This has nothing to do with the quality of the software or how long it takes the respective firms to update their clients with signatures and other malware countermeasures.
AV companies continue to refine their products and most will tell you they stopped relying on purely signature-based systems many years ago. These days they use all sorts of clever methods to try and detect suspicious behaviour but the problem is that malware authors are also very clever. Very, very clever.
On Wednesday, the general manager of Australia's Computer Emergency Response Team (AusCERT), Graham Ingram, described how the threat landscape has changed -- along with the skill of malware authors.
"We are getting code of a quality that is probably worthy of software engineers. Not application developers but software engineers," said Ingram.
However, the actual reason why the top selling antivirus applications don't work is because malware authors are specifically testing their Trojans and viruses to make sure they can bypass these applications before releasing them in the wild.
"The most popular brands of antivirus on the market… have an 80 percent miss rate… So if you are running these pieces of software, eight out of 10 pieces of malicious code are going to get in," said Ingram.
Although Ingram didn't mention any of the leading losers by name, Gartner's figures for 2005 show that Symantec is the clear leader with 53.6 percent of the market. McAfee and Trend own 18.8 percent and 13.8 percent of the market respectively.
One vendor Ingram did mention was Russian outfit Kaspersky, which in the same tests managed to block around 90 percent of new malware.
According to Gartner, Kaspersky's market share is a lowly 0.7 percent.
Most large firms already use more than one antivirus application but I wonder how many use two of the Symantec, McAfee and Trend trio?
If you do then I suggest investing in yet another -- but whatever you do, stay well away from the bestseller shelf.
--
Munir started working with ZDNet Australia in October 2004 after relocating from CNET Networks UK. He covers all aspects of security, from a CIO level risk management perspective to how administrators or individual users can deal with bugs in a software application.
Print this page
