Antivirus software doesn't deter hackers

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://triblive.com/business/headlines/4814579-74/antivirus-malware-software#axzz2guR991Ax

At a time when millions of computer users face increasingly sophisticated
cyberattacks, the antivirus software they rely on to keep their information
safe frequently fails to do the job.

Of 45 pieces of malware that lingered on the New York Times computer
systems for a third of a year, just one was spotted by its antivirus
software, the newspaper disclosed in January. That same month, security
company Kaspersky disclosed a global data-stealing scheme had evaded
detection by antivirus products for five years.

Such examples are becoming alarmingly common. Recent studies have found
much of the malware-fighting software on the market is virtually useless
against the growing onslaught of attacks.

“Every couple of months you see there's this major virus outbreak that
everybody missed,” said Jeremiah Grossman of Santa Clara, Calif.-based
WhiteHat Security. “The cards are stacked in the bad guys' favor.”

With global spending on antivirus products expected to hit $8.4 billion
this year, according to research firm Gartner, he added, “people are paying
good money to be less secure.”

Campbell, Calif.-based ClickAway's stores repair about 60 infected
computers a day, and about two-thirds of them have antivirus software on
the machines, said Executive Vice President Oliver Rowen. Jeremy Prader,
who sees similar problems at his San Jose, Calif., computer repair
business, The Cheap Squad, added that the crooks “are coming up with
something new every day.”

Indeed, Kaspersky says it encounters about 200,000 new malware varieties
daily compared with only about 25 per day in 1994, 700 in 2006 and 7,000 in
2011.

That's a big problem because antivirus products mostly spot known malware,
not new forms. Plus, hackers have gotten more devious, said Wade Williamson
of security firm Palo Alto Networks, noting that sophisticated crooks can
disable antivirus software while making it appear the software is still
working. Other experts say hackers routinely fine-tune their malware
against antivirus products to make their code harder to detect.

Antivirus comparison tests vary widely, but some have found grave
weaknesses.

Of 11 commonly used security programs tested last year by Texas-based NSS
Labs, most were found to be “not providing adequate protection,” and even
updated versions failed to spot malware that had been rampant for years.

When Palo Alto Networks this year scanned about 70,000 malware varieties
with a half-dozen antivirus products, it found about 40 percent “were not
detected.”

A study of 42 antivirus products last year by Imperva of Redwood City,
Calif., and the Technion-Israel Institute of Technology determined that the
initial detection rate of a newly created virus is less than 5 percent.

Many experts say having the software is better than nothing and that
computer users often invite malware by letting their antivirus service
lapse.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.