Home > General > Does free antivirus offer a false feeling of security?

Does free antivirus offer a false feeling of security?

November 13, 2009 Leave a comment Go to comments

Antivirus software is not the solution, antivirus software is part of the (defense in-depth) solution

Consider the results from the latest Anti-Virus comparative review for May 2009 against new malware, indicating that Microsoft’s OneCare achieved an Advanced+ rating (60% detection), putting it on the second position, with Symantec achieving a mere 35% detection rate — ironically a huge percentage of AV-Comparative’s visitors are running free antivirus software according to their voting poll.

Moreover, similar results can be seen in Virus Bulletin’s comparative review for April, 2009 (subscribers only), where OneCare once again outperforms Symantec.

Does this mean that free antivirus is in fact outperforming commercial applications? Given the dynamic nature of today’s threats, what’s true for a particular moment in time can become totally irrelevant at a future date. For instance, some real-time time statistics on antivirus rankings have the potential to offer an entirely different comparative view — free antivirus scanners again rank pretty well — which shouldn’t be considered as the primary benchmark when attempting to answer whether or not free antivirus offers a false feeling of security.

Both, commercial and free stand-alone antivirus scanners suffer from a similar weakness – they’re over-positioned in the mind of the average Internet user. This over-positioning results in higher expectations which on the other hand results in lack of security awareness on what an antivirus scanner can, and cannot protect against (Secunia: popular security suites failing to block exploits).

Cybercriminals have been tricking signature based scanning engines for years, and their quality assurance practices are becoming even more professional and automated through the user of underground versions of popular community services such as VirusTotal, or by using multiple offline virus scanning engines before a campaign is launched. Similar services attempting to verify whether or not their malware sample will bypass popular personal firewalls are also known to be available on demand.

Therefore, fighting the battle on the signature scanning front isn’t exactly the wisest choice. This is where the stand-alone antivirus, a free or commercial version of it, becomes part of the defense in-depth solution.

Through a combination of a fully patched operating system running the latest versions of the software installed (Secunia: Average insecure program per PC rate remains high), least privilege accounts (Report: 92% of critical Microsoft vulnerabilities mitigated by Least Privilege accounts) and a well-configured personal firewall (Matousec’s Proactive Security Challenge), a huge percentage of the malware pushed through client-side exploits may in fact never reach the antivirus scanner.

That’s of course only if you exclude the fact that “there’s no patch for human stupidity” in the sense that social engineering in the form of fake codecs/videos and poisoned search results continue tricking users into on purposely disabling the security solutions that they had at the first place.

Categories: General
  1. November 24, 2009 at 4:30 PM

    on my mind not free antiviruses – more effective. Developers have money for work. it’s important.

  2. June 15, 2010 at 2:11 AM

    I am loving it!! Will come back again – taking you feeds also, Thanks.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: