Don’t worry about that new malware – your A/V program will take care of it (in about two weeks)

So I (try to remember to) end every post with a disclaimer which includes the phrase:

“no postings made on this blog should be interpreted as communications by, for or on behalf of, Cyveillance (though I may occasionally plug the extremely cool work we do and the fascinating, if occasionally frightening, research we openly publish.)”

Well, this is one of those times.   A couple of us have been working on this analysis for some time, and it’s finally been made public.

Cyveillance is already known for a paper put out twice a year.  It shows the abysmal detection rates for the security and anti-virus programs vs. the malware we discover being shoved at you  “in the wild” as of right now, e.g.  installed by drive-by download one minute ago when browsing a malicious link or infected page.

The question that comes up again and again whenever I speak to clients, partners or the press about these studies is “OK, but how far ahead of the curve is your discovery?  That is, are you protecting me an hour sooner than McAfee/Norton/etc.?  Or a month?” We’ve known the rough answer for a while now, but we put hard numbers to it.

From the company press release:

Cyveillance tested thirteen popular AV solutions2 to determine their detection rate over a 30 day period and found that popular solutions only detect an average of 18.9% of new malware attacks. By day eight, AV solutions average a 45.7% detection rate. This rises to 56.6% on day 15, 60.3% by day 22, and 61.7% after 30 days. Top AV solutions take an average of 11.6 days to catch up to new malware.

Gratuitous plug – get the full white paper here:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: