14 DAY TRIAL // A report (PDF) released by a cyber-intelligence company called Cyveillance suggests that the antivirus industry is failing to keep up with the cybercriminal enterprise and the threats that are most likely to affect Web users. The anti-phishing protection included by default in modern browsers was found to be similarly inadequate.
Cyveillance is a cyber-intelligence gathering company based in Arlington, VA, which monitors the Internet for various attacks and threats. According to its own account, the company is "collecting information from more than 200 million unique domain name servers and 150 million unique Web sites." The company was acquired by QinetiQ North America for $40 million earlier this year.
Despite being criticized over the years for what have been described as aggressive or inappropriate Web crawling practices, Cyveillance's position gives it a deep perception of the Web-threat landscape. For a period of almost a month, between June 12 and July 10, 2009, the company used data gathered in real time to test the detection capabilities of top antivirus solutions against newly discovered and confirmed malware samples.
Using the results, Cyveillance calculated an average daily detection rate for each of the tested products, none of them going over the 50% mark. The top five scores came from McAfee (44%), Sophos (38%), Dr. Web (36%), Symantec (35%) and Trend Micro (34%). The list was completed by AVG (31%), F-Secure (28%), ESET (27%), Sunbelt (26%), F-Prot (23%), Norman (23%), Kaspersky (18%) and VirusBuster (16%).
Cyveillance concluded that, even if a user was protected by a solid and up-to-date antivirus solution, if they were to visit a malicious Web site, they would stand "a more than 1 in 2 chance of being infected with malware." This is particularly disturbing, as, according to reports from other companies and organizations, there is a general consensus that Web-based attacks are currently the preferred method of distributing malware.
Data gathered by Cyveillance between January 1 and June 30, 2009, was also used to test the various anti-phishing implementations in major browsers, the company calculating both immediate and post-24-hour average detection rates. Mozilla Firefox scored a 54.9% detection rate upon the initial scam discovery and was followed by Google Chrome with 51.2%, Apple's Safari at 45.5% and Microsoft Internet Explorer, with a significantly lower score of 24.97%.
After 24 hours, the threats were accessed again and the results revealed the same order of anti-phishing filter accuracy, with Mozilla Firefox's taking the lead at 87.1% and being followed by Chrome (86.2%), Safari (84.0%) and IE (55.3%). The numbers are not very satisfying, as phishing scams are generally hit-and-run attacks aiming to cause the most harm during the first 24 hours and not after.
However, most of these default phishing filters proved better than other third-party, similar applications. McAfee's Safe Advisor had a detection rate at initial discovery of 43.1% and blocked 52.3% of them after 24 hours, which is not a significant increase. Meanwhile, Symantec's Norton SafeWeb performed very poorly with detection rates of 4.4% and 5.0% respectively.
Cyveillance noted that, during the first half of 2009, it detected an average of over 23,000 unique phishing attacks per month. This actually represents a decrease compared with the number of such attacks during the second half of 2008 (36,000) and is consistent with the findings of other organizations. "The majority of malware issues on the Internet continue to originate within the United States and China. These two countries lead in virtually every significant malware statistical category," the company concludes.
