Is Antivirus Software Now Dead?

Uploaded on 2016-12-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The debate about whether antivirus software is still useful has been going on for a few years now. This technology was once the mainstay of the security efforts for most businesses and home users. The challenge of late is the ability of these products and their providers to keep up with the rapidly changing threat landscape. 

The team at the Defensive Security Podcast have pointed out, this debate was renewed once again by Darren Bilby speaking at Kiwicon, who said, "We need to stop investing in those things we have shown do not work." He stated his position even more succinctly when he said: "No more magic."

Antivirus technology is probably older than most think, having been created in an early form in 1987 by developers who would curiously also go on to produce a virus authoring kit (perhaps renewing the old humorous urban legend about antivirus companies producing viruses to keep themselves in business).

While the technology has improved over the years, its basic approach has always remained the same. It looks at incoming data from downloads, removable media and other sources for patterns of characters, called signatures, which are known to indicate a malicious file. When identified, any such files are quarantined to prevent compromise of the system. The database of known signatures is updated frequently to account for new signatures. 

For many years, this antivirus approach was effective in preventing the compromise of many endpoints. The math was simple, antivirus companies could identify a new malware entity, and get their signatures updated more quickly than the typical malware could make it across the internet. 

Unfortunately, two major factors have greatly diminished the effectiveness of antivirus technology. 

First, malware can traverse the internet at a rate nobody ever imagined was possible. Today, a new virus can become widespread on the internet before the antivirus vendors even know it exists. 

Second, virus authors have learned to produce variants, which are version of their illicit programs that function the same way, but have deliberate changes in their signature to evade antivirus programs. Because much of our malware is now distributed in kit form, even a novice can produce a malware variant and get it out on the internet very quickly. 

While the value of antivirus software has been diminishing for some time, it was arguably pushed over the edge by ransomware, which, by some recent estimates, evades 100% of antivirus systems, owing its success to the rapid succession of new variants. 

So, is traditional antivirus software dead? Microsoft for one does not seem to think so. While many vendors could be accused (rightly or otherwise) of supporting this technology (effective or not) to continue reaping revenue from it, Microsoft gives the technology away in the form of Windows Defender, and continues to enhance and upgrade its product. Many other vendors have been incorporating behavioral analysis and other techniques into their products to enhance them. 

One of the best arguments for antivirus software is the fact that many infections come from old malware. Once a malware package hits the internet, there is no good way to completely remove it. The same malware, unaided by its author, can continue to show up for years. 

Given all of the facts, I continue to believe that antivirus software, despite its limitations, has a place in our defensive strategy -- but just as part of that strategy. Other players should include: 

Whitelisting: Somewhat the reverse of the antivirus signature approach. This technology only allows known good programs to run, and prevents the execution of anything else. This approach can be a challenge to manage, but offers greatly increased endpoint protection. 

Sandboxing or containerisation: This approach causes attachments or links, which usually carry the malware's payload, to be opened in an isolated virtual environment on a PC, containing any damage to the PC. 

Behavioral analysis: This approach looks at the patterns of behavior of malware, rather than the signatures. For example, since ransomware will quickly begin to encrypt files, behavioral analysis can recognize that an abnormal number of files are changing in a short time, and shut down the related process. 

Privilege restriction: In order to install itself on an endpoint, a malware program runs on an endpoint where the user has the privilege to install programs. If most end users are denied the privilege to install programs themselves, most malware will not run. 

Remote detonation: This is a similar approach to sandboxing, except that the attachment is opened on an isolated remote system, containing any damage before it reaches the user endpoint. 

Bottom line: Even as promising new technologies for malware detection and prevention hit the market, bad actors are working hard to find ways around them. As such, we must continue with an arsenal of tools, including antivirus, to have the best chance to beat the hackers.

ComputerWorld:       Common Cyber Threats You Need To Be Aware Of (£):
 

 

« Malicious Ads Expose Millions To Hacking
The Snowden Films - Spirit of the Whistleblower »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

HackRead

HackRead

HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends.

DCL Search & Select

DCL Search & Select

DCL Search & Selection connect candidates to the best companies in the IT Security, Telco, UC, Outsourcing, ERP, Audit & Control markets.

Information Security Group (ISG) - Royal Holloway

Information Security Group (ISG) - Royal Holloway

The Information Security Group, Royal Holloway, University of London, is an Academic Centres of Excellence in Cyber Security Research.

Keyfactor

Keyfactor

Keyfactor is a leader in cloud-first PKI as-a-Service and crypto-agility solutions. Our Crypto-Agility Platform seamlessly orchestrates every key and certificate across the enterprise.

Gospel Technology

Gospel Technology

Gospel presents a totally new way of accessing and controlling data which is enterprise grade scalable, highly resilient, and secure.

Hardenite

Hardenite

Hardenite solution helps R&D, DevOps and IT teams to continuously manage security risks and hardening efforts of any Linux OS – based product, throughout the product life cycle.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Rogers Cybersecure Catalyst

Rogers Cybersecure Catalyst

Rogers Cybersecure Catalyst helps Canadians and Canadian companies seize the opportunities and tackle the challenges of cybersecurity.

Datacentrix

Datacentrix

Datacentrix provides end-to-end cybersecurity services for the operational technology (OT) and IT environments to monitor, assess and defend our customers' information assets.

Kontron

Kontron

Kontron offers a combined portfolio of secure hardware, middleware and services for Internet of Things (IoT) and Industry 4.0 applications.

US Coast Guard Cyber Command

US Coast Guard Cyber Command

US Coast Guard Cyber Command’s focus is to ensure the security of our cyberspace, maintain superiority over our adversaries,and safeguard our Nation’s critical maritime infrastructure.

Yogosha

Yogosha

Yogosha is a crowdsourced cybersecurity platform enabling a win-win collaboration with the most talented hackers to detect and fix vulnerabilities on your most critical systems.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

BTQ Technologies

BTQ Technologies

BTQ is a global quantum technology company focused on securing mission critical networks.

Seers

Seers

Seers is the world’s leading privacy & consent management platform for companies worldwide. Trusted by over 50,000+ businesses.

Transcendental Technologies

Transcendental Technologies

Transcendental is a consulting organization which specializes in customized assurance services in the fields of Localization, Mobile Software Solutions, Web Design, Cyber Security & Cyber Forensics.