How Long is the Virus Window of Vulnerability? (2005)

Despite a large investment in anti-virus technology, enterprises are still vulnerable email-borne viruses that enter in the gap between their initial outbreak (the so-called zero hour) and the availability of a matching anti-viral signature. We discussed this window of vulnerability in depth in our recent report, Zero-Hour Defense Against Email-Borne Viruses.

How large is the window of vulnerability? We estimated between six and eight hours.  We underestimated.

AV-Test ( is a virus testing group at a German university. They have a lot of interesting data. Analyzing the response times for 45 different virus outbreaks for a wide variety of vendors, they found an average response time of 10 hours. For most vendors, response times were between 4 and 16 hours. Interestingly, Kaspersky Labs and Bitdefender did the best, coming in at less than 4 hours.

Summarizing the average response times. Less than:

  • 2 hours: none
  • 4 hours: Bitdefender, Kaspersky
  • 6 hours: AntiVir, Dr. Web, F-Secure, Panda, RAV
  • 8 hours: Quickheal, Sophos
  • 10 hours: AVG, Command, F-Prot, Norman, Trend Micro, VirusBuster
  • 12 hours: Avast, eTrust (CA)
  • 14 hours: Ikarus, McAfee
  • 16 hours: eTrust (VET), Symantec (Intelligent Updates, not LiveUpdates)

Beta signatures were usually available from McAfee and Symantec within 4 hours.

Post a comment

You must be logged in to post a comment. To comment, first join our community.