Why Less is More in Antivirus Protection

우연히 찾게 된 White paper..
적은 것이 훨씬 좋다는 이야기..

이 말도 맞는 것 같기도 하고..

Many of the antivirus products currently on the market claim that “there are nearly 60,000 known computer viruses infecting cyberspace today” and suggest that the sheer number of viruses, worms, Trojans and other threats covered by an antivirus product correlates directly with the level of protection it provides. However, as evidenced by the widely accepted practices of the industry’s most respected testing organizations, antivirus products are best evaluated based on their ability to detect a much smaller list comprised of several hundred viruses that are found “in the wild,” i.e., those that are actually determined to be spreading and infecting users’ systems. The other 59,000-plus “attacks” – labeled as “zoo” viruses by the antivirus industry – are the network security equivalent of dinosaurs: They’re interesting from an historical point of view but they’re simply not found in practice in today’s computer systems. Unfortunately for users, it’s easy to conclude that scanning for thousands of additional attacks must somehow provide better protection. But in fact the opposite is true: Scanning for zoo viruses reduces the effectiveness of antivirus products and exposes users to far bigger threats. This paper explains the facts regarding virus threats, traces the history of the WildList, and explains why the term “Less is More” provides the most appropriate benchmark for evaluating the effectiveness of antivirus products.

1297455140.pdf