Healthcare News & Insights

Study: Antivirus software ineffective against many examples of malware

Many healthcare organizations likely use antivirus software to protect their networks from cyberthreats. But some studies warn that antivirus applications probably aren’t effective enough to rely on. 

There’s been a recent explosion in malware designed to go completely undetected by antivirus programs, according to a recent report from security firm Palo Alto Networks.

Researchers collected data from 1,000 organizations that use one of Palo Alto’s firewall products. Over the course of three months, the researchers discovered more than 26,000 pieces of malware present on the companies’ networks that at the time were not identified in any malware database and therefore couldn’t be blocked by conventional antivirus software.

While antivirus software can help prevent some attacks, there’s enough out that it won’t catch that organizations and individuals shouldn’t solely rely on antivirus for protection, the researchers said.

Antivirus effectiveness questioned

This isn’t the first report to question how effective antivirus software can be in protecting organizations’ networks. A 2011 study conducted by NSS Labs, for example, concluded that many types of malware could get past antivirus programs when sent through email. The software tested was able to prevent malware from getting to a user’s inbox just 36% of the time.

The applications did better when preventing malicious attempts from being opened or saved. Protection rates in that test jumped to 74%, a big improvement, but far from perfect.

NSS Labs’ tests also revealed other areas where antivirus programs failed to prevent many infections:

  1. Local file servers — Servers on an organization’s network used to share files among multiple users can become repositories for malware if the server lacks its own security controls. Antivirus programs allowed malware to be downloaded from file servers 30% of the time.
  2. USB drives — As Internet security has gotten more attention, the popularity of using infected USB drives to spread malware has grown among hackers. Many antivirus applications fail to block those malicious programs, which exploit PCs’ autorun feature.
  3. “Single-use” malware — This is a newer type of malware that is written only to a computer’s memory, where it often goes undetected.

Bottom line: Antivirus software is still effective in preventing some attacks, and therefore it still has value to organizations. However, as these studies show, relying too much on it instead of using other tools can weaken an organization’s overall security capabilities.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.