Value of Traditional Antivirus Software Questioned
It has taken us some time to learn that no PC, and now no smartphone and tablet, is complete without reasonable anti-malware equipment.
But now it seems there is reason to believe that the average antivirus and security software package may not be capable of doing what it is supposed to do and new solutions are necessary to promise better protection from emerging threats.
An article published by the New York Times suggests that the "antivirus industry has a dirty little secret", namely that "its products are often not very good at stopping viruses." That blanket statement could, of course be debatable, especially when we are referring to "viruses". However, there is little doubt that malware creators usually have the advantage in a cat and mouse game, in which the mouse has been evading the cat from the very beginning of viruses (which can be traced back to 1971 and the first computer virus - Creeper, deployed to Arpanet).
The NYT article discusses an ongoing trend of a change in the antivirus and malware industry, which intends to shorten the reaction time of virus detection and removal time frames. Specifically, software developed by startups focuses on examining known and unknown code behavior on a network and allowing only known behavior to pass certain gates. Even if malicious code makes its way into network and client territory, behavioral analysis may be able to react faster and initiate malicious code removal faster than current signature-based anti-malware solutions, which often require days, weeks or even months to come up with an effective removal solution.
Of course, one of the more prominent failures of the security software industry were Flame and Stuxnet, tow high-profile viruses for espionage and industrial equipment destruction purposes, which eluded detection for several years. There are even reports that espionage viruses similar to Flame are in operation that have yet to be detected. F-Secure's Mikko Hypponen wrote in an article for Wired that Flame was "a spectacular failure for [his] company, and for the antivirus industry in general."
The solution? The malware problem is getting more complex and the security software industry will have to provide a more "comprehensive" solution to address evolving threats.