Anti-virus software has become an ineffective tool for combating viruses and other forms of malware, according to a study by the Israeli Institute of Technology and security software vendor Imperva.
The study suggests that the initial detection rate of newly created viruses is less than five per cent – despite the heuristic behaviour-based algorithms now used by anti-virus software to detect malware based on its characteristics, as well as "signatures" that identify particular viruses.
Furthermore, some anti-virus software vendors take as long as four weeks to update their software to take account of the latest threats, while the software with the best detection capabilities – which include the free anti-virus software offerings from Avast and Emsisoft – also have a high "false positive" rate.
Yet at $7.4bn – $4.5bn in the consumer sector and $2.9bn spent by organisations – anti-virus software accounts for about one-third of total security software market spending.
The report recommends that security teams should spend more time identifying "aberrant behaviour" using new technologies rather than just spending money on the anti-virus software subscription and considering the job done.
However, the methodology of the study has been widely criticised by security specialists. The online tool used to conduct the technical analysis – Google-owned VirusTotal is a website that analyses files and URLs to identify viruses, worms, trojans and other other malware – and not real-world threat exposure. Nor did the study take account of the different parameters in which the products could be run.