Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Antivirus software can't keep up with new malware, Lastline Labs analysis finds

Startup runs malware through VirusTotal, gets depressing answer

Article comments

Brand new malware is detected by only around half of antivirus programs on the day it first appears, an analysis by security startup Lastline Labs has found after running samples through the VirusTotal online scanner.

Over the last year, the firm ran hundreds of thousands of pieces of malware it had encountered through the service to see how many of the 47 antivirus products correctly identified the files as malicious.

On the first day the overall detection percentage averaged 51 percent of the programs, which rose slowly until suddenly ramping up to 61 percent about two weeks after the malware’s first submission.  

Measuring detection rates using VirusTotal is not a new idea and the firm's results were more or less as might be expected; antivirus software gets better and better at spotting malware as time passes, but the detail reveals some important caveats.  When no program on VirusTotal spotted a piece of malware on the first day, it took an average of two days for at least one program to detect it.

Without naming any names, it is clear that some antivirus programs are still better (i.e. faster) at detecting new malware than others, with some examples managing to elude one in ten scanners a full year after their first appearance.

So does all this tell us whether antivirus software works or not? On the basis of Lastline’s findings, the answer probably depends on what is understood by the word 'works'.

The firm found that around 1 percent of malware is stubbornly hard to detect using the signature technology that is the core of antivirus software. This unusual and presumably rare malware sits undetected for months and might never make it into signature databases of any product. Indeed, they were probably specially crafted to evade signature detection by simply not being common enough to be quickly spotted and fingerprinted.

This is not good if you happen to be one of the small group of firms being targeted by these programs but that's been true for some time.

“We think that ‘traditional’ AV technology is not dead, but needs to be complemented with other approaches (e.g., based on dynamic analysis of samples, network anomaly detection) that provide additional signals for detection,” argued Lastline Labs’ CTO, Giovanni Vigna.

“For us, this preliminary dataset leaves us with as many questions as answers.”

As ever, it’s a line that chimes with the argument by a range of more recently-founded security firms that the technology employed by the established brands is no longer good enough as a single line of defence and should be supplemented with newer technology.

Ironically, it’s a message that increasingly works for the larger traditional AV vendors such as Symantec, which recently surprised the security world after an executive recently told the Wall Street Journal that antivirus software was “dead.” But Symantec increasingly wants its business user base to move to more recent products too and timed its historic admission to coincide with the announcement of new systems.

Lastline itself jumped the Atlantic, launching a UK wing in London’s Tech City last November.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *