Antivirus software, obsolete or still better than nothing?

Abysmal new findings have come out with the recent study conducted by cyber security firm Imperva. Antivirus software has gotten to a point of such infectivity that companies who purchase it are probably wasting their time and money.

Researchers have recently taken interest in questioning the protection that antivirus suites offer, and several reports of that ilk have come up as a result. The study Assessing the Effectiveness of Anti-Virus Solutions done for Imperva by the University of Tel Aviv is another rude awakening to this harsh reality.

According to an article published by Techworld, the team put 82 malware files through an online malware-checking system that puts files head to head with dozens of different antivirus suites. Shockingly, the detection rate was zero percent.

After that, the company ran the same scan different times that week to see if the antivirus suites’ detection rate ever improved over time—they didn’t. In fact, even the top products took a few weeks to add undetected samples to their systems. Some of the 82 files were marked as “unclassified malware,” which would decrease the efficiency of the virus removal.

Although there are a few highly regarded and recognized names in the antivirus software industry, the results show no correlation between popularity and ability.

Even more surprisingly, the study pointed toward two free antivirus suites—Avast and Emisoft. It also listed McAfee Antivirus as satisfactory.

So although the study had overall subpar results, why do businesses continue to buy licensed antivirus software? Most compliance departments have strict rules in this area. Imperva suggested that the requirements should be eased and that free products such as Avast and Emisoft should be doable instead, putting the money saved into some other way to up security measures.

Imperva established in the report, “To be clear, we don’t recommend eliminating antivirus.  We do, however, recommend rebalancing and modernizing security spend to meet today’s threats.”

The report further suggested that there was little return on investment for antivirus software, even though companies often spend a third of security budgets on it.

 “We cannot continue to invest billions of dollars into anti-virus solutions that provide the illusion of security, especially when freeware solutions outperform paid subscriptions,” concluded Imperva CTO Amichai Shulman.

David Litchfield, a leading database security expert who has written several books on hacking and IT Security qualifies the argument presented.

Although antivirus software isn’t for him, he does admit to a CSO blogger, “Knowing what is and what isn’t safe to do on a computer is 90 percent of the battle.”

So the study indicated that no antivirus software is all that fantastic. But in most cases, bad antivirus is better than no antivirus at all.

Anti-virus software can only go so far in protecting an enterprise’s valued data. Make sure your data is safe by finding the right IT Security professionals through Tiro Security, a leading provider of information security jobs Los Angeles.