In the world of antivirus software, there are competing entities all over the world working around the clock to find and defend against intrusions. Databases and bulletin boards contain terabytes of information about viruses stretching all the way back to the very earliest variants.
Because of this vast history of archived information, there is an assumption that every antivirus vendor is using the same base of information and all antivirus solutions yield the same results.
In fact, while antivirus makers may share information in industry forums and even with hackers in conferences such as Black Hat, that information gets used in very different ways at the vendor level. This is because each security architecture is different, and many were created to satisfy entirely different requirements. For example, some companies concentrate on providing gateway solutions, while others may build IPS or endpoint products or even off-line sandboxes.
Adding to this scenario the additional complexity of zero day advanced malware, it is easy to see that vendor solutions can take unique turns.
What does this mean for advanced malware?
For one thing, it means that a point solution will have only limited value. If the malware is designed to target an end point, it can be constructed to easily bypass an IPS product.
In addition, it means that every vendor must find and create solutions for advanced malware independently.
This is important because not all antivirus companies will have the resources to do this. The more sophisticated the malware, the harder it becomes to stay in the game.