The anti-virus industry has a dirty little secret: Its products are often not very good at stopping viruses. Consumers and businesses spend billions of dollars every year on anti-virus software. But these programmes rarely, if ever, block freshly-minted computer viruses, experts say, because the virus creators move too quickly. That is prompting start-ups and other companies to get creative about new approaches to computer security.
"The bad guys are always trying to be a step ahead," said Matthew D Howard, a venture capitalist at Norwest Venture Partners who previously set up the security strategy at Cisco Systems. "And it doesn't take a lot to be a step ahead."
Computer viruses used to be the domain of digital mischief-makers. But in the mid-2000s, when criminals discovered that malicious software could be profitable, the number of new viruses began
to grow exponentially. In 2000, there were fewer than one million new
strains of malware, most of them the work of amateurs. By 2010, there
were 49 million new strains, according to AV-Test,
a German research institute that tests anti-virus products. The
anti-virus industry has grown as well, but experts say it is falling
behind. By the time its products are able to block new viruses, it is
often too late. The bad guys have had their fun, siphoning out a
company's trade secrets, erasing data or emptying a consumer's bank
account.
A
new study by Imperva, a data security firm in Redwood City, California,
and students from the Technion-Israel Institute of Technology is the
latest confirmation of this. Amichai Shulman, Imperva's chief technology
officer, and a group of researchers collected and analysed 82 new
computer viruses and put them up against more than 40 anti-virus
products, made by top companies like Microsoft, Symantec, McAfee and
Kaspersky Lab. They found that the initial detection rate was less than
5%.
On average, it took almost a month for anti-virus products to
update their detection mechanisms and spot the new viruses. And two of
the products with the best detection rates - Avast and Emsisoft - are
available free; users are encouraged to pay for additional features.
This despite the fact that consumers and businesses spent a combined
$7.4 billion on anti-virus software last year - nearly half of the $17.7
billion spent on security software in 2011, according to Gartner.
"Existing
methodologies we've been protecting ourselves with have lost their
efficacy," said Ted Schlein, a security-focused investment partner at
Kleiner Perkins Caufield & Byers. "This study is just another
indicator of that. But the whole concept of detecting what is bad is a
broken concept."
Part
of the problem is that anti-virus products are inherently reactive.
Just as medical researchers have to study a virus before they can create
a vaccine, anti-virus makers must capture a computer virus, take it
apart and identify its "signature" - unique signs in its code - before
they can write a programme that removes it.
That process can take
as little as a few hours or as long as several years. In May,
researchers at Kaspersky Lab discovered Flame, a complex piece of malware that
had been stealing data from computers for an estimated five years.
Mikko H Hypponen, chief researcher at F-Secure, called Flame "a
spectacular failure" for the anti-virus industry. "We really should have
been able to do better," he wrote in an essay for Wired.com after
Flame's discovery. "But we didn't. We were out of our league in our own
game."Symantec and McAfee, which built their businesses on anti-virus products, have begun to acknowledge their limitations and to try new approaches. The word "anti-virus" does not appear once on their home pages. Symantec rebranded its popular anti-virus packages: Its consumer product is now called Norton Internet Security, and its corporate offering is now Symantec Endpoint Protection.
No comments:
Post a Comment