Antivirus software a waste of money for businesses, report suggests

Poor detection means that free programs offer better value

Antivirus software is now so ineffective at detecting new malware threats most enterprises are probably wasting their money buying it, an analysis by security firm Imperva has concluded.

Reports questioning the protection offered by antivirus suites has become a staple theme among researchers in recent times and the study Assessing the Effectiveness of Anti-Virus Solutions, carried out for Imperva by the University of Tel Aviv, is another addition to that sobering collection.

The team ran a collection of 82 new malware files through the VirusTotal system that checks files against around 40 different antivirus products, finding that the initial detection rate was a startling zero.

The company then ran the same scan a number of times at intervals of a week apart to see whether detection improved over time, discovering that even the best-performing products took at least three weeks to add a previously undetected sample to their databases.

Across products, 12 files that were poorly detected when new were still not detected by half of the software when scanned at later dates. In some detections, files were simply marked as "unclassified malware," a designation that would harm the effectiveness of malware removal.

It is hard to say which individual products did best from this bad job (readers can judge for themselves on Imperva's website) but there appeared no connection between popularity and success.

More strikingly, Imperva's researchers end up recommending two free antivirus products, Avast and Emisoft, as the "most optimal" of those looked at with McAfee an acceptable performer too.

So what about businesses?

According to Imperva, organisations continue to buy licensed antivirus software because compliance regimes mandate that they should do so. This stipulation should be eased to allow them to buy free products instead, putting the money saved into other forms of security, the company suggested.

"To be clear, we don't recommend eliminating antivirus. We do, however, recommend rebalancing and modernizing security spend to meet today's threats," said the report.

Using Gartner figures, Imperva reckoned that antivirus software was consuming around a third of total software security spend, an investment not justified by its returns.

"Enterprise security has drawn an imaginary line with its anti-virus solutions, but the reality is that every single newly created virus subverts these solutions without challenge," commented Imperva's CTO, Amichai Shulman.

"We cannot continue to invest billions of dollars into anti-virus solutions that provide the illusion of security, especially when freeware solutions outperform paid subscriptions."

Admins might equally point out that free antivirus programs are aimed at consumers and rarely offer the sort of business deployment and management capabilities they require.

In August NSS Labs noticed that many antivirus products were unable to block malware attacks exploiting two prominent Microsoft vulnerabilities that had been patched weeks before.

Over the years a variety of new technologies have been employed to improve antivirus security, usually now defences built into programs such as browsers; at least one startup, ZeroVulnerabilityLabs, has launched a beta of a plug-in that abandons malware detection entirely in favour of simply blocking the software flaws exploited by malware to gain control of PCs.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal TechImpervasecurityantivirus

More about AvastGartnerImpervaMcAfee AustraliaMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place