Malware has been the scourge of IT users ever since the Morris worm infected the early Internet way back in 1988. Despite the enormous global investment over the intervening years in information security controls against malware (including security awareness!), it remains a significant security concern today.
Although antivirus software companies sometimes admit that they are fighting a losing battle, malware is generating so much income both for the VXers (malware authors) and their criminal masterminds, plus the antivirus software companies, that the arms race looks set to continue for the forseeable future. Both sides are constantly investing in new tricks and techniques, fuelling a thriving black market in zero-day exploits and novel malware.
Meanwhile, the rest of us are lumbered with paying for it in one way or another. Addressing the malware risk is more involved than simply throwing money at antivirus software: malware metrics are the key to understanding the balance of risk against control, investing wisely, and doing our level best to keep up with, if not stay one step ahead of the game in this dynamically evolving situation.