McAfee Publishes Numbers On Aggressive Malware Growth

McAfee has just posted some number of their own regarding the growth in new attacks (and the subsequent need for new signatures) via a blog post by McAfee Avert Labs.  In that post, McAfee says that the number of new attacks is three times the rate over the same period last year, and that the number of attacks for the first half of the year nearly eclipsed the total for all of 2008. 

We have been leveraging the Symantec numbers for our Worldwide Malware Signature Counter, and it is nice to see that the McAfee numbers back up our basic thesis.  McAfee reports their numbers a bit differently from Symantec, in that McAfee excludes those attacks that were picked up by generic filters and heuristics (much more on that next week).  This makes the McAfee numbers smaller in total, but they represent the same aggressive growth curve as Symantec’ numbers.  For example, if you read between the lines, McAfee saw roughly 500,000 new threats in the first half of 2008, nearly 1,000,000 in the second half, and 1,200,000 in the first half of 2009. 

There has been some interesting new language from the AV vendors regarding the aggressive growth of new attacks and the growing strain to build signatures fast enough to protect their customers. Symantec is trotting out their Quorum whitelist/reputation based technology as the cure, but it remains to be seen if it can really close what these numbers illustrate is a large and growing detection gap.  In shifting the emphasis on the Quorum technology, Symantec is publicly falling on the signature sword.  In the Quorum press release, a Symantec executive is quoted as saying: “Looking at the sheer volume of infected systems in the world, one thing is resoundingly clear: basic security protection is not good enough.” 

Clearly the “elephant in the room” problem has gotten large enough that the AV vendors can no longer act like it is not there.  Because if I interpret the language in this blog post properly, the numbers presented by McAfee are those attacks that fell through all of their nets – signatures, generic filters, and heuristics – at a rate of 6,000 per day.  I do not single out McAfee as I am quite certain that these numbers are representative  just how much is getting through the existing endpoint security defenses of all of the AV vendors, Symantec included.

When you point out a problem - such as the unstustainable nature of the reliance on signatures – publicly the way that Triumfant has done, you draw criticism along the lines of fear mongering or that the sky is falling.  But the McAfee and Symantec research numbers present an objective case and the language of the AV vendors in the press clearly support our position.   Half the problem for us was creating awareness that there was a problem and that it was sizable and growing rapidly. 

We do agree with Symantec in that the IT security market is in need of new thinking and a new approach to counter this growing threat, and we think Triumfant is that new thinking and approach.  Now that the numbers support the story and even the AV vendors are recognizing the problem, we invite you to take the next step and hear what Triumfant has to offer (today, not a future release) as the solution to this problem.  I am willing to go on the line and say that you will at a minimum find it interesting and enlightening and won’t feel like it was wasted time.   We think we have filled the detection gap in a way that is both powerful and elegant, and is already addressing the problem for real customers today. 

What do you have to lose except the exposure to what McAfee says is 6,000 new threats per day?