AV efficacy rates against known malware can be as low as 34 percent
SANTA CLARA, Calif., April 15, 2019 /PRNewswire/ -- Nyotron, provider of the industry's first OS-Centric Positive Security solution to strengthen endpoint protection, today published the results of its study of the efficacy of leading antivirus (AV) solutions against known malware, including samples that first appeared over 20 years ago, such as 2001's infamous ILOVEYOU virus. The top findings: even for decades-old malware, detection rarely lives up to vendors' claims of 99.9% efficacy, and that rate drops dramatically with easy file modification or when not connected to the Internet.
Nyotron tested almost 60,000 known malware samples against AV products from three major vendors. The resulting report, "The Illusive 99.9%," reveals:
- The average detection rate was only 95.6%, and dropped as low as 88%. The lowest-performing product missed 3,549 malware samples.
- Detection efficacy dropped dramatically with easy single-byte modification of the original virus, to as low as 60%.
- Offline detection efficacy fell as low as 34%.
"Today there are over one billion known viruses, with an additional million created every day, and that sheer volume renders modern AV tools ineffective even against decades-old, well-known malware," said Nir Gaist, CTO, Nyotron. "If your entire protection stack is based on only chasing the bad, you will always remain vulnerable to both old and new viruses. Even if an AV product could deliver on its marketing collateral's promise of 99.9 percent efficacy - and our research shows it rarely does - when you're talking about billions of attacks, that's still inadequate."
The full report is available on the Nyotron website: https://www.nyotron.com/wp-content/uploads/2019/03/99.pdf
Nyotron pioneers a new generation of automatic Endpoint Detection and Response with integrated protection called Endpoint Prevention and Response (EPR). Our product prevents damage from malware that evades existing security layers and offers granular visibility into the attack. Based on the OS-Centric Positive Security, Nyotron's PARANOID automatically whitelists trusted operating system behavior and rejects everything else. No manual threat hunting, baselining, machine learning or cloud connectivity required. With PARANOID organizations gain true defense-in-depth protection against the most advanced attacks. Nyotron is headquartered in Santa Clara, CA with an R&D office in Israel.