In the latest months, there have been some discussions about malware figures. My colleague Stuart wrote in the SophosLabs blog a post about this, as well as our colleagues at McAfee did. Today I’ve seen a press release from F-Secure, where they announce the publication of their 2008 first half data security summary (I have to talk to Mikko to see how they can summarize something that hasn’t finished yet 😉
So now we have a small ranking, listed in alphabetical order:
F-Secure 900,000
McAfee 400,000 – 10,000,000
Sophos 4,600,000
Symantec 1,122,311
Panda 13,225,535
Q&A:
Does this mean that we detect more than they do?
No, it doesn’t mean that. It is like comparing apples and oranges.
So are you detecting less than the others?
No, as said before you shouldn’t compare apples and oranges.
Why some are apples and the other oranges?
You can be counting just files or detections. With one good detection you can detect thousands of malicious files.
The more signatures a product has, the best the product is?
No. Product A could have X signatures, and product B could have X/2 and detect more than product A.
Finally, when AV companies are talking about this kind of figures, they are referred as detections, malware files or similar. So no proactive technologies are involved in those figures… and that’s part of the solution – as well as the signatures- for the ever growing malware landscape that we have. Last week, Eva Chen, Trend’s Micro CEO said that ‘AV Industry sucks’. Even though I know what she meant and I do agree, I would have used different words. But what I want to point out about this is a different thing –> scanning "in the cloud". I’m really happy to see that we have created a trend and that now Trend Micro is following us. I really think that this is the best AV companies can do right now, and I hope the others will follow us too. We published almost one year ago a paper about this, we released a proof of concept of that technology within a memory online scan engine called Nanoscan. Later we applied some of this technology in our 2008 products, and it is completely integrated in our 2009 products, which are right now on public beta. Let’s see if we can build a safer world!