Percentage of Viiruses not blocked

brightwell_151 · External Since: Jan 29, 2009 Posts: 1

Hello All,

Are there any ballpark figures for the number of viruses that are
blocked by the most common commercial and freeware AV products.

I'm just trying to manage the expectations of the IT and Management
teams who appear to assume that you can put in AV and it blocks all
Viruses that have ever been found.

Or... maybe I'm wrong... I'm of the understanding that to keep the
signature file manageable they must drop off the older and least often
seen signatures and also even the newer attakcs may not get in if they
are not widespread.

So does anyone have a feel for what percentage of 'known' viruses
(albeit maybe not widespread) are not blocked by the signature file or
heuristic capability of the most common AV products?

Many thanks if you have this info

Regards,

Brightwell

1PW · External Since: Jan 23, 2009 Posts: 12

On 01/29/2009 08:11 AM, brightwell_151 RemoveThis @yahoo.co.uk sent:
> Hello All,
>
> Are there any ballpark figures for the number of viruses that are
> blocked by the most common commercial and freeware AV products.
>
> I'm just trying to manage the expectations of the IT and Management
> teams who appear to assume that you can put in AV and it blocks all
> Viruses that have ever been found.

What could possibly be their collective alternative?

> Or... maybe I'm wrong... I'm of the understanding that to keep the
> signature file manageable they must drop off the older and least often
> seen signatures and also even the newer attacks may not get in if they
> are not widespread.
>
> So does anyone have a feel for what percentage of 'known' viruses
> (albeit maybe not widespread) are not blocked by the signature file or
> heuristic capability of the most common AV products?

<http://mtc.sri.com/live_data/av_rankings/>

> Many thanks if you have this info
>
> Regards,
>
> Brightwell

Of course viruses should not be their singular worry. Creating the
safest environment, getting & keeping your systems secure and the never
ending education of their users should be.

Best wishes to you.

Pete
--
1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

David H. Lipman · External Since: Jul 04, 2003 Posts: 2245

From:

| Hello All,

| Are there any ballpark figures for the number of viruses that are
| blocked by the most common commercial and freeware AV products.

| I'm just trying to manage the expectations of the IT and Management
| teams who appear to assume that you can put in AV and it blocks all
| Viruses that have ever been found.

| Or... maybe I'm wrong... I'm of the understanding that to keep the
| signature file manageable they must drop off the older and least often
| seen signatures and also even the newer attakcs may not get in if they
| are not widespread.

| So does anyone have a feel for what percentage of 'known' viruses
| (albeit maybe not widespread) are not blocked by the signature file or
| heuristic capability of the most common AV products?

| Many thanks if you have this info

| Regards,

| Brightwell

That's a hard question to quantify.

First, lets steer away from the word "viruses". That's a limited scope of malware so lets
use the overarching term "malware".

Second this may vary from company to company.

A company like McAfee keeps their respective signatures growing. As far as I know they
haven't dropped any malware. The Jerusalem.B should be detected Today as it was in in
'91. I can't say the same for a company like Trend Micro.

A company like McAfee might be excellent at legacy malware but is not as good on the most
current malware. A company like Comodo might be better at current malware but not as good
in legacy malware.

Thus even a ballpark figure can not be derived.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

John Coutts · External Since: Jul 10, 2004 Posts: 103

In article ,
brightwell_151 DeleteThis @yahoo.co.uk says...
>
>Hello All,
>
>Are there any ballpark figures for the number of viruses that are
>blocked by the most common commercial and freeware AV products.
>
>I'm just trying to manage the expectations of the IT and Management
>teams who appear to assume that you can put in AV and it blocks all
>Viruses that have ever been found.
>
>Or... maybe I'm wrong... I'm of the understanding that to keep the
>signature file manageable they must drop off the older and least often
>seen signatures and also even the newer attakcs may not get in if they
>are not widespread.
>
>So does anyone have a feel for what percentage of 'known' viruses
>(albeit maybe not widespread) are not blocked by the signature file or
>heuristic capability of the most common AV products?
>
>Many thanks if you have this info
>
>Regards,
>
>Brightwell
************ REPLY SEPARATER *************
AV software is a good backstop, but there is no replacement for common sense
and good operating practice. All AV software will fail at one time or another,
The most vulnerable time is when a new piece of malware is first released into
the wild. It takes time to identify a virus, and produce and distribute the
signatures. I have a dozen or more on file that were detectable in the first
few days by a very small percentage of AV manufacturers. These are for the most
part Trojan Downloaders that have a tendency to morph every few days, making it
difficult for the AV manufacturers to keep up.

J.A. Coutts

1PW · External Since: Jan 23, 2009 Posts: 12

On 01/29/2009 04:52 PM, John Coutts sent:
> In article ,
> brightwell_151.TakeThisOut@yahoo.co.uk says...
>> Hello All,
>>
>> Are there any ballpark figures for the number of viruses that are
>> blocked by the most common commercial and freeware AV products.
>>
>> I'm just trying to manage the expectations of the IT and Management
>> teams who appear to assume that you can put in AV and it blocks all
>> Viruses that have ever been found.
>>
>> Or... maybe I'm wrong... I'm of the understanding that to keep the
>> signature file manageable they must drop off the older and least often
>> seen signatures and also even the newer attakcs may not get in if they
>> are not widespread.
>>
>> So does anyone have a feel for what percentage of 'known' viruses
>> (albeit maybe not widespread) are not blocked by the signature file or
>> heuristic capability of the most common AV products?
>>
>> Many thanks if you have this info
>>
>> Regards,
>>
>> Brightwell
> ************ REPLY SEPARATER *************
> AV software is a good backstop, but there is no replacement for common sense
> and good operating practice. All AV software will fail at one time or another,
> The most vulnerable time is when a new piece of malware is first released into
> the wild. It takes time to identify a virus, and produce and distribute the
> signatures. I have a dozen or more on file that were detectable in the first
> few days by a very small percentage of AV manufacturers. These are for the most
> part Trojan Downloaders that have a tendency to morph every few days, making it
> difficult for the AV manufacturers to keep up.
>
> J.A. Coutts

The above is /so/ true. I've witnessed situations where failure to
check for the latest signatures caused up to several man days of
restoration effort.

Pete
--
1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]