Claims by anti-virus vendors that they block 99 percent of malware is chaff, according to a security chief.
John Vigouroux, the chief executive officer of web gateway company M86 Security, said anti-virus vendors claim to block 99 percent of known malware, but most criminals use unknown variants.
Vigouroux said that the security industry has "done a miserable job of protecting customers and industry".
“Most of the web is legitimate and while 40 per cent gets blocked, 60 per cent gets through. Every single product on the market is running off the same database idea and to make a database up you need to find the malware to write signatures to match the code to the database in order to block it.
“I do not care how fast they can update, it is so simple that it is scary, but it is easy to do as the attackers keep coming with new malware and the industry is doing a terrible job of keeping up.”
But David Harley, senior research fellow at ESET and anti-malware testing standards organisation director rejected the claims.
“Vigouroux is repeating the ancient fallacy that anti-virus only detects known malware, using a database of signatures. That hasn't been the case for many years: that's what heuristics, whitelisting and reputations services are for, to supplement exact identification and generic identification," he said.
“The model of one signature for each variant or sub-variant is totally extinct: in fact, Vigouroux's claims suggests a misunderstanding of what a signature is. A signature isn't a simple string of bytes in a database: it's an algorithm."
He said a single algorithm may look for a known string, but others look for code that resembles known malcode, or for behaviour that suggests malicious intent such as behavioural analysis and active heuristics and so on.