How important are updated virus definitions?

Recently, while talking to a rep from the company that services our school's laptops, I heard a statement that I hadn't heard before. Their rep was telling me that NAV 2005, which runs on some of our computers, updated last at the end of December 05 (when the subscription ran out), would be more than adequate as an av defense for some of our computers that are used to get online. He was saying that the
chances of getting infected by a virus that isn't in the definitions file are rather slim.

This really goes against the grain of what I have been led to believe. I would have thought that even a freeware av ap with updated definitions would be better than a pro version that hasn't been updated in a while.

Is this true?

Perhaps another way of expressing this question is to wonder what percentage of viruses in the wild, are new (say, created in the last month or two or three) as opposed to the older ones that would be in a 6-month old definitions file.

Any takers?

 

An AV should always be kept updated as threats & other nasties appear every day. It's really important to keep your AV up-to-date, regardless of what other people say. And that's a fact!

 

In the old days where threats weren't so common as they are today, you could pull it off - Even I only updated my AV 2 times a month. But these days you can't do that (well you can, but I won't recommend it).

 

Thanks for the replies. The Kaspersky article was rather informative. I'd never seen the argument outlined (about the increasing speed of infestation of the newer threats) and of course it increases the need for updated definitions (because an infected computer can now cause much more damage).

 

Well, since the article and replies did not mention it, the updates are only required to be up-to-date in a signature-based AV. There are other AV engines that are primarily heuristic in nature and do not work on the basis of signatures per-se that the signature-based AVs use.

With a signature-based AV, you are only protected upto and including the latest known signatures. The new-kid on the block virus signature is not known until a certain time period after its first release. That is when the signature-based AVs are not able to protect your computer from the new-kid on the block virus.

With a heuristic-based AV, you may have at least a chance of protecting yourself from the new-kid on the block virus.

One interesting AV signature/heuristic combination is Gdata AVK Pro which uses the engines from both Kaspersky and BitDefender. Not having used this, I cannot comment on it, however, it would be interesting to see a comparison of Gdata AVK Pro vs KAV and BitDefender used on one machine against a slew of viruses. It probably all boils down to which products get the latest updates as to who would come out for the better in such a comparison.

-- Tom

 

I personally like norton antivirus, but if it is not updated or other AV's not updated they are next to worthless in a very short time without new definitions. Hueristics help but do not take up the slack for lack of updates.

 

Thanks for that perspective, Lotus and bigc. I've never looked into the heuristics vs. definitions question. Like everything in computer security, its a matter of layers and each layer can help, regardless of how important. I'll have to research that some more, tho.

 

I partially agree with bigc - heuristics are a very important part of a rounded approach to AV technologies - they provide zero-day protection in many cases, ie, they can detect minor variations of known threats, or threat classes that have a known behavior type.

However, updates are ESSENTIAL in today's ever changing landscape of threats... you can't do without them, and for any AV rep to tell you that you can, is simply ludicrous in my opinion.

In a school setting - worse still - again, in my opinion...

 

Updated virus definitions is the most important thing which You should do by Your anty virus program.

 

agree....updating your anti-virus is vital. of course heuristics play an important role but they are also delivered through updates.