Part of the problem is that antivirus products are inherently reactive. Just as medical researchers have to study a virus before they can create a vaccine, antivirus makers must capture a computer virus, take it apart and identify its “signature” — unique signs in its code — before they can write a program that removes it.

That process can take as little as a few hours or as long as several years. In May, researchers at Kaspersky Lab discovered Flame, a complex piece of malware that had been stealing data from computers for an estimated five years.

Mikko H. Hypponen, chief researcher at F-Secure, called Flame “a spectacular failure” for the antivirus industry. “We really should have been able to do better,” he wrote in an essay for Wired.com after Flame’s discovery. “But we didn’t. We were out of our league in our own game.”

Symantec and McAfee, which built their businesses on antivirus products, have begun to acknowledge their limitations and to try new approaches. The word “antivirus” does not appear once on their home pages. Symantec rebranded its popular antivirus packages: its consumer product is now called Norton Internet Security, and its corporate offering is now Symantec Endpoint Protection.

“Nobody is saying antivirus is enough,” said Kevin Haley, Symantec’s director of security response. Mr. Haley said Symantec’s antivirus products included a handful of new technologies, like behavior-based blocking, which looks at some 30 characteristics of a file, including when it was created and where else it has been installed, before allowing it to run. “In over two-thirds of cases, malware is detected by one of these other technologies,” he said.

Imperva, which sponsored the antivirus study, has a horse in this race. Its Web application and data security software are part of a wave of products that look at security in a new way. Instead of simply blocking what is bad, as antivirus programs and perimeter firewalls are designed to do, Imperva monitors access to servers, databases and files for suspicious activity.