favour of simply blocking the software flaws exploited by malware to gain control of PCs.



  • Graham Cluley VirusTotal itself says that it shouldnt be used for comparing anti-virus performanceSee httpvirustotalcomaboutIts flawed methodology Whoever did this test simply doesnt understand what VirusTotal is and what it isnt
  • Jindrich Kubec Any such report starting with words Ran samples through VirusTotal is crap VirusTotal is valuable tool but it is not a tool for testing the effectiveness of AV products because ita uses special commandline versions of productsb most of the scanners are able to do only partial tests on VT setup Its not possible to test all of the cloud reputation requests the metadata about the samples are missing you cannot do behavioral detections etc etc The proper testing takes lots of time and money and even people trying to do the proper testing AV-Test AV-Comparatives Dennis Labs MRG sometimes fail
  • moi BS u cannot downplay the importance of AV imagine your pc without one especially if ur a heavy user the type of cutting edge technology mentioned is not needed by the majority of users
Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *