I attended my first Virus Bulletin in 2013 in Berlin, Germany. It was perhaps one of the most important conferences I have attended as the CEO of PC Pitstop. During that short three day period, I learned of the first outbreaks of ransomware, the first of a new type of virus called a time bomb which is tricky to detect because its payload is on a timer. I also had the chance to meet with all of the major security testing houses, which formed the basis for our testing strategy including winning the VB 100 RAP test. The Virus Bulletin is where the most current information about what each AV vendor is experiencing. The style of the conference is almost strictly academic and not sales and marketing.
This year the Virus Bulletin was held in Denver Colorado, and we sponsored the conference as a Gold sponsor. When looking around the room, it is a who’s who of every company big and small in the security industry. There is no conference like it. When I looked around, however, I was surprised how few attendees were at the conference. I would guess a few hundred. This concerned me greatly. IT professionals need more information to make intelligent decisions about how to protect their employees and their companies from the evolving threats in cyber security. If they aren’t getting educated here, where are they getting their information, if at all?
I realized at that point one of the key issues related to the state of cyber security, and probably the world.
First let me digress. In mid 1970s, the United States suffered an oil shortage. There were long lines at the gas pumps, and people starting stealing gas as costs and frustration rose. In response, the federal government created a set of standards called CAFE (Corporate Average Fuel Economy) to measure fuel efficiency. Today, the results of this regulation can be seen on every car lot and automobile web site in the world. More importantly, the market has spoken and MPG (miles per gallon) is one of the key factors when purchasing a vehicle. Because of the creation of this highly relevant measurement, we now have electric and hybrid cars.
The same problem exists in security software. We want security software that will detect and mitigate the latest threats such as ransomware, and targeted attacks such as APTs (Advanced Persistent Threats), yet the market by and large does not purchase security software based on detection rates. Just like in the case of MPG, if we want higher detection rates, it must become a criterion of the purchase decision.
Sadly, currently the market does not purchase based on detection rates. How do I know that? There are certain companies with major marketshare that either have discontinued public testing, or never have tested. There are new entrants that have avoided public testing for years. They claim to have better detection rates, but nothing to prove it. On the other hand, our product has consistently won the VB100 RAP test, and our market share is still not at the level of those that never test at all.
This is important. If we are to win the war against ransomware, detection rates must go UP. Way way up. If the market continues to purchase on attributes other than detection rates, then ransomare could escalate to a point where it rages out of control. The ransoms that are paid, are the cyber criminals’ oxygen to invest in more sophisticated technologies. Please everyone, invest in technologies that have higher detection rates.
We are committed to organizations such as Virus Bulletin whose goal is to inform the public of the latest threats in cyber space. We are also committed to promoting fairness and standards in detection rates. In fact, we are also on the board of the AMTSO (Anti Malware Testing Standards Organization). We will also be publishing shortly a series of papers showing apples to apples comparisons on detection rates amongst all AV players.
We believe that better AV software with higher detection rates is the only way to win the war against ransomware.
To read the full version of PC Pitstop’s Q3 newsletter, click here.