[chadfree] Fwd: [pro_tech] How Long Must You Wait for an Anti-Virus Fix?

Here is an interesting article on how long it takes to get the AV updates

it was sent by Radar one of the owners of pro_tech and TSA/OWTA
Mike
*********** BEGIN FORWARDED MESSAGE  ***********

On 25/02/2004 at 1:21 AM radar <radar0509@xxxxxxxxx> wrote:

"How Long Must You Wait for an Anti-Virus Fix?
February 23, 2004
By Brian Livingston

Imagine that your office building was on fire, and you called the 
fire department, only to be told, "Please wait there while we invent 
a new method to fight the kind of fire you have."

You'd be furious! You'd expect the firefighters to rush to your 
building immediately, ready to fight whatever kind of fire they 
found.

Unfortunately, anti-virus services are forced into a scenario that 
no firefighter would accept: "We have to invent new defenses every 
day." Anti-virus software can predict and prevent some never-before-
seen viruses. But all too often, a new virus can spread unchecked 
while software vendors develop and distribute a new "signature" file 
that can match the virus and kill it.

The Time Lag Between Discovery and Disinfection

Just how long is the period between a new virus getting "into the 
wild" and an effective antidote getting into your company's anti-
virus arsenal?

To answer that question, I turned to AV-Test.org, a group of 
researchers which has studied anti-virus technology for years.

AV-Test is not as well-known in the United States as it should be, 
possibly because the group is located in Germany at the Otto von 
Guericke University Magdeburg. Many of the organization's articles 
have been published in German computer magazines that have no 
English editions =97 but I hope that'll change.

I interviewed by telephone Andreas Marx, manager of AV-Test, to get 
his view of anti-virus response times. He provided me with test 
results showing how long it took 23 major anti-virus programs 
worldwide to come up with new signature files during the past 
several weeks.

"I hope this will decrease the time it takes updates to get 
released," Marx told me, explaining why he feels sharing the 
information is important.

Finding =97 and Fighting =97 New Virus Threats

The new signature files involved in this horse race were developed 
to fight four novel viruses that weren't being caught by the 
preventive or "heuristic" techniques of most anti-virus programs. 
These four new viruses are known as Dumaru.Y, MyDoom.A, Bagle.A and 
Bagle.B.

AV-Test uses special scripts to check the servers at anti-virus 
companies every five minutes, looking for new signature files. It 
then calculates the time between each virus being first spotted 
somewhere in the world by the MessageLabs consulting group and the 
time when each anti-virus service has a working fix available to the 
public (not counting beta versions available only to testers).

According to the organization's data, these are the average lag 
times, in hours and minutes, for each program during the test period:

   H:M     Anti-Virus Program
  06:51   Kaspersky
  08:21   Bitdefender
  08:45   Virusbuster
  09:08   F-Secure
  09:16   F-Prot
  09:16   RAV
  09:24   AntiVir
  10:31   Quickheal
  10:52   InoculateIT-CA
  11:30   Ikarus
  12:00   AVG
  12:17   Avast
  12:22   Sophos
  12:31   Dr. Web
  13:06   Trend Micro
  13:10   Norman
  13:59   Command
  14:04   Panda
  17:16   Esafe
  24:12   A2
  26:11   McAfee
  27:10   Symantec
  29:45   InoculateIT-VET

The averages vary from about 7 hours per virus to more than one full 
day (almost 30 hours).

It's important to note two things about the figures in the table 
above:

=95 Some of the programs were able to detect some of the viruses in 
the testing period heuristically =97 without needing an update. 
Ikarus, Quickheal, and Virusbuster were able to do this with the 
Dumaru.Y virus, whereas Norman and RAV were able to do it with 
Bagle.B. In those cases, the anti-virus program was assigned a 
response time of zero for that one virus. This reduced those 
vendors' average response times.

=95 On the other hand, A2 had not posted a signature for the Bagle.B 
virus within three days, when the test period ended. This program, 
therefore, was assigned a response time of 35 hours in this 
instance. If this virus had not been considered in the statistics, 
A2's average response time would have been reduced to 15:26 rather 
than 24:12.

Distributing the Fix Is As Important As Developing It

Aside from the immediate problem of developing signature files that 
can detect new viruses, there's another element to a good anti-virus 
service. The new signatures must be distributed to corporate and 
individual customers across the Internet, using the infrastructure 
the provider has built.

In a PDF white paper released in February and entitled "Outbreak 
Response Times," AV-Test shows that the frequency with which anti-
virus companies update their software online varies widely. Although 
new signatures are sometimes posted very quickly in special cases, 
many major anti-virus services schedule regular online updates only 
once or twice a week, AV-Test says. Other providers, such as F-
Secure, schedule updates seven times a week, while Kaspersky Labs 
schedules them 20 times a week, according to AV-Test's figures.

Updating Anti-Virus Signatures Around the Clock

Actually, says Antony Holdsworth, technical consultant for Kaspersky 
Labs' United Kingdom office, his company recently started posting a 
new signature file on its servers every three hours.

"We're seeing about 300 new viruses a week," Holdsworth 
explains. "There are always new anti-virus signatures to post," even 
with updates scheduled eight times a day, he adds.

Kaspersky schedules new signature files the most often =97 and earned 
the fastest average response times in AV-Test's real-time trials, 
shown above =97 because the company has a large number of people 
around the world analyzing viruses and developing cures, Holdsworth 
says.

Conclusion

Your company may not feel it has a virus problem. Some corporations 
think they can prevent viruses by stripping all attachments out of 
incoming e-mail. "But people use workarounds like Hotmail to get 
attachments," AV-Test's Marx says.

If you do find yourself coping with new viruses all too often, the 
response time of your anti-virus service may be a factor you'll want 
to take a good, hard look at." (end extract...)
Source--http://www.esecurityplanet.com/views/article.php/3316511
(Radar) Co-Owner/Group Moderator


<*> To visit your group on the web, go to:
     http://groups.yahoo.com/group/pro_tech/

*********** END FORWARDED MESSAGE  ***********



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Was this forwarded to you?  Want to subscribe?  Send an email 
to chadfree-request@xxxxxxxxxxxxx?Subject=subscribe.

For a complete list of email commands for our list send an email 
to ecartis@xxxxxxxxxxxxx with a subject line of "info chadfree" without the 
quotes.

If you wish to unsubscribe from our list send an email to;
 chadfree-request@xxxxxxxxxxxxx?Subject=unsubscribe

To contact the list moderators send an email to 
chadfree-moderators@xxxxxxxxxxxxx
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Other related posts: