Eighty percent of new malware defeats antivirus

The most popular antivirus applications on the market are rendered useless by around 80 percent of new malware, according to AusCERT.

At a security breakfast hosted by e-mail security firm Messagelabs in Sydney on Wednesday, the general manager of the Australian Computer Emergency Response Team (AusCERT), Graham Ingram, told the audience that popular desktop antivirus applications "don't work".

"At the point we see it as a CERT, which is very early on -- the most popular brands of antivirus on the market ... have an 80 percent miss rate. That is not a detection rate that is a miss rate.

"So if you are running these pieces of software, eight out of 10 pieces of malicious code are going to get in," said Ingram.

Ingram, who refused to name any specific companies, was quick to point that this was due to cybercriminals designing their Trojans and viruses to bypass detection rather than a defective product.

"I am not suggesting that there is a difference in the quality of the antivirus products themselves. What is happening is that the bad guys, the criminals, are testing their malicious code against the antivirus products to make sure they are undetectable. This is not a representation of the software," said Ingram.

Although less popular antivirus applications are more likely to pick up new malware, Ingram said that the average level of new malware that is undetected is 60 percent, which is "worrying".

"What do most people have as protection for their client machines? I would suggest it is antivirus. You are lucky if you have antispyware. So they are attacking a machine that is protected by a piece of software that is not working.

"This is the dilemma that is building up here and the success rate is becoming quite worrying," added Ingram.

Advertisement

Print feature brought to you by Adobe

Talkback 28 comments

    Suprise Suprise Anonymous -- 19/07/06 (in reply to #120138368)

    Wait, I a few weeks the Anti Virus corps will be selling a "malware" add on component for $39.99.

    Stop wasting all of your money on Microsoft and Antivirus and start using Linux.

    (Unless you are a gamer)

    Linux is the ultimate anti-virus. Anonymous -- 07/03/09 (in reply to #120138369)

    I've been a linux user for years, and never once had a spyware/trojan/virus problem. In XP, I'm infested most of the time, and even with my level of tech, have to manually dig out most of the threats, since antivirus doesn't work.

    If you want to be virus free, I suggest switching operating systems. most of the time I run in Linux, since I'm bullet-proof in it, and it runs faster to begin with. These days, it's got more features than M$ stuff anyhow. Check out distrowatch.org or http://www.linux-disks.com

    Antivirus Anonymous -- 19/08/09 (in reply to #120138369)

    Download

    Rootkits & Anti-Virus steo -- 20/07/06

    A lot of Anti-virus software does not have the ability of finding rootkits. The rootkits then allow the malware to bypass the Anti-virus software.

    People Often Think Their PCs Are Clean While Spyware Is Active On Their System Mel Morris -- 20/07/06

    Sadly, while some may contest the 80% miss rate Graham's point is absolute. A very high proportion of modern spyware products bypass top antivirus and antispyware products as if they didn't exist. As a result large numbers of PC users have trojans, spyware, adware, keyloggers and root kits alread installed on their system. EVEN THOUGH their security product is bang up to date and says their systems are clean.

    It is important that the consumer and corporate use base wake up to the threat that this poses. As CEO of Prevx Limited I am astounded by the extent by which leading security products are failing to detect or failing to remove serious threats such as SpywareQuake, Spy Heal, Dollar Revenue, Global Access, Hacker Defender Root Kits and many more.

    Here are the headline stats based on 2,000 or so new users who download and activate Prevx1 each and every day.

    2,000 users a day

    450 have no security at all
    350 use a free security product
    150 have 2 or more security products installed
    1,050 use a leading security product or suite

    BUT

    1,100 people or more have one or more serious infection active on their PC. The most popular infections seen are:

    Bogus Antispyware Products including:
    Spyware Quake
    Spy Heal
    Spy Falcon

    Adware/Spyware Infections such as:
    Dollar Revenue
    Free Serials
    Virtumond

    Rootkit Infections like:
    Hacker Defender

    Premium Rate Dialers like:
    Global Access

    Trojans like:
    ECodec
    Winfixer

    Keyloggers and Password Stealers like:
    Brazilian Banker

    More than 600 users a day are using Prevx1 to remove ten or more infections and protect themsleves from reinfection.

    Graham should be applauded for bringing this issue to the public's attention. Existing security products are failing and people are blissfully unaware.

    Anti-virus Anonymous -- 18/07/07 (in reply to #120138418)

    So, why isn't more being done to protect consumers from these very real threats?
    It appears that the 'bad guys' are gaining, or have gained, the upper hand in the spyware, viruses war. It's comforting to know that our hard earned money is being spent on those products for absolutely nothing. What a waste. What good are anti-virus products if they aren't any good, and can't do the job?
    Security? It's lax, and needs to get much better, and the vendors need to get better at knowing what needs to be done to combat these ever growing threats.

    Ridiculous story Anonymous -- 23/07/06

    "So if you are running these pieces of software, eight out of 10 pieces of malicious code are going to get in"

    Wrong, wrong, wrong. Maybe 8 out of 10 would make it onto your machine if they reach your machine within the first couple days that they are "in the wild", but that represents a very small amount of occurrences. Most major anti-virus software is updated within the first couple days of a virus appearing and people's machines are updated and ready before viruses reach them.

    The way this whole article is written makes it seem like a waste to get anti-virus software. That's a bad message to send.

    Utter rubbish Mark Neary -- 25/07/06

    Publishing this kind of story just makes ZDNet authors look stupid and has frankly lowered my opinion of ZDNet in general. If the top 3 AV vendors who currently handle over 86% of the worlds AV protection were to let through 80% of malware and viruses, the worlds PCs would grind to a halt in no time. I doubt Mr Ingram enjoys having his words twisted in Kapersky marketing drive either.

    Bad ZDNet, go to your room.

    Not Necessarily... Anonymous -- 04/08/06 (in reply to #120138810)

    You fail to realize that MOST virus and spyware are not initially malicious. Most of them sit innocently (To the OS) and capture key strokes to log passwords and such, then send them to a remote machine.

    Your idea of a doomsday virus is far fetched. In the history of Windows computing, there have only been a few instances of an outright malicious attack on computers...

    Do some research... Then, get rid of Windows and install Linux or MAC. We don't worry about Virus' and Malware issues ;)

    Xofspy v Nortons Anonymous -- 24/12/06 (in reply to #120138810)

    I run Nortons antivirus and Xofspy both kept uptodate every night on my PCs. Norton's rarely detects anything (I don't get many viruses) whereas Xofspy frequently detects malware which go undetected by Nortons.

    I think the 80% figure is probably correct.

    Xofspy v nortons Anonymous -- 30/01/09 (in reply to #320072436)

    you have to understand that most people are just users and dont no if their antivirus is updating. Worms these days dont let AV up-date. Besides an average user will click on anything. The user will always be the WEEKIST link

    Mark Neary - Kaspersky Claims Anonymous -- 07/08/08 (in reply to #120138810)

    Do you doubt for a moment that Malware writters test there code before release? Do you doubt that they are too lazy to test it on anything other than the top 3 AV products? So on ZeroDay they must sail through that AV protection. You must note that he is talking specifically about "new malware". True the top 3 will soon get the updates out, but some poor saps had to get nailed first - bad luck for them :-(

    "I doubt Mr Ingram enjoys having his words twisted in Kapersky marketing drive either" seems a bit harsh. But then again, I've seen Mr Ingram's words expressed differently myself. How about this phrase that does not appear above "One vendor Ingram did mention was Russian outfit Kaspersky, which in the same tests managed to block around 90 percent of new malware." but does appear here: http://www.zdnet.com.au/blogs/securifythis/soa/Why-popular-antivirus-apps-do-not-work-/0,139033343,139264249,00.htm#talkback

    spy heal Anonymous -- 28/07/06

    I can't get rid of this stupid spyware even after running MS Defender Beta 2, and of course my own spyware (from CA via ISP).

    What to do?

    What to do? Anonymous -- 04/08/06 (in reply to #120139145)

    Get rid of Windows and go Linux or MAC; 2 OS's that don't have virus, malware, or other issues AT ALL...

    Thats a dumb answer Anonymous -- 24/12/06 (in reply to #120139486)

    If enough people were using Linux to make it worth using it would also be worth writing malware for and you would have just as many viruses on Linux.

    An even dumber answer Anonymous -- 20/11/07 (in reply to #320072432)

    The fundamental permissions structure of Linux (and Unix and BSD) makes viruses impossible. If there was any kind of infection, it could only affect the current user (not the whole system) and would have to have been given permission by the user to run!

    Windows, on the other hand, just runs anything it receives!

    Linux and MAC are immune to virus Peter Chan -- 21/02/08 (in reply to #320072432)

    I totally agree with this comment. NO one ever pay any attention or waste any effort to the 5 ~ 10% crowd. Any one hack into Main Frames any more?

    Is this really a valuable article? Anonymous -- 12/08/06

    Obviously it is childs play to defeat AV. AusCERT's current scare campaign is pretty ordinary for a 'professional' organisation. This is just Mr Ingram showing his ignorance and lack of ICT security background. Maybe he should move to selling used cars. Take away the AV packages and try to deal with what is left? The idea is to have the layers in place and AV is a layer and a relevant one given it is often slow to update. Maybe instead of complaining about ZDNet which do tend to have pretty poor stories we should move away from the reactive CERT communities who tend to spam us with more unwanted mail than the rest of the security community.

    linux won't always be safe jonathan -- 16/12/06 (in reply to #120139938)

    do u really think linux will be safe from viruses forever i don't think so although i use ubuntu linux i know i won't be safe forever.what then is the solution if antivirus companies are all missing viruses what can we do as the public.

    Graham got it wrong. The figures quoted are wrong. Anonymous -- 22/08/06

    Either Graham was misquoted in the article, or he got up on the wrong side of bed that day. The figures are here: http://www.cert.br/docs/palestras/certbr-auscert2006.pdf Go to page 21. You will see that the major vendors DETECT 80% of viruses, not miss them.

    No, those reading and commenting are wrong Anonymous -- 19/12/06 (in reply to #120140586)

    He never mentioned viruses....He mentioned 80% of "NEW MALWARE"...Usually Trojans, spyware, dialers, root kits, and other drive by downloaded crap and the like. Like unwanted toolbars and browser helper objects.

    He is about right according to what I find using other Spyware Removers and Anti-Spyware tools.

    I work on machines that have either Norton, MCAfee, AVG, and about 4-5 other AV products that show the machines clean upon run of the AV product as far as known viruses, but the machines are slow as molasses...But then run an online scan at Bit Defender.com (usually finds 5-10 infected files w/ known viruses on most machines and deletes those files) Run the following scumware removers; Adaware SE Personal, Bazooka Spyware Scanner, Spybot S&D 1.4, Install Spyware Blaster.exe, Use CCleaner.exe (clean, repair issues, and then clean up that Start Up folder), Run Rootkit revealer, and install BHO Demon (yeah, it is currently out of date, but it will also show all the Browser Helper Objects currently installed tho), Run HijackThis.exe, CWShredder to get rid of Cool WebSearch, then install BugOff.exe and turn all to DISABLED (NOTE: When using BUGOFF, read the effects for each category please!). Then there are a few other tools I use to get rid of very nasty Malware that may have been installed, but I can usually find the VERY WELL HIDDEN removal tools via simple research when found w/ 1 of the above SCUMWARE removers even if they can't remove it but point out it is installed. Bazooka usually finds some of the worst to remove junk & malware that the other do not, but Kephyr.com (God Bless His Soul), has manual removal instructions that the tool takes you to the web page of...And he'll help you if the removal instructions don't do the job. Don't forget to send him any files you might find...It helps him stay abreast of the advances, and therefore he helps us back by including the updated solutions.

    AND IMPORTANT*** Anonymous -- 19/12/06 (in reply to #320072309)

    Do not forget to run Win Updates & Install Windows Defender!

    I hope you can help since you're so knowledgeable-thanks Anonymous -- 20/01/07 (in reply to #320072309)

    Jan 20, 2007
    hi there, I'm a newbee on your site from the USA. a lady of 69 years with a computer problem. I've been researching viruses and trojans but can find nothing that remotely reminds me of what I may have on my puter.
    I am running WinXP Home w/ SP2 installed. My virus protection, I thought, is PC Security Shield software installed, but it can't seem to find the (maybe virus) or trojan, or whatever that's showed up in the past 3 weeks. there is what I call a whirlpool (how I found this website) or two flashing circles at the cursor point when aimed at certain icons. I know it is tracking what I do.
    I went to regedit, found all Hotbar.AdWare and deleted it from the register located in Search Assistanct folder.
    I also purchased and downloaded Spyware Detector which finds much spyware that I quarntine. The whirpool, or flashing circle shows on certain icons and when I go on the net, and even some on desktop icons. My year is almost up on the pc security shield and I don't plan to re-new because it isn't doing the job.
    can someone please advise and help me? I do thank you. the virus software will soon be up for re-newal but I don't intend to do that. if you know of a software that will work better, and I can afford it then my next purchase will buy it.
    Thanks, and please answer as soon as possible.
    Bonnie

    No, those reading and commenting are wrong Anonymous -- 19/12/06 (in reply to #120140586)

    He never mentioned viruses....He mentioned 80% of "NEW MALWARE"...Usually Trojans, spyware, dialers, root kits, and other drive by downloaded crap and the like. Like unwanted toolbars and browser helper objects.

    He is about right according to what I find using other Spyware Removers and Anti-Spyware tools.

    I work on machines that have either Norton, MCAfee, AVG, and about 4-5 other AV products that show the machines clean upon run of the AV product as far as known viruses, but the machines are slow as molasses...But then run an online scan at Bit Defender.com (usually finds 5-10 infected files w/ known viruses on most machines and deletes those files) Run the following scumware removers; Adaware SE Personal, Bazooka Spyware Scanner, Spybot S&D 1.4, Install Spyware Blaster.exe, Use CCleaner.exe (clean, repair issues, and then clean up that Start Up folder), Run Rootkit revealer, and install BHO Demon (yeah, it is currently out of date, but it will also show all the Browser Helper Objects currently installed tho), Run HijackThis.exe, CWShredder to get rid of Cool WebSearch, then install BugOff.exe and turn all to DISABLED (NOTE: When using BUGOFF, read the effects for each category please!). Then there are a few other tools I use to get rid of very nasty Malware that may have been installed, but I can usually find the VERY WELL HIDDEN removal tools via simple research when found w/ 1 of the above SCUMWARE removers even if they can't remove it but point out it is installed. Bazooka usually finds some of the worst to remove junk & malware that the other do not, but Kephyr.com (God Bless His Soul), has manual removal instructions that the tool takes you to the web page of...And he'll help you if the removal instructions don't do the job. Don't forget to send him any files you might find...It helps him stay abreast of the advances, and therefore he helps us back by including the updated solutions.

    what is the point...... Anonymous -- 12/04/08 (in reply to #320072310)

    After reading this I have to comment.

    I didn't buy this computer to work on I bought it to work with. seems that i spend more and more of my time trying to fix some new problem or run some new scan than working.

    your sugstions of no less than 7 or 8 things i should be using to "clean up" my computer only reinforces my thinking.

    Think I'll give up on mister Gates platform and go hide with the 10% of computers the info miners don't have time for...

    just my 2 cents

    Why popular antivirus apps 'do not work Anonymous -- 21/05/08

    Most computer users, most tech writers, and most hardware companies cannot think beyond the dollars the popular, topsellers put in their pockets. The most popular are Norton, McAfee, and Trend Micro, but AV-Comparatives list NOD32, kaspersky, and F-Secure as the top antiviruses. Users aren't off the hook. I use NOD32, Online Armor, and Sandboxie for defence because I am in several good online forums. In them I get advice from experts and ordinary users alike. Most users make no or little effort to educate themselves. Sites like BlackViper, even ISP sites too, tell users how to configure the OSs, but do users care to find and implement the info? I was asked why I didn't use the free McAfee from Comcast instead of NOD32 by one of their support techs. I explained that if a virus got thru their McAfee it would get thru mine. It should be obvious that one should use one different from the one that the ISP uses. I got that from an online security forum. I recommend that every user join Wilderssecurity, CastleCops, Computer Haven, BleepingComputer, Computer Hope, TechSupportGuy, the FreewareForum, or others for advice. Learn outside the box.

    VAS Thabit Alkhayat -- 19/07/08

    Viruses Armor System.

    In February 2007, a new challenge had been launched through local newspapers and hackers website.

    In Jan 2008, another challenge had been launched for the biggest and famous protection companies and famous hackers.

    The Antivirus Software Companies circulating in the markets require from their users to renew annually the copy. For example, if I have a copy of Norton Antivirus 2006, on 2007 I can not update the database unless I buy Norton Antivirus 2007, a matter that affects the user's budget.

    Virus Armor System (VAS)

    It is an antivirus system which acts against the old and future viruses and does not depend upon the virus print for combating viruses and malicious mobile codes that may attack the users as soon as opening his/ her e-mail and service files. So this system does not depend on any database; it is designed with a technology which has not being applied before in the other software. Therefore, it does not need any update of the database.

    The protection Strength in the VAS

    The Virus Armor System VAS

    It is a system that deals with viruses in a dynamic and innovative manner which is not applied in the world before. This system does not need updating.

    Database Update

    There is no database in the Virus Armor System; therefore there is no any fear of destruction or weakening such database. There is no need to update Virus Armor System when new viruses, Trojan hours, patch files or malicious mobile code scripts become known. The flexibility of Virus Armor System allows an organization to completely control all network desktop activity or allows individual users to govern their won activity.

    Phantom Category Viruses

    The Virus Armor System deals with viruses as environment, therefore the different types of viruses do not affect its protective action.

    Memory in Virus Armor System (VAS)

    The VAS does not occupy the Random Access Memory (RAM), so it does not affect the hardware speed and the other software operation, it works according to the electronic umbrella method.

    Electronic Fire Wall in VAS

    The VAS contains an electronic fire wall as it comprises the malicious mobile codes, Trojan and Patch that may attack the user at the opening of his/ her computer without any update.

    Comparison between VAS and Antivirus Circulating in the Market

    Range of Protection

    The anti-viruses software circulating in the market do not protect us from the viruses, except after the appearance of the same or when they attack us. Furthermore, they do not protect us except from viruses arriving to their laboratories and not from all viruses.

    Destruction of Database

    There are intelligent and dangerous viruses which the only function is to destroy the database of the antivirus or the electronic fire wall so as to enable any virus or patch to infiltrate. These intelligent viruses give the user the impression that the antivirus software is working perfectly, deceiving thus the user that the database is updated when the user requests updating the same.

    Weakness of he database

    There are viruses named differently according to the antivirus software company, although they are mainly one virus such as Plaster, a name given by MICROSOFT to the worm "Plaster" but Norton gives another name different than MacAfee.

    Phantom Category Viruses:

    Phantom viruses are considered as the more dangerous viruses that change their signature from time to time. So the antivirus software cannot easily recognize them.

    Update of Database:

    The antivirus software have to be continuously updated in order to enable the user to renew his/ her database in accordance with the database of the antivirus company. Such update may be in a daily or weekly basis.

    Memory:

    The antivirus software affect directly the capacity of the Memory which may have negative consequence upon the proper opera

    Remove All Malware/Spyware Anonymous -- 22/05/09

    you can download malwarebytes’ free from <a href="http://etvsoftware.com/Tools.aspx">ETV Software <<Click Here</a> Just click on the Anti-Malware Icon under maintenance tools and it will take you directly to the free download!! Worked Great for me!!!

Add your opinion

Latest Videos

Sponsored content

Power Centre - Content from our premier sponsors

Blogs

  • Suzanne Tindal IT: Govt's cost-cutting bitch
    The government needs to stop looking at IT as a necessary evil or the place to remove costs when the Treasurer comes calling.
  • Array Can complaints on mobile content be cut?
    On 1 July this year the new Mobile Premium Services Code was introduced. It sounds like it's had a good impact, but is it enough?
  • Array NZ farmers: Bleating about broadband
    As we know, farmers are such bleaters. They bleat as much as the four-legged woolly things in their paddocks. If it's not the weather, it's the strength of the dollar! Nothing is ever right. Likewise with rural broadband.
  • More blogs »

Tags

  1. 489 articles are tagged with 3g
  2. 41 articles are tagged with afact
  3. 83 articles are tagged with asic
  4. 141 articles are tagged with ato
  5. 1306 articles are tagged with broadband
  6. 14 articles are tagged with cenitex
  7. 670 articles are tagged with cio
  8. 253 articles are tagged with conroy
  9. 132 articles are tagged with contract
  10. 47 articles are tagged with david thodey
  11. 514 articles are tagged with dell
  12. 155 articles are tagged with exchange
  13. 152 articles are tagged with firewall
  14. 129 articles are tagged with fujitsu
  15. 53 articles are tagged with gnome
  16. 1033 articles are tagged with government
  17. 21 articles are tagged with hfc
  18. 790 articles are tagged with hp
  19. 1304 articles are tagged with ibm
  20. 222 articles are tagged with iinet
  21. 289 articles are tagged with isp
  22. 7 articles are tagged with jodee rich
  23. 13 articles are tagged with longhaus
  24. 35 articles are tagged with michael malone
  25. 1481 articles are tagged with microsoft
  26. 35 articles are tagged with mike quigley
  27. 51 articles are tagged with minchin
  28. 1127 articles are tagged with mobile
  29. 218 articles are tagged with national broadband network
  30. 395 articles are tagged with nbn
  31. 201 articles are tagged with new zealand
  32. 195 articles are tagged with nsw
  33. 61 articles are tagged with one.tel
  34. 929 articles are tagged with open source
  35. 884 articles are tagged with optus
  36. 20 articles are tagged with pipe networks
  37. 171 articles are tagged with queensland
  38. 2650 articles are tagged with security
  39. 53 articles are tagged with senate
  40. 69 articles are tagged with separation
  41. 9 articles are tagged with sp telemedia
  42. 176 articles are tagged with sydney
  43. 232 articles are tagged with telco
  44. 61 articles are tagged with telecom nz
  45. 2440 articles are tagged with telstra
  46. 138 articles are tagged with tender
  47. 25 articles are tagged with thodey
  48. 31 articles are tagged with tpg
  49. 176 articles are tagged with victoria
  50. 79 articles are tagged with wholesale

Back to top

Featured