Antivirus software is now so ineffective at detecting new malware threats most enterprises are probably wasting their money buying it, an analysis by security firm Imperva has concluded.
Reports questioning the protection offered by antivirus suites has become a staple theme among researchers in recent times and the study Assessing the Effectiveness of Anti-Virus Solutions, carried out for Imperva by the University of Tel Aviv, is another addition to that sobering collection.
The team ran a collection of 82 new malware files through the VirusTotal system that checks files against around 40 different antivirus products, finding that the initial detection rate was a startling zero.
The company then ran the same scan a number of times at intervals of a week apart to see whether detection improved over time, discovering that even the best-performing products took at least three weeks to add a previously undetected sample to their databases.
Across products, 12 files that were poorly detected when new were still not detected by half of the software when scanned at later dates. In some detections, files were simply marked as "unclassified malware," a designation that would harm the effectiveness of malware removal.
It is hard to say which individual products did best from this bad job (readers can judge for themselves on Imperva's website) but there appeared no connection between popularity and success.
More strikingly, Imperva's researchers end up recommending two free antivirus products, Avast and Emisoft, as the "most optimal" of those looked at with McAfee an acceptable performer too.
So what about businesses?
According to Imperva, organisations continue to buy licensed antivirus software because compliance regimes mandate that they should do so. This stipulation should be eased to allow them to buy free products instead, putting the money saved into other forms of security, the company suggested.
"To be clear, we don't recommend eliminating antivirus. We do, however, recommend rebalancing and modernizing security spend to meet today's threats," said the report.
Using Gartner figures, Imperva reckoned that antivirus software was consuming around a third of total software security spend, an investment not justified by its returns.
"Enterprise security has drawn an imaginary line with its anti-virus solutions, but the reality is that every single newly created virus subverts these solutions without challenge," commented Imperva's CTO, Amichai Shulman.
"We cannot continue to invest billions of dollars into anti-virus solutions that provide the illusion of security, especially when freeware solutions outperform paid subscriptions."
Admins might equally point out that free antivirus programs are aimed at consumers and rarely offer the sort of business deployment and management capabilities they require.
In August NSS Labs noticed that many antivirus products were unable to block malware attacks exploiting two prominent Microsoft vulnerabilities that had been patched weeks before.
Over the years a variety of new technologies have been employed to improve antivirus security, usually now defences built into programs such as browsers; at least one startup, ZeroVulnerabilityLabs, has launched a beta of a plug-in that abandons malware detection entirely in favour of simply blocking the software flaws exploited by malware to gain control of PCs.