About Me

Toralv Dirro

Toralv Dirro

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

The End of Exponential Malware Growth?

Tuesday, July 1, 2008 at 11:01am by Toralv Dirro
Toralv Dirro

While reading my colleague François Paget’s recent blog about detection numbers, I noticed that something about the graph illustrating the growth of the collection maintained by AV-Test.org seemed a bit odd.

AV-Test.org total collection size by unique samples

The last few months showed a bigger total size than indicated by the forecast line, which is an exponential function. By looking more closely at the statistics of monthly growth we can see why:

AV-Test.org collection monthly growth rate by unique samples

During the last couple of months there is no longer an increase in the number of new samples added. The growth is no longer exponential but linear, averaging around 600,000 samples added each month. Looking at our own numbers of new samples, I can confirm this new linear growth.

Why is this a big deal? For years the security industry has been fighting an uphill battle–with the number of new samples increasing every month at an alarming rate. Now with constant, though still massive, growth there is some light at the end of the tunnel. If this trend keeps up, planning for future resources and technologies will become much easier and more manageable.

I’ll add one more remark about counting by “unique samples,” in which unique means the file has got a cryptographic hash different from all other files in the collection: For the time being this is one useful way of counting, but it can’t be mapped to detection numbers (François explained why) and it works today only because most new samples are Trojans. Should we see more file-infecting viruses in the future, and there are some indications they will make a comeback, this way of counting will quickly become useless.

Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (2)

  • Toralv Dirro July 11, 2008 6:05AM

    Joseph,

    as far as I know the data has not been published to the general public directly, they may have used it in articles published elsewhere, though.

    I’d suggest you contact them directly if you’re interested in more detailed numbers.

    Reply
  • Joseph July 9, 2008 5:58PM

    Thanks for the insight.

    Is the source for the data shown here publicly available? I was not able to find it on the av-test.org website.

    (Please feel free to respond via email.)

    Reply