Taken from PC World Magazine, September 2010 Edition

New research further confirms that difficulties security vendors are having in keeping up with malware.

Security software can take an average of two days to block an attack Website, says a report from NSS Labs.  The firm developed a test that mimics how people browse the Web, and recorded how and when security suites blocked the threats – if they did so at all.  The latest test ran for 24 hours a day for nine days.

Some security vendors employ reputation systems, which usually involves checking a database of blacklisted sites.  But such systems are not widely used and are immature, according to NSS Labs.  Overall, vendors took an average of 45.8 hours to block a site, if the blocked it at all, the report states.

If a suite did not block a bad site the first time, NSS Labs continued to test every 8 hours to see how long the vendor took to add protection; times ranged from 4.62 hours to 92.48 hours.  The researchers also had a “sero hour” criterion, in which the test checked whether the software stopped newly found malware sites, and the results weren’t great: The best vendor blocked new sites only 60.6 percent of the time.