It’s no secret that antivirus technology (AV) has faced increased scrutiny in the tech industry for quite some time. With signature-based detection methods, traditional AV solutions are simply weak against unknown malware and other malicious content. Meanwhile, consumers and businesses continue to trust AV solutions to protect their devices. So, how ineffective are they and what’s the risk to users?
“Testing” of AV platforms has become increasingly popular as a multitude of solutions, based on the same core technologies, have flooded the market. Those that perform well under these parameters tout the results as a stamp of approval. However, the true value of these tests is yet to be determined, as malware in the wild behaves in a manner significantly different from laboratory samples – even recently captured samples apprehended in security honeypots.
However, one way to truly gauge the effectiveness of today’s traditional AV solutions is by analyzing real-world data. So, we did just that.
To better understand the inherent flaws with traditional AV technology and to cast an eye onto the problem globally, we pulled data from real-world scans running one or more traditional AV tools registered on Windows® Security Center. We looked at instances where Malwarebytes was used solely for remediation and excluded data where Malwarebytes proactively blocked threats. This data excluded PUPs (potentially unwanted programs).
We found that in the US, nearly 40 percent of all malware attacks cleaned by Malwarebytes on endpoints with an AV installed occurred on endpoints that had two or more of these traditional AV solutions registered.
What does this mean from a global perspective? We learned that AV is not necessarily the silver bullet. A combination of remediation and protection is sorely needed. What we found might surprise you. In just the month of October, there were about 4 million instances where traditional AV was ineffective against today’s threats.
Screenshot from real-time heat map showing global detections in October
We also created a real-time heat map looking at global malware detections around the globe as they happen, www.malwarebytes.com/remediationmap.
For a dot to appear on the real-time maps, three things must happen:
- A device has a third-party antivirus registered on Windows® Security Center.
- A Malwarebytes remediation scan is run.
- The scan must detect malware.
Malwarebytes then adds a numerical count for each detection next to the respective vendor’s name. These elements represent Malwarebytes real-time global view of the threats detected by the remediation scans. Each dot represents a detection and there can be multiple detections for each dot.
The results of our global analysis show the ineffectiveness of today’s traditional AV solutions. The worst part is that many businesses and users have no idea that their traditional AV programs aren’t doing their job. This can have devastating consequences at work and at home. Trusting traditional AV alone is a losing proposition for individuals and businesses looking to protect their data from today’s modern threats. The path to a stronger solution for users must be a combination of both remediation and protection.