Evaluation of AV systems against modern malware

Countering the proliferation of malware has been for recent years one of the top priorities for governments, businesses, critical infrastructure, and end users. Despite the apparent evolvement of anti-virus (AV) systems, malicious authors have managed to create a sense of insecurity amongst computer users. Security controls do not appear to be sufficiently strong to stop malware proliferating. There seems to be a disconnect between public reports on AV tests and what people are experiencing on the daily basis. In this research, we are testing the efficiency of AV products and their ability to detect malicious files commonly known as malware. We manually generated payloads from five malware frameworks freely available to download and use. We use two modes of tests during our experiments. We manually installed a selection of AV systems in one first instance. We also use an online framework for testing malicious files. The findings in this study show that many antivirus systems were not able to achieve a higher score than 80% detection rate. Certain attack frameworks were much more successful in generating payloads that were not detectable by AV systems. We conclude that AV systems have their roles to play as they are the most common first line of defense, but more work is needed to successfully detect most malware the first day of their release.