PC World recently reviewed Norton Internet Security 2010 praising the tool as “one of the top performers in detecting and cleaning up active malware infections on a PC.” While it is important to recognize the inherent need for anti-virus (AV) security tools, reports like these published by PC World may in fact be a disservice to consumers and businesses by creating a false sense of security for those using these tools.
PC World stated that Norton “found all bad software, disabled 93 percent of it and removed all traces of two-thirds of the software—the best score of any product [they] tested.” While these may have been the best scores that they saw, according to the report, their lab environment included only known signatures, thus not representing the “real” Internet where zero-day threats and malware with unknown signatures appear in abundance every day.
Since the testing of the top AV products was conducted against known signatures, anything less than a 100% detection rate should be unacceptable. As illustrated in the graph below, we have found that even the most popular AV solutions detect less than half of the latest malware threats:
Furthermore, after at least a week from the release of a new malware threat, AV companies still only have about a 50% chance of protecting against the threat – strengthening the argument for a comprehensive proactive security approach. More information regarding our testing can be found in the Cyveillance Intelligence Report.
We strongly encourage vigilant testing of security products but the methods should be based realistic online environments, provide insight into the realities of what AV solutions can do and report an accurate level of security for those using the products.