Cyveillance Testing Finds AV Vendors Detect on Average Less Than 19% of Malware Attacks

Further testing reveals that even after 30 days, detection rates averaged only 61.7%

ARLINGTON, Va.--()--Cyveillance, a world leader in cyber intelligence, today announced the availability of their most recent Internet security report, “Malware Detection Rates for Leading AV Solutions: A Cyveillance Analysis.” The report reveals that traditional antivirus (AV) vendors continue to lag behind online criminals when it comes to detecting and protecting against new and quickly evolving threats on the Internet. Cyveillance testing1 shows that even the most popular AV signature-based solutions detect on average less than 19% of malware threats. That detection rate increases only to 61.7% after 30 days.

“Even after 30 days, many AV vendors cannot detect known attacks, making it critical for enterprises to take a more proactive approach to online security in order to minimize the potential for infection,” said Panos Anastassiadis, COO of Cyveillance. “To increase protection, users can’t forget the basics – avoid unknown or disreputable websites, increase security settings on their web browser and leverage supplemental malware block lists to increase security on their devices. Only through both proactive and reactive tools can a solid security platform be achieved.”

Cyveillance identifies malware as any type of malicious software application—generally implemented without a users’ knowledge—designed to infiltrate computers. Users rely on security tools including signature-based AV solutions to protect against malware attacks. Cyber criminals circumvent these defenses by installing newly created malware programs that go unrecognized by AV solutions. A security solution must “catch up” with the latest threats to provide adequate protection.

Cyveillance tested thirteen popular AV solutions2 to determine their detection rate over a 30 day period and found that popular solutions only detect an average of 18.9% of new malware attacks. By day eight, AV solutions average a 45.7% detection rate. This rises to 56.6% on day 15, 60.3% by day 22, and 61.7% after 30 days. Top AV solutions take an average of 11.6 days to catch up to new malware. Since this does not include malware signatures undetected even after 30 days, users should not rely on the AV industry as their only line of defense.

      Trend Micro   Sophos   McAfee   Kaspersky   F-Secure   Dr Web   AVG   Nod32   F-Prot   Virus Buster   Norman   eTrust-Vet   Symantec
Day 1     17%   20%   22%   22%   27%   7%   13%   37%   17%   10%   17%   16%   21%
Day 8     29%   36%   53%   87%   50%   29%   85%   86%   23%   30%   29%   21%   36%
Day 15     32%   75%   85%   91%   59%   33%   92%   88%   34%   46%   31%   27%   43%
Day 22     32%   81%   86%   92%   62%   33%   92%   88%   37%   74%   32%   29%   46%

Day 30

    38%   85%   86%   92%   64%   33%   93%   89%   39%   74%   32%   30%   47%

All figures and statistics in the Cyveillance report “Malware Detection Rates for Leading AV Solutions: A Cyveillance Analysis” are actual measurements rather than projections based upon sample datasets, unless otherwise noted. The data used for this study were collected and analyzed between April 20, 2010 and April 22, 2010, resulting in an overall total data set of approximately 1,708 confirmed malware files. The files were then run through the latest release of the top desktop AV solutions upon initial detection and again every six hours for one month to determine their detection and lag rates. For more information about Cyveillance’s research findings, please visit

About Cyveillance

Cyveillance, a world leader in cyber intelligence, provides an intelligence-led approach to security. Through continuous, comprehensive Internet monitoring and sophisticated intelligence analysis, Cyveillance proactively identifies and eliminates threats to information, infrastructure, individuals and their interactions, enabling its customers to preserve their reputation, revenues, and customer trust. Cyveillance serves the Global 2000 and OEM Data Partners – protecting the majority of the Fortune 50, regional financial institutions nationwide, and more than 100 million global consumers through its partnerships with security and service providers that include Blue Coat, AOL and Microsoft. Cyveillance is a wholly owned subsidiary of QinetiQ North America. For more information, please visit or

About QinetiQ North America

QinetiQ North America delivers world-class technology, responsive services, and innovative solutions for global markets, focusing on US government and commercial customers. More than 6000 QinetiQ North America engineers, scientists and other professionals deliver high quality products and services that leverage detailed mission knowledge and proven, reliable tools and methodologies to meet the rapidly changing demands of national defense, homeland security and information assurance customers. Headquartered in McLean, Virginia, QinetiQ North America had annual revenues of more than $1 billion in the fiscal year that ended March 31, 2010. QinetiQ North America is part of QinetiQ Group PLC (LSE:QQ). For more information, please visit

1 Cyveillance’s comprehensive monitoring technology continuously sweeps the Internet – monitoring and collecting information from over 200 million unique domain name servers, 190 million unique websites, 80 million blogs, 90,000 message boards, thousands of IRC/Chat channels, billions of spam emails and more. This approach yields the discovery of more than 100,000 new sites each day.

2 Vendors tested included Trend Micro, Sophos, McAfee, Kaspersky, F-Secure, Dr. Web, AVG, Nod32, F-Prot, Virus Buster, Norman, eTrust-Vet and Symantec. (Trend Micro is a registered trademark of Trend Micro Incorporated, Cupertino, CA; Sophos is a registered trademark of Sophos PLC, Oxfordshire, England; McAfee is a registered trademark of McAfee, Inc., Santa Carla, CA; Kaspersky is a registered trademark of Kaspersky Labs, London, England; F-Secure is a registered trademark of F-Secure Company, Espoo, Finland; Dr. Web is a registered trademark of Dr. Web Co., Moscow, Russia; AVG is a registered trademark of AVG Technologies, BRNO, Czech Republic; Nod32 is a registered trademark of Nod32 Corporation, Bratislava, Slovakia; F-Prot is a registered trademark of Fisk Software Intl Co, Reykjavik, Iceland; Virus Buster is a registered trademark of Virus Buster, Ltd., Budapest, Hungary; Norman is a registered trademark of Norman Company, Lysaker, Norway, and Symantec is a registered trademark of Symantec Corporation, Mountain View, CA; eTrust-Vet is a registered trademark of CA, Inc., Islandia, NY.)


Welz & Weisel Communications
Tony Welz, 703-218-3555

Release Summary

Cyveillance testing finds AV vendors detect on average less than 19% of malware attacks


Welz & Weisel Communications
Tony Welz, 703-218-3555