Get All Access for $5/mo

How Antivirus Companies Are Hacking the Truth -- and Making Us All More Vulnerable Many companies tout detection rates north of 99 percent. They aren't just over-confident, they're deceitful.

By Steve Subar

Opinions expressed by Entrepreneur contributors are their own.

Andrew Brookes | Getty Images

Each day, tech researchers encounter and catalogue more than 350,000 new instances of malware -- the malicious software that's designed to damage computers or steal personal information. Consumers and businesses alike believe their antivirus systems are vigilant enough to ward off these mounting threats. But they're wrong.

Related: Ex-Employees Say Antivirus Giant Faked Malware to Damage Rivals

The fact is, today's approach to fighting malware is hopelessly ineffective, and antivirus vendors conceal this reality. Fortunately, the threat posed by increasingly sophisticated malware is surmountable. But, in order to succeed, antivirus companies must start working on technology that actually keeps users safe.

The reason is that it's no secret that the dangers malware poses are changing and intensifying at lightning speed. Even at tech-savvy organizations -- Equifax, Yahoo and Uber, to name a few -- system breaches have become common, enabled, most commonly, by malware.

Somehow, the antivirus industry still remains confident. Leading firms continue to market their pricey software by promising "total protection" and "tried and tested threat prevention." Many tout virus detection rates north of 99 percent.

Related: 7 Surprising Places Hackers Hide

These claims aren't just over-confident; they're deceitful.

Why "99 percent" isn't as good as it sounds

Consider the sky-high detection rates so proudly advertised. While "99 percent" sounds impressive, a failure rate of just 1 percent equates to admitting to over 1.3 million potentially disastrous viruses infecting endpoints and networks in the course of a year; any one of these could destroy a business or compromise millions of identities.

What's more, claims of high detection rates -- even if they're valid -- don't reflect an antivirus vendor's competence in identifying malware, but rather how well that vendor fares in identifying malware already flagged by Google's VirusTotal (a crowdsourced service aggregating antivirus engines from more than 70 companies).

Antivirus firms subscribe to VirusTotal, agreeing to lend their wares to the collective effort for scanning files submitted by users. But many subscribers abuse their access, relying almost exclusively on VirusTotal for malware detection, thus concealing their own products' weakness.

That's no different from using Google search to answer difficult questions and then trying to monetize your borrowed expertise.

Even more egregious is the industry's refusal to admit that its current approach is irreparably flawed. Today, most antivirus software is based on a two-stage approach that starts with detection and ends with remediation, accomplished through isolation and removal.

Detection-remediation, though, is actually a losing strategy. Antivirus scanning can detect only known viruses. Yet more than 350,000 unknown pieces of malware -- including malware leveraging "zero-day" exploits -- are unleashed daily. Even with the latest artificial-intelligence tools, antivirus programs regularly fail to identify zero-day viruses and issue scan reports rife with false positives.

In other words, hackers already have the upper hand on antivirus makers. And that advantage will only grow more formidable as zero-day viruses proliferate.

What's an entrepreneur to do?

Antivirus companies recognize the hopelessness of detection-remediation, of course. But they'd rather feign confidence and hide behind their "99-percent detection" rates than admit that they're incapable of keeping their customers safe.

So, what are the takeaways for entrepreneurs looking to protect their businesses? There are three:

  • Don't fly by the seat of your pants. Have a security policy to guide you so you can benefit from your cybersecurity investments in software, services, and personnel.
  • Understand the extent of your corporate presence and where your critical assets live -- on your LAN, across the web and in the cloud.
  • Ask yourself: Are you more interested in detection or actual protection?

There are a variety of ways to defend your perimeter -- and not just with firewall and router configurations or network traffic monitoring. Most breaches are not brute-force attacks on the perimeter but are facilitated from within. How black hats, malicious hackers, really attack is by getting malware onto your network and endpoints with phishing emails or downloads from infected websites.

So, fight back: Consider solutions that couple "default-deny" with "auto-containment" to achieve maximum security while preserving productivity.

Auto-containment allows users to open unknown files and run unknown scripts in a lightweight virtualized environment. This approach dramatically reduces risk of infection and exploitation, as, even if a file is malicious, its attempts to modify critical system resources will only impact a "shadow system." Plus, auto-containment lets users remain productive during the "verdicting process," by which cloud-based systems, assisted by artificial intelligence and supplemented by human analysts, determine whether an unknown file is genuine malware or not.

The much maligned "default-deny" security posture is another technique that can protect against unknown threats. Default-deny has long been favored by cyber experts, as it blocks all unknown files from opening or executing, thus preventing malware from penetrating a network or taking residence on a computer. Historically, default-deny hindered usability. However, when auto-containment is combined with default-deny and rapid verdicting, users' work is unimpeded -- and systems remain safe.

Related: Why We Need to Worry More Than Ever About Getting Hacked

IT users typically look to antivirus industry vendors. But these vendors, with their detection-centric strategies, are clearly losing the fight against malware, whatever the provenance.

When will antivirus companies finally admit that detection is not protection, and rethink their approach to fighting malware?

Steve Subar

President and CEO, Comodo Cybersecurity

Steve Subar is president and CEO of Comodo Cybersecurity. He brings decades of experience to his position. and is building the company's market-leading cybersecurity solutions and substantial resources. In 2005, Subar was chosen, from more than 60 Silicon Valley entrepreneurs, to become the first Entrepreneur-in-Residence for National Information Communications Technology Australia, that nation's leading center for applied IT research, which led to the creation of Open Kernal Labs. OK Labs, where Subar served as CEO, emerged as the leading provider of mobile device secure virtualization and deployed more than 1.6 billion devices, which led to its acquisition by General Dynamics, in 2012.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Side Hustle

Top Secrets to Starting a 6-Figure Etsy Side Hustle That Earns Passive Income, According to 3 People Who Did It

Etsy remains a popular ecommerce platfrom for sellers — and can be incredibly lucrative for those who know how to use it.

Science & Technology

The 7-Step ChatGPT Formula for Peak Productivity and Profit

With this powerful solution, you can take your productivity and profitability to new heights with ease.

Business News

SoftBank CEO Says AI 10x Smarter Than Humans Could Be Here in a Matter of Years

SoftBank CEO Masayoshi Son spoke to shareholders during the company's general meeting on Friday.

Business News

Amazon Is Thinking About Charging Extra for AI Alexa

"Hey Alexa, how much are you going to cost?"

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.


3 Steps to Overcoming Organizational Fear of Change

It's a leader's job to ensure everyone in the company can own their expertise without fear — even when left to their own devices.