Today’s front page NYT story is about how the Chinese went after the NYT for publishing disparaging stories about Chinese government officials. The same reporter who wrote the NYT story on antivirus also wrote this story about Chinese hackers. Note something interesting:
Out of the 45 different pieces of malware planted on the Times‘ systems over the course of three months, just one of those programs was spotted by the Symantec antivirus software the Times used…
One out of 45 is about 2%, very much like the results of our antivirus study, which was referenced in this Forbes article bashing Symantec:
… analysis performed by the security firm Imperva along with the Technion Israeli Institute of Technology found that antivirus managed to detect only 5% of new threats, and that it took an average of four weeks for antivirus firms to identify a new piece of malicious code. “Although vendors try to update their detection mechanisms, the initial detection rate of new viruses is nearly zero. We believe that the majority of antivirus products on the market can’t keep up with the rate of virus propagation on the Internet,” their paper reads.
Here’s the message for security: rebalance the security portfolio. Use free antivirus and spend some money modernizing your security strategy.
I recently talked to a CISO who said he buys AV because of legal reasons. If someone is infected, which he knows will happen, he has a legal defense to say ‘I did what I could.’ But he also knows AV won't work. If customers are buying AV to appease lawyers versus protecting an enterprise, something isn't right.
Symantec’s response essentially blaming the Times--their customer!--for the failure gives some insight into what isn't right. Their reaction reminded me of a key tenet Clayton Christensen's The Innovator's Dilemma. In the book, Christensen notes that big companies fail to innovate because customers often ask for better versions of current products when they really need a new technology. Customers, according to Christensen, become a barrier to innovation. Symantec's reaction, explaining that if the Times had turned on more functionality they'd have been safer, is the best illustrations of the innovator's dilemma you'll ever see.