Why antivirus software cannot protect your computer….

Practically everyone relies on antivirus solutions to protect their systems against malware. This blog looks at just how reliable these solutions are against malware? In order to have some meaningful analysis, there’s a need to know the number of new malware per month and the percentage of antivirus efficiency.

Let’s start with establishing the number of malware per month. There are various numbers floating around the internet for this purpose, arbitrarily, let’s use the “Mcafee Labs Threats Report, Fourth Quarter 2013”. Quote from the referenced report:

“McAfee Labs records 200 new threats every minute—more than three every second.”

Let’s not worry about the number of malware not detected by McAfee Labs, just calculate the per month number from the quote:

200×60=12,000 (per hour)
12,000×24=288,000 (per day)
288,000×30=8,640,000 (per month)

That’s a huge number of malware that’s being churned out on the monthly basis as of end of 2013; the number of malware released on today’s date is probably greater. Antivirus, are you up to the task?

The efficiency of the antivirus is measured in the percentage of malware, that is detected, deleted, and/or quarantined. Generally, this percentage is between 95-99 percentile, meaning that it’ll detect most of the malware. Any of the solutions and/or testing sites claiming 100% detection rate for a given antivirus should be treated as bogus.
Let’s look at the different percentages, starting at 97%, and their impact to the number of malware that will not be detected, based on the calculated 8,640,000 new malware per month from the above:

av efficiency

Let’s not dwell on the fact that most malware routinely disables the antivirus solution at hand and/or just exempts itself from antivirus scanning. Nor should we be concerned that minor changes to a given malware would cause non-detection by antivirus solutions. Let’s just go with the best case scenario.

That would be 99.9% detection rate, that still let 288 malware slip through the antivirus protection. The sheer volume of new malware is pretty much the main culprit for the non-detection. Expecting the antivirus solution to provide 100% protection is beyond the capabilities of the software.

So, what can you do?

To start with, keep your antivirus and setup frequent automated update for the virus definition file. There’s nothing on the market that is recommended to replace antivirus solutions. But antivirus needs help…

Augment the antivirus solution with additional protection that can protect against malware, that is not detected by antivirus software. In another word, use layered security protection for your computer. The layer can be as simple as not running your computer with an administrator account. Doing so will prevent most malware to disable your antivirus software and allows it to perform its protective function. You’d be surprise to learn how many malware still relies on old malware routine, once the antivirus software is disabled.

You could also add Microsoft EMET and Winpatrol as additional layer of protection to your system. Even if you just use the default installation of this two free programs, you’ll be better off than most computer users, who just rely on antivirus to protect their systems.

And nowadays, that’s all you can ask for…