Tuesday, March 20, 2007

Let's Play a Fun Game Here ... A Scary Game

So, let's suppose somebody who is involved with incident response at a typical US public University has collected a few recent malware samples from the compromised machines and then submitted all the samples to VirusTotal for scanning with pretty much ALL current anti-virus and anti-virus-like products.

What do you think the average detection rate (i.e. a malware sample was identified as "something bad") was?

Any guesses? Here are a few numbers to help you choose:

  1. 100%
  2. 94%
  3. 90%
  4. 70%
  5. 50%
  6. 33%
  7. 22%
  8. 14%
  9. 2%
  10. Something else?

Let the games begin!

UPDATE: answer posted

UPDATE2: after much deliberation, I finally replaced anti-virus on my own systems with another technology. Read the details here.

Dr Anton Chuvakin