Despite a large investment in anti-virus technology, enterprises are still vulnerable email-borne viruses that enter in the gap between their initial outbreak (the so-called zero hour) and the availability of a matching anti-viral signature. We discussed this window of vulnerability in depth in our recent report, Zero-Hour Defense Against Email-Borne Viruses.
How large is the window of vulnerability? We estimated between six and eight hours. We underestimated.
AV-Test (http://www.av-test.org/) is a virus testing group at a German university. They have a lot of interesting data. Analyzing the response times for 45 different virus outbreaks for a wide variety of vendors, they found an average response time of 10 hours. For most vendors, response times were between 4 and 16 hours. Interestingly, Kaspersky Labs and Bitdefender did the best, coming in at less than 4 hours.
Summarizing the average response times. Less than:
- 2 hours: none
- 4 hours: Bitdefender, Kaspersky
- 6 hours: AntiVir, Dr. Web, F-Secure, Panda, RAV
- 8 hours: Quickheal, Sophos
- 10 hours: AVG, Command, F-Prot, Norman, Trend Micro, VirusBuster
- 12 hours: Avast, eTrust (CA)
- 14 hours: Ikarus, McAfee
- 16 hours: eTrust (VET), Symantec (Intelligent Updates, not LiveUpdates)
Beta signatures were usually available from McAfee and Symantec within 4 hours.