In our strive for excellence we sometimes forget reality. I was reminded again that from a mathematical perspective it is impossible for a computer program to detect 100% of all viruses. This has been proven repeatedly by several people and a simple search on the halting problem will show this proof.
This does not mean we can not detect 100% of all known viruses and a percentage of unknown viruses. There is a distinct difference between all viruses and known viruses. All viruses means all viruses that has been written and will be written. Known viruses means all the viruses that has been proven to be viruses.
This obviously leads to the one of the more interesting problems in testing antivirus software: The known viruses for me is unlikely to be the known viruses for anybody else. What makes this even worse is the nature of the current threats. We are seeing more targeted attacks and more custom banking/phishing trojans and botnets that are localized for every attack and or geographical area. Some of these threats change by the minute and it may just be that I see the attack on minute 10 and somebody else sees it on minute 11 and we see two different threats.
The volumes of samples we receive in a day also makes it a nearly intractable problem to synchronize the threats between different vendors and testers. This also provides a hint to why a perfect solution to the virus naming problem is impossible.
This also means that anybody that says that they can detect or stop all viruses has either made an astounding breakthrough in the area of mathematics and has changed the landscape of software engineering in a really significant way, or don’t quite understand the problem.
But just because a problem is hard or unsolvable does not mean we should not try to solve it. Dealing with computer threats involve more than just an antivirus product. A comprehensive security suite provides a good set of tools to start protecting yourself, but to provide complete protection you also need education, policy and common sense. We can also decrease the risk with good response times and getting better at solving some of the hard, but solvable problems involved. There is hope, just no perfect technological solutions.