Great Debate 11am ET/8am PT PC homebrewing and white-boxing: Dead or alive?

Topic: Symantec

Eighty percent of new malware defeats antivirus

Summary: The most popular antivirus applications on the market are rendered useless by around 80 percent of new malware, according to AusCERT.At a security breakfast hosted by e-mail security firm Messagelabs in Sydney on Wednesday, the general manager of the Australian Computer Emergency Response Team (AusCERT), Graham Ingram, told the audience that popular desktop antivirus applications "don't work".

Munir Kotadia

By Munir Kotadia |

The most popular antivirus applications on the market are rendered useless by around 80 percent of new malware, according to AusCERT.

At a security breakfast hosted by e-mail security firm Messagelabs in Sydney on Wednesday, the general manager of the Australian Computer Emergency Response Team (AusCERT), Graham Ingram, told the audience that popular desktop antivirus applications "don't work".

"At the point we see it as a CERT, which is very early on -- the most popular brands of antivirus on the market ... have an 80 percent miss rate. That is not a detection rate that is a miss rate.

"So if you are running these pieces of software, eight out of 10 pieces of malicious code are going to get in," said Ingram.

Ingram, who refused to name any specific companies, was quick to point that this was due to cybercriminals designing their Trojans and viruses to bypass detection rather than a defective product.

"I am not suggesting that there is a difference in the quality of the antivirus products themselves. What is happening is that the bad guys, the criminals, are testing their malicious code against the antivirus products to make sure they are undetectable. This is not a representation of the software," said Ingram.

Although less popular antivirus applications are more likely to pick up new malware, Ingram said that the average level of new malware that is undetected is 60 percent, which is "worrying".

"What do most people have as protection for their client machines? I would suggest it is antivirus. You are lucky if you have antispyware. So they are attacking a machine that is protected by a piece of software that is not working.

"This is the dilemma that is building up here and the success rate is becoming quite worrying," added Ingram.

Topics: Symantec, Collaboration, Malware, Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Contact

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

28 comments
Log in or register to join the discussion

  • Suprise Suprise

    Wait, I a few weeks the Anti Virus corps will be selling a "malware" add on component for $39.99.

    Stop wasting all of your money on Microsoft and Antivirus and start using Linux.

    (Unless you are a gamer)
    anonymous
    Reply Vote

  • Rootkits & Anti-Virus

    A lot of Anti-virus software does not have the ability of finding rootkits. The rootkits then allow the malware to bypass the Anti-virus software.
    anonymous
    Reply Vote

  • People Often Think Their PCs Are Clean While Spyware Is Active On Their System

    Sadly, while some may contest the 80% miss rate Graham's point is absolute. A very high proportion of modern spyware products bypass top antivirus and antispyware products as if they didn't exist. As a result large numbers of PC users have trojans, spyware, adware, keyloggers and root kits alread installed on their system. EVEN THOUGH their security product is bang up to date and says their systems are clean.

    It is important that the consumer and corporate use base wake up to the threat that this poses. As CEO of Prevx Limited I am astounded by the extent by which leading security products are failing to detect or failing to remove serious threats such as SpywareQuake, Spy Heal, Dollar Revenue, Global Access, Hacker Defender Root Kits and many more.

    Here are the headline stats based on 2,000 or so new users who download and activate Prevx1 each and every day.

    2,000 users a day

    450 have no security at all
    350 use a free security product
    150 have 2 or more security products installed
    1,050 use a leading security product or suite

    BUT

    1,100 people or more have one or more serious infection active on their PC. The most popular infections seen are:

    Bogus Antispyware Products including:
    Spyware Quake
    Spy Heal
    Spy Falcon

    Adware/Spyware Infections such as:
    Dollar Revenue
    Free Serials
    Virtumond

    Rootkit Infections like:
    Hacker Defender

    Premium Rate Dialers like:
    Global Access

    Trojans like:
    ECodec
    Winfixer

    Keyloggers and Password Stealers like:
    Brazilian Banker

    More than 600 users a day are using Prevx1 to remove ten or more infections and protect themsleves from reinfection.

    Graham should be applauded for bringing this issue to the public's attention. Existing security products are failing and people are blissfully unaware.
    anonymous
    Reply Vote

  • Ridiculous story

    "So if you are running these pieces of software, eight out of 10 pieces of malicious code are going to get in"

    Wrong, wrong, wrong. Maybe 8 out of 10 would make it onto your machine if they reach your machine within the first couple days that they are "in the wild", but that represents a very small amount of occurrences. Most major anti-virus software is updated within the first couple days of a virus appearing and people's machines are updated and ready before viruses reach them.

    The way this whole article is written makes it seem like a waste to get anti-virus software. That's a bad message to send.
    anonymous
    Reply Vote

  • Utter rubbish

    Publishing this kind of story just makes ZDNet authors look stupid and has frankly lowered my opinion of ZDNet in general. If the top 3 AV vendors who currently handle over 86% of the worlds AV protection were to let through 80% of malware and viruses, the worlds PCs would grind to a halt in no time. I doubt Mr Ingram enjoys having his words twisted in Kapersky marketing drive either.

    Bad ZDNet, go to your room.
    anonymous
    Reply Vote

  • spy heal

    I can't get rid of this stupid spyware even after running MS Defender Beta 2, and of course my own spyware (from CA via ISP).

    What to do?
    anonymous
    Reply Vote

  • What to do?

    Get rid of Windows and go Linux or MAC; 2 OS's that don't have virus, malware, or other issues AT ALL...
    anonymous
    Reply Vote

  • Not Necessarily...

    You fail to realize that MOST virus and spyware are not initially malicious. Most of them sit innocently (To the OS) and capture key strokes to log passwords and such, then send them to a remote machine.

    Your idea of a doomsday virus is far fetched. In the history of Windows computing, there have only been a few instances of an outright malicious attack on computers...

    Do some research... Then, get rid of Windows and install Linux or MAC. We don't worry about Virus' and Malware issues ;)
    anonymous
    Reply Vote

  • Is this really a valuable article?

    Obviously it is childs play to defeat AV. AusCERT's current scare campaign is pretty ordinary for a 'professional' organisation. This is just Mr Ingram showing his ignorance and lack of ICT security background. Maybe he should move to selling used cars. Take away the AV packages and try to deal with what is left? The idea is to have the layers in place and AV is a layer and a relevant one given it is often slow to update. Maybe instead of complaining about ZDNet which do tend to have pretty poor stories we should move away from the reactive CERT communities who tend to spam us with more unwanted mail than the rest of the security community.
    anonymous
    Reply Vote

  • Graham got it wrong. The figures quoted are wrong.

    Either Graham was misquoted in the article, or he got up on the wrong side of bed that day. The figures are here: http://www.cert.br/docs/palestras/certbr-auscert2006.pdf Go to page 21. You will see that the major vendors DETECT 80% of viruses, not miss them.
    anonymous
    Reply Vote

  • linux won't always be safe

    do u really think linux will be safe from viruses forever i don't think so although i use ubuntu linux i know i won't be safe forever.what then is the solution if antivirus companies are all missing viruses what can we do as the public.
    anonymous
    Reply Vote

  • No, those reading and commenting are wrong

    He never mentioned viruses....He mentioned 80% of "NEW MALWARE"...Usually Trojans, spyware, dialers, root kits, and other drive by downloaded crap and the like. Like unwanted toolbars and browser helper objects.

    He is about right according to what I find using other Spyware Removers and Anti-Spyware tools.

    I work on machines that have either Norton, MCAfee, AVG, and about 4-5 other AV products that show the machines clean upon run of the AV product as far as known viruses, but the machines are slow as molasses...But then run an online scan at Bit Defender.com (usually finds 5-10 infected files w/ known viruses on most machines and deletes those files) Run the following scumware removers; Adaware SE Personal, Bazooka Spyware Scanner, Spybot S&D 1.4, Install Spyware Blaster.exe, Use CCleaner.exe (clean, repair issues, and then clean up that Start Up folder), Run Rootkit revealer, and install BHO Demon (yeah, it is currently out of date, but it will also show all the Browser Helper Objects currently installed tho), Run HijackThis.exe, CWShredder to get rid of Cool WebSearch, then install BugOff.exe and turn all to DISABLED (NOTE: When using BUGOFF, read the effects for each category please!). Then there are a few other tools I use to get rid of very nasty Malware that may have been installed, but I can usually find the VERY WELL HIDDEN removal tools via simple research when found w/ 1 of the above SCUMWARE removers even if they can't remove it but point out it is installed. Bazooka usually finds some of the worst to remove junk & malware that the other do not, but Kephyr.com (God Bless His Soul), has manual removal instructions that the tool takes you to the web page of...And he'll help you if the removal instructions don't do the job. Don't forget to send him any files you might find...It helps him stay abreast of the advances, and therefore he helps us back by including the updated solutions.
    anonymous
    Reply Vote

  • No, those reading and commenting are wrong

    He never mentioned viruses....He mentioned 80% of "NEW MALWARE"...Usually Trojans, spyware, dialers, root kits, and other drive by downloaded crap and the like. Like unwanted toolbars and browser helper objects.

    He is about right according to what I find using other Spyware Removers and Anti-Spyware tools.

    I work on machines that have either Norton, MCAfee, AVG, and about 4-5 other AV products that show the machines clean upon run of the AV product as far as known viruses, but the machines are slow as molasses...But then run an online scan at Bit Defender.com (usually finds 5-10 infected files w/ known viruses on most machines and deletes those files) Run the following scumware removers; Adaware SE Personal, Bazooka Spyware Scanner, Spybot S&D 1.4, Install Spyware Blaster.exe, Use CCleaner.exe (clean, repair issues, and then clean up that Start Up folder), Run Rootkit revealer, and install BHO Demon (yeah, it is currently out of date, but it will also show all the Browser Helper Objects currently installed tho), Run HijackThis.exe, CWShredder to get rid of Cool WebSearch, then install BugOff.exe and turn all to DISABLED (NOTE: When using BUGOFF, read the effects for each category please!). Then there are a few other tools I use to get rid of very nasty Malware that may have been installed, but I can usually find the VERY WELL HIDDEN removal tools via simple research when found w/ 1 of the above SCUMWARE removers even if they can't remove it but point out it is installed. Bazooka usually finds some of the worst to remove junk & malware that the other do not, but Kephyr.com (God Bless His Soul), has manual removal instructions that the tool takes you to the web page of...And he'll help you if the removal instructions don't do the job. Don't forget to send him any files you might find...It helps him stay abreast of the advances, and therefore he helps us back by including the updated solutions.
    anonymous
    Reply Vote

  • AND IMPORTANT***

    Do not forget to run Win Updates & Install Windows Defender!
    anonymous
    Reply Vote

  • Thats a dumb answer

    If enough people were using Linux to make it worth using it would also be worth writing malware for and you would have just as many viruses on Linux.
    anonymous
    Reply Vote

  • Xofspy v Nortons

    I run Nortons antivirus and Xofspy both kept uptodate every night on my PCs. Norton's rarely detects anything (I don't get many viruses) whereas Xofspy frequently detects malware which go undetected by Nortons.

    I think the 80% figure is probably correct.
    anonymous
    Reply Vote

  • I hope you can help since you're so knowledgeable-thanks

    Jan 20, 2007
    hi there, I'm a newbee on your site from the USA. a lady of 69 years with a computer problem. I've been researching viruses and trojans but can find nothing that remotely reminds me of what I may have on my puter.
    I am running WinXP Home w/ SP2 installed. My virus protection, I thought, is PC Security Shield software installed, but it can't seem to find the (maybe virus) or trojan, or whatever that's showed up in the past 3 weeks. there is what I call a whirlpool (how I found this website) or two flashing circles at the cursor point when aimed at certain icons. I know it is tracking what I do.
    I went to regedit, found all Hotbar.AdWare and deleted it from the register located in Search Assistanct folder.
    I also purchased and downloaded Spyware Detector which finds much spyware that I quarntine. The whirpool, or flashing circle shows on certain icons and when I go on the net, and even some on desktop icons. My year is almost up on the pc security shield and I don't plan to re-new because it isn't doing the job.
    can someone please advise and help me? I do thank you. the virus software will soon be up for re-newal but I don't intend to do that. if you know of a software that will work better, and I can afford it then my next purchase will buy it.
    Thanks, and please answer as soon as possible.
    Bonnie
    anonymous
    Reply Vote

  • Anti-virus

    So, why isn't more being done to protect consumers from these very real threats?
    It appears that the 'bad guys' are gaining, or have gained, the upper hand in the spyware, viruses war. It's comforting to know that our hard earned money is being spent on those products for absolutely nothing. What a waste. What good are anti-virus products if they aren't any good, and can't do the job?
    Security? It's lax, and needs to get much better, and the vendors need to get better at knowing what needs to be done to combat these ever growing threats.
    anonymous
    Reply Vote

  • An even dumber answer

    The fundamental permissions structure of Linux (and Unix and BSD) makes viruses impossible. If there was any kind of infection, it could only affect the current user (not the whole system) and would have to have been given permission by the user to run!

    Windows, on the other hand, just runs anything it receives!
    anonymous
    Reply Vote

  • Linux and MAC are immune to virus

    I totally agree with this comment. NO one ever pay any attention or waste any effort to the 5 ~ 10% crowd. Any one hack into Main Frames any more?
    anonymous
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close