Browse archive

Latest news

Targeted data stealing attacks using fake attachments

A look into the EC Council hack

New Mac spyware signed with legitimate Apple Developer ID

Ransomware adds password stealing to its arsenal

"Get free followers" scam targets Instagram users

Thoughts on the need for anonymity

Four LulzSec hackers handed prison sentences

The New Yorker launches anonymous dead-drop tool

Researchers reveal OpUSA attackers' MO

Info-stealing Dorkbot worm spreading on Facebook

Review: The Hacker's Guide to OS X

Private messages of Bloomberg clients end up online

IT security jobs: What's in demand and how to meet it

Hacking charge stations for electric cars

32% of computers with AV protection are infected

Posted on 10.02.2010

A SurfRight report shows statistics that give credibility to the lately popular opinion that one anti-virus solution is no longer enough to be sure your computer isn't infected.

The effectiveness of most anti-virus solutions relies still on the quality of the virus signatures, and sometimes on the heuristics capabilities of the programs. Aided by its partners, SurfRight had the idea of bundling up 7 anti-virus engines that have at their disposal an equal amount of anti-virus databases. They called it Hitman Pro 3.

The statistics that they presented regard a little over 100,000 users that have run their anti-virus solution during 55 days at the end of 2009. Granted that the users that downloaded and ran it were more likely to be infected, since they expect an infection (maybe their computer is running more slowly) or want a second opinion, so incidence of infection might be a little higher than usual. Nevertheless, it still illustrates the point - having an anti-virus solution doesn't guarantee safety.

Taking all that into consideration, here are the results they came up with:

The bottom line is: 32% of the computers with AV protection are infected.

Another good news is that the latest Windows Security Pack (no matter which version of the OS) always shows in a security advantage.

The list of top five malware that their solution encountered goes like this: Generic (all kinds of different malware), FakeAV (all kinds of rogue anti-virus/antispyware software), TDSS/Alureon, Delf and Virut. Here's a note to security researchers: what are the features that allow these to pass under the radar? This issue is worth a closer examination. SurfRight lists probable causes:

Rootkit behavior
Polymorphic malware
Polymorphic file infector viruses
Load, priorities and efficiency of malware research and response teams at AV vendors

The TDSS/Alureon rootkit, which resides on the third place of the aforementioned malware top list, was used as an example to demonstrate the findings. Although it has been around for quite some time, it is particularly apt at avoiding AV products. Here is how they fared:

Their conclusion? "Do not rely on just one protective layer to defend your data and privacy. Install a proper spam filter, update your web browser and make sure you have enabled the firewall on your computer or router. Always install the latest Service Pack, the latest software updates and keep your AV product up-to-date. And ideally, periodically run a second opinion scan with one or more alternative AV software."

To read the entire report with complete statistics, go here.