Share This Page

Antivirus software doesn't deter hackers

| Saturday, Oct. 5, 2013, 9:00 p.m.

At a time when millions of computer users face increasingly sophisticated cyberattacks, the antivirus software they rely on to keep their information safe frequently fails to do the job.

Of 45 pieces of malware that lingered on the New York Times computer systems for a third of a year, just one was spotted by its antivirus software, the newspaper disclosed in January. That same month, security company Kaspersky disclosed a global data-stealing scheme had evaded detection by antivirus products for five years.

Such examples are becoming alarmingly common. Recent studies have found much of the malware-fighting software on the market is virtually useless against the growing onslaught of attacks.

“Every couple of months you see there's this major virus outbreak that everybody missed,” said Jeremiah Grossman of Santa Clara, Calif.-based WhiteHat Security. “The cards are stacked in the bad guys' favor.”

With global spending on antivirus products expected to hit $8.4 billion this year, according to research firm Gartner, he added, “people are paying good money to be less secure.”

Campbell, Calif.-based ClickAway's stores repair about 60 infected computers a day, and about two-thirds of them have antivirus software on the machines, said Executive Vice President Oliver Rowen. Jeremy Prader, who sees similar problems at his San Jose, Calif., computer repair business, The Cheap Squad, added that the crooks “are coming up with something new every day.”

Indeed, Kaspersky says it encounters about 200,000 new malware varieties daily compared with only about 25 per day in 1994, 700 in 2006 and 7,000 in 2011.

That's a big problem because antivirus products mostly spot known malware, not new forms. Plus, hackers have gotten more devious, said Wade Williamson of security firm Palo Alto Networks, noting that sophisticated crooks can disable antivirus software while making it appear the software is still working. Other experts say hackers routinely fine-tune their malware against antivirus products to make their code harder to detect.

Antivirus comparison tests vary widely, but some have found grave weaknesses.

Of 11 commonly used security programs tested last year by Texas-based NSS Labs, most were found to be “not providing adequate protection,” and even updated versions failed to spot malware that had been rampant for years.

When Palo Alto Networks this year scanned about 70,000 malware varieties with a half-dozen antivirus products, it found about 40 percent “were not detected.”

A study of 42 antivirus products last year by Imperva of Redwood City, Calif., and the Technion-Israel Institute of Technology determined that the initial detection rate of a newly created virus is less than 5 percent.

Many experts say having the software is better than nothing and that computer users often invite malware by letting their antivirus service lapse.

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.