Antivirus outbreak response testing and impact

Andreas Marx

Often referred to as the 'window of vulnerability', the reaction time between when a new malware is discovered and when AV software updates are available can often make the difference as to whether a new threat gains substantial foothold in the wild. To better understand the nature of this problem, began monitoring 24 AV vendors, checking for updates every five minutes and comparing those updates to newly spreading malware. The results of the tests thus far have revealed not only the reaction times for several high-profile threats, including Mydoom, Bagle, and Netsky variants, but also sheds light on problems encountered during the update process. For example, detection may be incomplete initially, or the updates may fail to replicate across all vendor download servers in a timely manner, or the servers may not even be reachable - thus possibly resulting in missed detection or delay of the updates for some customers.

This paper takes an in-depth look at how the tests are conducted, what the results of these tests have demonstrated, and the possible impact of this. The rather good or worse reaction times over a six month period, as well as the number of proactively detected malwares of the different AV companies will be presented as well.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.