Surprise, surprise—a recent Imperva report claiming that available anti-virus products are categorically awful at protecting PCs from new computer viruses hasn't been well received by AV software vendors.
Rival IT security firms have been especially critical of the methodology of an Imperva report released last week, which called the more than 40 anti-virus software products it tracked for a recent study "woefully inadequate" at protecting IT assets from 82 newly created viruses that company researchers unleashed on them.
"Simply scanning a collection of files, no matter how large or how well sourced misses the point of security software entirely. They were not exposing the products to threats in the way they would be in the wild," Rik Ferguson, director of security research at Trend Micro, told ITPro after the release of the report.
Now Imperva is answering its critics. In a new post on the company's official blog, Imperva's Rob Rachwald acknowledged "the limitations of our methodology," but argued that "fundamentally, the model for antivirus—and not our methodology—is flawed."
Rachwald's contention is that anti-virus solutions were developed to inoculate against widespread computer virus infections, but that today's malware "is deployed to target specific individuals—CEOs, researchers, politicians, executives—and not everyone's mom."
Because of this shift in focus and tactics by malware developers, older methods for stopping threats like blocking blacklisted IPs and URLs don't work anymore, according to the Imperva researcher.
"[I]n today's threat scape, where we consider attackers that are specifically targeting a specific victim, they create a dedicated URL to host the malware and use a dedicated IP address to send malicious mail, easily overcoming blacklists," Rachwald wrote.
Imperva's research actually found that prominent anti-virus solutions remained "very effective" at stopping widespread viruses—but were awful at identifying new, targeted threats quickly and effectively.
Unfortunately, that distinction wasn't made very clear in Imperva's original report. That likely generated some confusion about the correct conclusions to reach from the Imperva study. It seemed to indict anti-virus products as utterly useless against the "old threat model" of casting a wide net with malware but ineffective against the newer tactic of targeting individuals.
So what's the upshot? Well, there are a lot more moms out there than CEOs. And there's still a lot of widespread malware. For most of us, running some kind of anti-virus protection on our computers is still the smart thing to do. And as Imperva notes, there's effective security freeware out there so it's not always necessary to spring for it.
But for those folks who have reason to believe they could be targeted by the new breed of malware, that off-the-shelf AV software probably isn't providing adequate protection.