Current protection = only 70%

So as over 10 thousand new malware samples are being released day in day out, and have been for some time now, that means at least 3,000 nasties are evading detection every day = over 21,000 every week = over 84,000 every month

I expect a "proportion" of those will at "some" point get included in our defs, but when ? and how many does/would that leave still floating around undetected, and for how long ? By the sound of it, a bucket load, and maybe never

This contrasts with ALL the AV tests that are carried out from time to time. So what's the real picture and state of affairs ?

 

Interesting

 

From where does he pull the 70% figure from?

 

CEO`s are notorious for making statements that the office junior has cobbled up from a few hasty facts and figures scrambled from a variety of dubious sources and presented to them as fact. It is the same with world leaders, who issue statements that are a mixture of lies, deceit and propaganda aimed at persuading the masses towards a specific point of official misinformation.

The Rubik Cube of literary confusion and propaganda is infinite and the gullible fall into it like flies.

Scientists are no different if they are funded by an official body. They are given the answer and told to adjust their evidence and conclusions to achieve it. We can see this many times with issues that are of concern to the environment or the manipulation of populations towards various policies or actions.

The proportion of Baddies born to Baddies killed will never be known, too many self interests. The Cops cannot identify an unborn bad guy, so it is always a following game. The statement by this particular CEO does not quote a "rate of increase" which can be extrapolated as a function of time, just that at any one time the bad guy`s have three more soldiers than the good guy`s, assuming a linear progression.

Why worry about irrational comments issued by such people with a message behind their waffle ? It is a pointless exercise. Just trust the many reputable companies to produce their best products and provide the best security they can to combat the perpetual menace and enjoy the fruits of their contentious and dedicated labour.

Crime and law enforcement is a natural phenomena of human activity, there is no news in quoting the obvious by relating one to the other.

It is all too common to hear the irrational burble of some mogul of industry or world leader and react like Lemmings just because the guy has a few gold oak leaves on his hat or a fancy title.

Authority, rank and position will never ever beat education and intelligence amongst the masses and counting body bags ? What a futile waste of time.

John B

 

When Mel Morris, CEO of Prevx, said: “Antivirus and related security technology cannot be relied upon to protect against more than 70% of current threats,” one wonders precisely what is included in (and excluded from) his definition of “antivirus and related security technology.”

 

Indeed, good HIPS/Behaviour blocker/reputation etc. systems combined with AV can block almost anything (I'd say 95+%).

 

That's a key point.To accurately state that AVs are protecting against 70% of current threats you'd need to have knowledge of all active threats,if so why doesn't his company not just protect against the other 30%?

 

The article is aimed at the business world. However, it's instructive to think of this question also from the home user's point of view.

Look at actual exploits and attack vectors, and understand what you are protecting against. That gives the real picture!

Statistics are basically useless unless specified along with parameters that define them.

For example, if there are 5,000 malicious PDF files in the wild and signature-based security identifies only 70%, so what? Many times, new ones in the wild are 90 - 100% undetected for the first day or so. Again, so what? If all of these files are just triggers to download malware, as all have been shown to be, then the protection is the same, if you define protection in this case, blocking the execution of the payload. This essentially is true for all remote code execution exploits, such as the recent .lnk exploit.

Social engineering exploits are more problematical because people who attempt to load codecs to watch naughty videos, for example, want their AV to alert them if the codec is indeed malicious.

The same thing in downloading cracks, cheats, pirated software, and the like: people want to be warned ahead of time.

The real picture in these cases is that it is a no-win situation, since polymorphic malware and other means of keeping ahead of signature-based security makes it difficult to be forewarned, and the victim will indeed grant Admin privileges to install the rubbish files. Evidently many do, as the hijack forums show.

No one I know who follows computer security would pay any attention to such statistics, since they are meaninless within the context of setting up a security strategy for someone.

regards,

-rich

 

Originally Posted by Rmus

Exactly.

Yes we're OK, but it's ALL the others who aren't And there are a Lot more of them than us, so for them it's entirely relevent, i'd say.