General Malware Question

Discussion in 'other anti-malware software' started by TheGyre, Feb 27, 2011.

Thread Status:
Not open for further replies.
  1. TheGyre

    TheGyre Registered Member

    Joined:
    Oct 8, 2010
    Posts:
    11
    Location:
    near Washington D.C.
    Does anyone have a guess on how much malware escapes detection by all anti-malware programs at any given time?
     
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Are you serious, no one can give you a true answer :gack:

    TH
     
  3. TheGyre

    TheGyre Registered Member

    Joined:
    Oct 8, 2010
    Posts:
    11
    Location:
    near Washington D.C.
    What does that mean?
     
  4. the dummy

    the dummy Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    71
    That means it would be impossible for anyone to guess with any accuracy what so ever. Download sandboxie and forget about such things.
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Well, let's say they will miss them by the thousands* each day. ;) But, they will detect another few thousands as well. Play and catch, that's what it is. Obviously, antimalware applications aren't what they used to be (most of them); they have other security implementations to cover the lack of detections, and I'm sure they try their best at it.

    Multiplying that by all security vendors, well... do the math. :D
     
  6. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
  7. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    I mean you can't even come close to answering such an open ended question. If you narrowed it down to a specific program or even a certain type of protection, you could give it a shot in the dark.
     
  8. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    No one really knows :D
     
  9. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    As "THAT" person Rumsfeld :D once said

    Seriously though, due to the overwhelming Massive amount of daily malware released, it's a BIG problem for vendors to "try" and keep up. In short they can't and don't, because tomorrow there's even more ad infinitum !
     
  10. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    How many licks does it take to get to the center of a tootsie pop?
     
  11. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    No one can reply your question correctly.
     
  12. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    Just for fun : A liitle math equation,
    if one anti malware stop 99% each day,
    with 50000 new malware everyday, it will not catch 500 malware a day
    If we add hips + sand box + virtual + firewall + BB + prosses monitor etc.
    We should get a near 99.9%.
    So its 50 malware a day gets through
    Even with 99.99% protection we still be getting 5 a day. That's 1825 malware a year

    Moral story (for my self) : stop being too worried, enjoy the world
     
  13. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    In other words, can users trust the Anti-Malware programs or Not? ;)
     
  14. brainrb1

    brainrb1 Registered Member

    Joined:
    Mar 15, 2010
    Posts:
    474
    When there are so many undetected threats the word 'trust' is too far fetched that's maybe why most of us don't depend on only one Anti Malware (our Anti Virus) software to protect us and people go for extra like HIPs,Anti-loggers and vitalization software's.
     
  15. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Yes. 100%, 0%, don't know, 1/infinity.

    You said "at any given time"....so let's consider a few different timing:

    a) A time when a nasty zero-day is released and one that has been specifically designed to escape detection by all (if not, mostly popular and mostly used) anti-malware programs. In theory, we can assume that 100% of that particular malware therefore escapes detection. (remember that we're specifically using the term detection here and not prevention)

    b) A time when the signatures have already been made by all (if not, mostly popular and mostly used) anti-malware programs. In theory, we can assume that 0% of that particular malware therefore escapes detection.

    c) However, if that particular malware is calculated upon as subset of all available malware (the ones existing and has been identified so far), and regardless of whether or not it has escaped detection, the percentage is hard to verify. We need to know beforehand how much malware there are that have been collected so far. Anyone knows the exact figure so that we can calculate it to the precision?

    d) However, if that particular malware is calculated upon as subset of all available malware (including all possible future malware that has not been seen, distributed, collected, identified yet), and regardless of whether or not it has escaped detection, we can't calculate percentage....the answer is 1/infinity = infinitesimal or undefined. (I'll leave that to maths wiz to sort out)

    -http://www.mathsisfun.com/calculus/limits-infinity.html-

    Question answered - please take your pick.:p
     
  16. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  17. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    If it was never detected, how can it be counted?
    It's like asking how many things have not been discovered yet?
    :blink:
     
  18. TheGyre

    TheGyre Registered Member

    Joined:
    Oct 8, 2010
    Posts:
    11
    Location:
    near Washington D.C.

    Thanks for all the responses guys. The above quotation is more of what I was going for.

    Along the lines of Rumsfeld's "unknown unknowns", I do recognize that you cannot count or know that which is "unknown". I was only hoping for a ballpark estimate and educated guess from the subjective experience of those here at the forum. So let me rephrase the question.

    Does anyone's intuition tell them that the scanners on average miss maybe 50%, 30% or some similar percent of EVERYTHING out there in the wild?

    Has anyone speculated on anything along those lines?

    Are anti-malware scanners already obsolete for the most part?

    Is it possible that the larger portion of malware is never detected since it is not as widely distributed as the malware that is detected?

    Feel free to substitute "the scanners" with "Avira, Avast, Kaspersky" if greater concrete detail is needed to answer any of these questions. And thanks again for all the responses everyone.

    Oh, and for the record, I am a big fan of sandboxie. :)
     
  19. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  20. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Well, you know, now.;)
     
  21. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Who cares ? Just use Sandboxie by Mr.Tzuk and your question becomes totally irrelevant.

    John
     
  22. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    scanners are good at detecting what's known, bad at detecting what's unknown, and what's in the wild is a fast-moving target.

    you can trust known-malware scanners to detect known malware. you should be using other layers (sandboxing, whitelisting, behaviour blocking, integrity monitoring, etc) for the unknown stuff.
     
  23. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Escaping all anti-malware programs? If we include virtualization, default-deny whitelists, and disk imaging, then 0% (at the present at least).
     
  24. TheGyre

    TheGyre Registered Member

    Joined:
    Oct 8, 2010
    Posts:
    11
    Location:
    near Washington D.C.
    That is rather telling. Thank you!
     
Loading...
Thread Status:
Not open for further replies.