Only 51% of anti-virus scanners detect zero-day malware

Posted 26 May 2014 17:30 CEST by Jan Willem Aldershoff

Antivirus software is able to detect only 51% of zero-day malware, according to researchers of LastLine Labs. For over a year the researchers collected all kinds of malware and tested it on Google’s online antivirus service VirusTotal.com.

myce-lastline-labs-av-vendor-apt-detection-rate

VirusTotal uses dozens of virus scanners which scan uploaded files. The website is mainly intended to be a second opinion and is according to the developers not usable for testing and rating anti-virus software. VirusTotal uses the command line version of virus scanners which can differ from the desktop version used by most consumers.

Nevertheless tested LastLine Labs the effectiveness of 47 scanners with VirusTotal. On the first day new malware was released,only 51% of the scanners was able to detect it. If not even one of the scanners detected the malware on the first day, it took on average two days before the malware was detected by at least one scanner. After two weeks detection of the malware increased to 61%.

During the year the researchers performed the tests,  no single AV scanner had a perfect day – a day in which it caught every new malware sample. The researchers also found that after a year there was still malware that wasn’t detected by 10% of the anti-virus software.


Related content