Security experts have criticised a report from Cambridge University that claimed too much money is being spent on antivirus software.

The report said money would be better spent on apprehending cyber criminals, as currently the cost of protection far exceeds the cost of the threat itself.

However, Rik Ferguson of antivirus firm Trend Micro told CBR that while the full report has not yet been released, the conclusion stated so far seems, "a bit facile."

"Yes, governments absolutely need to devote more time and money to catching the criminals behind online activity," he added. "However, not only is attribution in the cyber world complex almost to the point of impossibility at times, but so is successful prosecution. A successful legal campaign against cybercriminals most often involves close co-operation between the law enforcement and judicial communities of several very different countries."

"So while money spent on policing and securing the internet is money well spent, there is no way to guarantee its effectiveness. Criminals will always search for the least punitive or least policed jurisdiction," Ferguson added.

Ferguson added that the suggestion that spending money on antivirus technology is somehow a waste and funds should be focused elsewhere is not good advice.

"Even where policing is traditionally uncomplicated, such as physical theft, we do not advise people to stop fitting locks to their windows and doors or alarms and immobilisers," he told CBR. "In fact the presence of those same security mechanisms serves to lower their insurance premiums precisely because they demonstrate a reduction of risk."

Meanwhile Graham Cluley of Sophos explained to CBR his concerns about the report’s findings.

"It’s not a case of one or the other," he told us. "Everyone agrees that we should defend our computers with security software. And we all want to see the computer cops properly funded to pursue the bad guys too. But it’s a mistake to think that the money comes from the same pot, or that if you invest in one you can’t, or shouldn’t, also invest in the other."

"I’d certainly love to see the authorities given greater funding to hunt down cybercriminals, but at the same time I’m very aware that such investigations are complex and can take many years. I suspect that the vast majority of computer users would like to protect their PCs at the same time," Cluley added.