Failures in Detection (Last 7 days)
- 14, 016 failures that is, infected files not detected by at least one antivirus engine
- 372 samples detected by all vendors
What's important to note here is that, response time towards a new piece of malware in the wild is crucial as always. But that's great when it's actually achieved. The independent folks at Av-test.org, have featured a very nice Excel sheet on the "Reaction Times of the latest MS05-039-based Worm Attacks"(2005-08-22) so you can take a look for yourself. And as I've once mentioned my opinion on the growing possibility of 0day malware on demand, proactive measures would hopefully get the attention of vendors. Some folks are going as high as stating that AV scanners and AV defense as a concept will eventually end up as product line extension of a security appliance? Though, I feel you will never be able to license a core competency of a vendor that's been there before the concept of DDoS started getting public! And obviously, the number of signatures detected by them doesn't play a major role like it used years ago. Today's competitive factors have to do with, but not only of course :
IPS (Intrusion Prevention Systems)
Protection against Buffer Overruns
I also advise you to go though a well written research on the topic of Proactive Antivirus protection, as it highlights the issues to keep in mind in respect to each of these. Is client side sandboxing an alternative as well, could and would a customer agree to act as a sandbox compared to the current(if any!) contribution of forwarding a suspicious sample? Would v2.0 constitute of a collective automated web petrol in a PC's "spare time"? How sound is this and the other concepts in terms of usability and deployment on a large scale?
Signatures are always a necessary evil as I like to say, ensure that at least your anti virus software vendor is not a newly born company with a modest honeyfarm and starting to perceive itself as a vendor, vendor of what? Solutions or signatures?!
Don't get me wrong, my intention behind this post was to make you think, as a customer or decion-maker on the approaches your current vendor uses, and how to make better decisions. At the bottom line, it's still a vendor's sensor network or client side submissions, even exchange of data between them, that provides the fastest response to *known* malware!
Technorati tags :
security,information security,malware,viruses,antivirus,malware trends