– Roger Thompson, chief research officer at AVG Technologies (www.avg.com), says:
Every day, antivirus labs get 150,000 malcode samples, 20-30,000 of which are new and unique. A much smaller number… something like 400 or 500 are actually released into the Wild. They know that within a week or two, all scanners will be able to see what they release today, but they change the released code every day, so they always have a sliding window of undetected code with which to catch their victims.
Antispam is best done at the ISP level, and is quite effective as it stands. In my opinion, most antivirus programs are not up to the job these days, because they are signature based, and therefore constantly out of date. Even the so-called cloud solutions, are just signature scanners. The Bad Guys know how to work this. I suspect that most data centers are keeping safe by using the Hope method. You still need a signature scanner, but all signature scanners should be focused on the relatively small number of bits of malcode that make it into the Wild each day, instead of trying to handle the absurd daily Zoo numbers. The other two components should be a dedicated Web scanner, because most of the attacks are coming from the web, and a behavior-based layer.
It is also worth noting that there are not a huge number of viruses any more… probably less than 1% of the problem is viral. The majority are down-loaders, backdoors, keyloggers and rootkits… malicious code to be certain, but just not viral. This doesn’t mean that you can do without an antivirus program, however, because as long as there is even a single virus, you need an antivirus. Not only that, but the viruses that are in the Wild today are really nasty. Things like Virut, for example. It is a fast infector, meaning that it infects all files on all visible local and network drives on the first run, and is a cavity infector, which means it is darned hard to remove.