Antivirus software doesn't deter hackers
At a time when millions of computer users face increasingly sophisticated cyberattacks, the antivirus software they rely on to keep their information safe frequently fails to do the job.
Of 45 pieces of malware that lingered on the New York Times computer systems for a third of a year, just one was spotted by its antivirus software, the newspaper disclosed in January. That same month, security company Kaspersky disclosed a global data-stealing scheme had evaded detection by antivirus products for five years.
Such examples are becoming alarmingly common. Recent studies have found much of the malware-fighting software on the market is virtually useless against the growing onslaught of attacks.
“Every couple of months you see there's this major virus outbreak that everybody missed,” said Jeremiah Grossman of Santa Clara, Calif.-based WhiteHat Security. “The cards are stacked in the bad guys' favor.”
With global spending on antivirus products expected to hit $8.4 billion this year, according to research firm Gartner, he added, “people are paying good money to be less secure.”
Campbell, Calif.-based ClickAway's stores repair about 60 infected computers a day, and about two-thirds of them have antivirus software on the machines, said Executive Vice President Oliver Rowen. Jeremy Prader, who sees similar problems at his San Jose, Calif., computer repair business, The Cheap Squad, added that the crooks “are coming up with something new every day.”
Indeed, Kaspersky says it encounters about 200,000 new malware varieties daily compared with only about 25 per day in 1994, 700 in 2006 and 7,000 in 2011.
That's a big problem because antivirus products mostly spot known malware, not new forms. Plus, hackers have gotten more devious, said Wade Williamson of security firm Palo Alto Networks, noting that sophisticated crooks can disable antivirus software while making it appear the software is still working. Other experts say hackers routinely fine-tune their malware against antivirus products to make their code harder to detect.
Antivirus comparison tests vary widely, but some have found grave weaknesses.
Of 11 commonly used security programs tested last year by Texas-based NSS Labs, most were found to be “not providing adequate protection,” and even updated versions failed to spot malware that had been rampant for years.
When Palo Alto Networks this year scanned about 70,000 malware varieties with a half-dozen antivirus products, it found about 40 percent “were not detected.”
A study of 42 antivirus products last year by Imperva of Redwood City, Calif., and the Technion-Israel Institute of Technology determined that the initial detection rate of a newly created virus is less than 5 percent.
Many experts say having the software is better than nothing and that computer users often invite malware by letting their antivirus service lapse.