General Malware Question

Does anyone have a guess on how much malware escapes detection by all anti-malware programs at any given time?

 

Are you serious, no one can give you a true answer

TH

 

What does that mean?

 

That means it would be impossible for anyone to guess with any accuracy what so ever. Download sandboxie and forget about such things.

 

Well, let's say they will miss them by the thousands* each day. But, they will detect another few thousands as well. Play and catch, that's what it is. Obviously, antimalware applications aren't what they used to be (most of them); they have other security implementations to cover the lack of detections, and I'm sure they try their best at it.

Multiplying that by all security vendors, well... do the math.

 

Considering that there are approximately 50,000 new or variants each day! http://www.squidoo.com/What_is_Malware

TH

 

I mean you can't even come close to answering such an open ended question. If you narrowed it down to a specific program or even a certain type of protection, you could give it a shot in the dark.

 

No one really knows

 

As "THAT" person Rumsfeld once said

Seriously though, due to the overwhelming Massive amount of daily malware released, it's a BIG problem for vendors to "try" and keep up. In short they can't and don't, because tomorrow there's even more ad infinitum !

 

How many licks does it take to get to the center of a tootsie pop?

 

No one can reply your question correctly.

 

Just for fun : A liitle math equation,
if one anti malware stop 99% each day,
with 50000 new malware everyday, it will not catch 500 malware a day
If we add hips + sand box + virtual + firewall + BB + prosses monitor etc.
We should get a near 99.9%.
So its 50 malware a day gets through
Even with 99.99% protection we still be getting 5 a day. That's 1825 malware a year

Moral story (for my self) : stop being too worried, enjoy the world

 

In other words, can users trust the Anti-Malware programs or Not?

 

When there are so many undetected threats the word 'trust' is too far fetched that's maybe why most of us don't depend on only one Anti Malware (our Anti Virus) software to protect us and people go for extra like HIPs,Anti-loggers and vitalization software's.

 

Yes. 100%, 0%, don't know, 1/infinity.

You said "at any given time"....so let's consider a few different timing:

a) A time when a nasty zero-day is released and one that has been specifically designed to escape detection by all (if not, mostly popular and mostly used) anti-malware programs. In theory, we can assume that 100% of that particular malware therefore escapes detection. (remember that we're specifically using the term detection here and not prevention)

b) A time when the signatures have already been made by all (if not, mostly popular and mostly used) anti-malware programs. In theory, we can assume that 0% of that particular malware therefore escapes detection.

c) However, if that particular malware is calculated upon as subset of all available malware (the ones existing and has been identified so far), and regardless of whether or not it has escaped detection, the percentage is hard to verify. We need to know beforehand how much malware there are that have been collected so far. Anyone knows the exact figure so that we can calculate it to the precision?

d) However, if that particular malware is calculated upon as subset of all available malware (including all possible future malware that has not been seen, distributed, collected, identified yet), and regardless of whether or not it has escaped detection, we can't calculate percentage....the answer is 1/infinity = infinitesimal or undefined. (I'll leave that to maths wiz to sort out)

-http://www.mathsisfun.com/calculus/limits-infinity.html-

Question answered - please take your pick.

 

Detection Errors and Scanner Performance

 

If it was never detected, how can it be counted?
It's like asking how many things have not been discovered yet?

 

Thanks for all the responses guys. The above quotation is more of what I was going for.

Along the lines of Rumsfeld's "unknown unknowns", I do recognize that you cannot count or know that which is "unknown". I was only hoping for a ballpark estimate and educated guess from the subjective experience of those here at the forum. So let me rephrase the question.

Does anyone's intuition tell them that the scanners on average miss maybe 50%, 30% or some similar percent of EVERYTHING out there in the wild?

Has anyone speculated on anything along those lines?

Are anti-malware scanners already obsolete for the most part?

Is it possible that the larger portion of malware is never detected since it is not as widely distributed as the malware that is detected?

Feel free to substitute "the scanners" with "Avira, Avast, Kaspersky" if greater concrete detail is needed to answer any of these questions. And thanks again for all the responses everyone.

Oh, and for the record, I am a big fan of sandboxie.

 

VirusTotal Stats

 

Well, you know, now.

 

Who cares ? Just use Sandboxie by Mr.Tzuk and your question becomes totally irrelevant.

John

 

scanners are good at detecting what's known, bad at detecting what's unknown, and what's in the wild is a fast-moving target.

you can trust known-malware scanners to detect known malware. you should be using other layers (sandboxing, whitelisting, behaviour blocking, integrity monitoring, etc) for the unknown stuff.

 

Escaping all anti-malware programs? If we include virtualization, default-deny whitelists, and disk imaging, then 0% (at the present at least).

 

That is rather telling. Thank you!