Andreas Marx AV-test.org
Often referred to as the 'window of vulnerability', the reaction time between when a new malware is discovered and when AV software updates are available can often make the difference as to whether a new threat gains substantial foothold in the wild. To better understand the nature of this problem, AV-Test.org began monitoring 24 AV vendors, checking for updates every five minutes and comparing those updates to newly spreading malware. The results of the tests thus far have revealed not only the reaction times for several high-profile threats, including Mydoom, Bagle, and Netsky variants, but also sheds light on problems encountered during the update process. For example, detection may be incomplete initially, or the updates may fail to replicate across all vendor download servers in a timely manner, or the servers may not even be reachable - thus possibly resulting in missed detection or delay of the updates for some customers.
This paper takes an in-depth look at how the tests are conducted, what the results of these tests have demonstrated, and the possible impact of this. The rather good or worse reaction times over a six month period, as well as the number of proactively detected malwares of the different AV companies will be presented as well.