An M86 Security Labs study has reported that the web vulnerability gap is wider than expected and that users are insufficiently protected against dynamic web-based threats.

M86 Security has released details of an internal study titled "Closing the Vulnerability Window in Today's Web Environment”. Last month the firm said it tested more than 30,000 live malicious URL samples against the typical tools of third-party URL lists and anti-virus scanners.

The conclusion of the study is that static signatures or URL filtering technologies alone, or together, are unable to protect end-users from contemporary threats like zero-day attacks, malicious code served from legitimate sites and run-time created malware.

"Even though URL Filters now check for more than 22 million malware signatures, seven times the number in 2004, websites are still no safer as malware and Web 2.0 threats increase at least as quickly," said Bradley Anstis, VP Technical Strategy, M86 Security.

He continued, "In comparison, we found that our real-time code analysis capability achieved a 100% success rate in capturing and blocking all the tested URLs without the need for updates. To counter the specific cases that we analysed in this report, and to ensure maximum efficiency, we believe a three-pronged approach of combining URL filtering, anti-virus scanning and real-time code analysis should be best practice."