Percentage of Viiruses not blocked

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hello All,

Are there any ballpark figures for the number of viruses that are
blocked by the most common commercial and freeware AV products.

I'm just trying to manage the expectations of the IT and Management
teams who appear to assume that you can put in AV and it blocks all
Viruses that have ever been found.

Or... maybe I'm wrong... I'm of the understanding that to keep the
signature file manageable they must drop off the older and least often
seen signatures and also even the newer attakcs may not get in if they
are not widespread.

So does anyone have a feel for what percentage of 'known' viruses
(albeit maybe not widespread) are not blocked by the signature file or
heuristic capability of the most common AV products?

Many thanks if you have this info

Regards,

Brightwell

Re: Percentage of Viruses not blocked

On 01/29/2009 08:11 AM, brightwell_151@yahoo.co.uk sent:
Quoted text here. Click to load it

 What could possibly be their collective alternative?

Quoted text here. Click to load it

             <http://mtc.sri.com/live_data/av_rankings/

Quoted text here. Click to load it

Of course viruses should not be their singular worry.  Creating the
safest environment, getting & keeping your systems secure and the never
ending education of their users should be.

Best wishes to you.

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: Percentage of Viiruses not blocked


| Hello All,

| Are there any ballpark figures for the number of viruses that are
| blocked by the most common commercial and freeware AV products.

| I'm just trying to manage the expectations of the IT and Management
| teams who appear to assume that you can put in AV and it blocks all
| Viruses that have ever been found.

| Or... maybe I'm wrong... I'm of the understanding that to keep the
| signature file manageable they must drop off the older and least often
| seen signatures and also even the newer attakcs may not get in if they
| are not widespread.

| So does anyone have a feel for what percentage of 'known' viruses
| (albeit maybe not widespread) are not blocked by the signature file or
| heuristic capability of the most common AV products?

| Many thanks if you have this info

| Regards,

| Brightwell

That's a hard question to quantify.

First, lets steer away from the word "viruses".  That's a limited scope of
malware so lets
use the overarching term "malware".

Second this may vary from company to company.

A company like McAfee keeps their respective signatures growing.  As far as I
know they
haven't dropped any malware.  The Jerusalem.B should be detected Today as it was
in in
'91.  I can't say the same for a company like Trend Micro.

A company like McAfee might be excellent at legacy malware but is not as good on
the most
current malware.  A company like Comodo might be better at current malware but
not as good
in legacy malware.

Thus even a ballpark figure can not be derived.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Percentage of Viiruses not blocked

brightwell_151@yahoo.co.uk says...
Quoted text here. Click to load it
************ REPLY SEPARATER *************
AV software is a good backstop, but there is no replacement for common sense
and good operating practice. All AV software will fail at one time or another,
The most vulnerable time is when a new piece of malware is first released into
the wild. It takes time to identify a virus, and produce and distribute the
signatures. I have a dozen or more on file that were detectable in the first
few days by a very small percentage of AV manufacturers. These are for the most
part Trojan Downloaders that have a tendency to morph every few days, making it
difficult for the AV manufacturers to keep up.

J.A. Coutts


Re: Percentage of Viiruses not blocked

On 01/29/2009 04:52 PM, John Coutts sent:
Quoted text here. Click to load it

The above is /so/ true.  I've witnessed situations where failure to
check for the latest signatures caused up to several man days of
restoration effort.

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Site Timeline