I don't understand how even having a 20% detection rate isn't better than 0%. Am I missing something? Are there a lot of viruses popping over the net that even the 20% detection is already too late?
Given the cost in equipment purchases, user annoyance, lost productivity and purchasing the software itself it strikes me that you need much higher success rates to be worth all that.
The 20% figure that was "once read" about is pure fiction. Any up to date test figures reveal something closer to 99.8% of a 3 million sample testbase for the better AVs.
It's all a bit moot though as before this happened, McAfee was probably worse than anything a PC can get infected with. Now it's gone and proved it beyond any doubt.
The 99.8% includes a known test set for historic viruses from the 80s and 90s. The stuff you really care about are the new things that sweep the web (Blaster, Slammer, Code Red, etc.). AV is inherently reactive, and that .2% you miss is likely the latest stuff.
Old (meaning a year or two) viruses are still around, and can still do a lot of damage. A large part of the reason they don't is because people run virus scanners that catch them, and stop them from spreading.
Think of it in another way, at any point in time you have x number of virus that you are likely to come across through whatever means. If all those viruses are in the 0.2%, then the catch rate isn't going to be 99.8% it's going to be 0%.
So being able to catch 99.8% of 3 millions viruses when new ones are released all the time is a pointless comparison for efficiency.
