Nearly a third of PCs protected by up-to-date antivirus software show signs of malware infection, a new analysis based on real-world scans has found.
Dutch cloud security startup, SurfRight, studied scans from 107,435 PCs that had downloaded its cloud-based behavioural scanning system, and found malware on 35 percent of the machines, about what one might expect of the general population of PCs. More surprising, however, was that 32 percent of machines using a fully-updated antivirus programs also had such files present.
Although the much older Windows XP was more likely to have these files than other versions of Windows, all versions including Windows 7 had significant problems. Later service packs lowered infection levels, but not by enough to undermine the observation that malware is managing to get around installed protection often enough for it to be a concern.
The main reason that SurfRight is able to spot infections, it will claim, is its cloud model, which relies on uploading files to a host where they are run through a range of different engines (PCs run only one at a time) by the company's Hitman Pro 3 system. Systems are then analysed at a lower level, for instance by looking closely at the registry for inconsistencies.
"Our research shows that traditional antivirus software cannot keep up with cyber criminals," said SurfRight CEO, Mark Loman. "Despite all their efforts, it is often days or even weeks before some suppliers of antivirus programmes release a solution to a new threat."
So what is going wrong? In some cases, the fault might lie with the user and not the security product. The second most common type of malware found on 13,000 systems related to bogus anti-virus and spyware programs, which typically ask for user consent before installation proceeds. At that point the only line of defence would be the Windows User Account Control (UAC) which users are routinely said to ignore.
That aside, by far the largest group of infections was for ‘generic' malware, which is to say files that are believed to be malevolent due to their design and behaviour but which simply have not been identified yet. These are the most dangerous type of malware because any single AV product will probably not be able to see many of them.
"We also found that not all programmes detect the same threats, so the only way for users to be really sure would be to combine multiple anti-malware programmes on their PCs." said Loman.
The company reckons that for as long as Windows can only cope with a single antivirus product on each PC, the answer is to give users a ‘second opinion' using cloud technologies. It's a model that has been around for some years in a number of smaller vendors such as UK-based Prevx, and whose time might yet have come after investment in the idea by larger companies such as Symantec and Pandalabs.
The company's scanner can be downloaded from the SurfRight website and claims to check each PC in minutes without conflicting with installed software. The software is free to use for scanning but activates a one-month free trial for removal if it encounters malware after which an annual malware removal subscription costs 17.95 euros ($24).