Winning the war on ransomware

Back in the ‘70s, the United States suffered a severe oil shortage.

Lines at the gas station filled city blocks. Thieves siphoned gasoline not to save money but time. In response, the federal government created a measurement, miles per gallon. Since then, MPG has become a factor in many car purchase decisions. Today, fuel efficiency has improved threefold, and we have hybrid and electric cars.

We are facing another crisis that threatens our way of life — ransomware. Cybercriminals hold hostage individual, public sector and enterprise data with remarkable ease and frequency. Although paying ransoms may solve a short-term problem, it almost guarantees that attacks will continue creating a larger threat to our digital society.

Ransomware commonly infects via a disguised email attachment. Unwitting users click, and at that point antivirus software should detect and block the ransomware. That’s the security hole — email — and that’s the measurement — detection rates.

Ransomware can be defeated if we consider detection rates when purchasing security software. As detection rates rise, ransomware payments will decline, and cybercriminal income will fall. As their income falls, they will have less to invest in more sophisticated attacks. As detection rates continue to rise, their income will fall to the point where alternative and legal vocations will become more attractive.

Sadly, many antivirus (AV) products do not participate in public detection rate testing. These companies complain that the tests are expensive and not realistic. This position hurts the public’s ability to view a comprehensive head-to-head AV detection rate test.

With that in mind, my company partnered with AV Comparatives from Innsbruck, Austria, to create an involuntary test, where no product would be aware when and how the test would be executed. The sample size of the test exceeded 5,000 viruses and with two separate ransomware sets. The test was comprehensive including 28 different AV products.

The highlight of the report is Microsoft Windows Defender’s surprisingly high detection rates. Microsoft has historically had a curious love-hate relationship with the antivirus community. They positioned Windows Defender and Security Essentials as a last-resort AV inferior to any and all other security. In the last three years, the gloves have come off, and Windows Defender is superior to many pay alternatives.

Microsoft is raising the bar on detection rates and that is good for the battle against ransomware and the entire Windows ecosystem. The message is clear. When purchasing AV, select products that have better detection rates than Windows Defender.

Microsoft’s sudden rise in detection rates demonstrates that the world of antivirus is not static. The cybercriminals are rapidly increasing in sophistication, and antivirus products are frankly struggling to adapt. Today’s studs can be tomorrow’s duds. A great antivirus must constantly and continuously evolve in order to stay current and remain great.

Detection rates bring much-needed objectivity into the purchase process of security software. Sadly, the purchase of security software is analogous to how consumers buy beer and toothpaste. A brand is chosen based on largely subjective attributes, and seldom is that choice reevaluated. In the battle against ransomware, one’s security solution should be constantly reevaluated in search of higher detection rates against the latest threats.

Unlike beer and toothpaste, automobiles are replaced every three to four years. This drives a cycle of innovation where cars improve in security features, technology and MPG. A similar cycle can begin with antivirus software and lead us to a world without ransomware. It all begins by considering detection rates when purchasing security software.