Malware Evolving Too Fast for Antivirus Apps

If you think that the latest security suites afford complete protection against malware attacks, think again. Today's for-profit malware pushers use dedicated test labs and other increasingly professional techniques to improve their chances of infecting your computer. And the techniques they employ to outpace security software makers appear to be working.

Make no mistake--a good security program can go a long way toward keeping you in control of your system. But PC World's recent tests of security suites found that new malware easily evaded the applications. In our tests of how well security software blocks unknown malicious programs, the best performer detected only one in four new malware samples. In contrast, February 2007 results from similar heuristics testing showed that the best utilities caught about half of new samples.

Window of Opportunity Open

"In this industry, unlike others, we have an antagonist we have to deal with, someone we're constantly battling back and forth with," says Hiep Dang, director of antimalware research with McAfee's Avert Labs. "The bad guys have the element of surprise."

Even just a 12-hour head start can translate into thousands of infected PCs, and malware authors have long tested their programs against antivirus applications to make sure they get that critical jump on the opposition. VirusTotal.com and similar Web sites, which allow security researchers and consumers to submit a questionable file and have it scanned by more than 30 different antivirus engines, have unfortunately made the testing easier for malware writers: Crooks can continue to tweak their new malware projects until VirusTotal or one of the other new multilanguage sites shows that the rogue application can slip past the majority of antivirus programs.