Sign in with
Sign up | Sign in

Value of Traditional Antivirus Software Questioned

By - Source: NY Times | B 30 comments

It has taken us some time to learn that no PC, and now no smartphone and tablet, is complete without reasonable anti-malware equipment.

But now it seems there is reason to believe that the average antivirus and security software package may not be capable of doing what it is supposed to do and new solutions are necessary to promise better protection from emerging threats.

An article published by the New York Times suggests that the "antivirus industry has a dirty little secret", namely that "its products are often not very good at stopping viruses." That blanket statement could, of course be debatable, especially when we are referring to "viruses". However, there is little doubt that malware creators usually have the advantage in a cat and mouse game, in which the mouse has been evading the cat from the very beginning of viruses (which can be traced back to 1971 and the first computer virus - Creeper, deployed to Arpanet).

The NYT article discusses an ongoing trend of a change in the antivirus and malware industry, which intends to shorten the reaction time of virus detection and removal time frames. Specifically, software developed by startups focuses on examining known and unknown code behavior on a network and allowing only known behavior to pass certain gates. Even if malicious code makes its way into network and client territory, behavioral analysis may be able to react faster and initiate malicious code removal faster than current signature-based anti-malware solutions, which often require days, weeks or even months to come up with an effective removal solution.

Of course, one of the more prominent failures of the security software industry were Flame and Stuxnet, tow high-profile viruses for espionage and industrial equipment destruction purposes, which eluded detection for several years. There are even reports that espionage viruses similar to Flame are in operation that have yet to be detected. F-Secure's Mikko Hypponen wrote in an article for Wired that Flame was "a spectacular failure for [his] company, and for the antivirus industry in general."

The solution? The malware problem is getting more complex and the security software industry will have to provide a more "comprehensive" solution to address evolving threats.

 

Contact Us for News Tips, Corrections and Feedback

Display 30 Comments.
This thread is closed for comments
Top Comments
  • 24 Hide
    reprotected , January 7, 2013 12:07 AM
    One of the most mind-opening articles I have read. Amazing storyline, likable characters, and no plotholes. 10/10
Other Comments
  • 24 Hide
    reprotected , January 7, 2013 12:07 AM
    One of the most mind-opening articles I have read. Amazing storyline, likable characters, and no plotholes. 10/10
  • 0 Hide
    joytech22 , January 7, 2013 12:12 AM
    Malware creators will always be one step ahead, they are the guys who design the things to get around what's protecting their target.

    Hell, even I made a decompression bomb with a self-extracting 7zip package packaged with 26tb of stuff (Compressed to 15kb) and just set it to -s so there was no main window. (I didn't send it out or anything, I'm just experimenting for personal fun)

    Technically that isn't a virus but it's equally as devastating to system performance.


    Back on topic, Antivirus software like Avast (which has live streaming of cloud updates) is pretty good as long as the team behind developing the protective detection method is fast at finding samples to detect against.
  • 8 Hide
    DRosencraft , January 7, 2013 12:24 AM
    Bad guys always have the advantage in that they are inherently better able to react proactively than good guys. A virus or malware maker only has to find a little hole to worm their way through. To protect yourself you have to be right every time. As has come up countless times in the comment sections of these types of stories, it's not enough to just say "stay away from bad websites". Malware and virus makers are smarter than that. The sophisticated ones find means of infecting legitimate websites. They find clever means of executing in banner adds or on the launch of a website. Virus protection should always be about both being smart and being safe. Don't click on every link you see, don't open stupid junk mail, and get a decent, basic, virus program to help you against the stuff that you might otherwise miss. These virus companies definitely, definitely, need to step up their game and do a better job of getting ahead of the curve whenever they can.
  • 0 Hide
    JamesSneed , January 7, 2013 12:37 AM
    If nobody is good at it, then might as well use a free Antivirus at least then if your not one of the first to be hit you will still be protected later, for free.
  • -4 Hide
    Anonymous , January 7, 2013 12:42 AM
    Thank you for acknowledging the obvious. In both my long, illustrious IT career and person life, every virus-ridden Windows PC I've ever encountered did in fact have antivirus installed. Antivirus are mostly there to give you false positives, so you can feel like they did something.

    What i have yet to see in over a decade is an infected Linux machine of any kind, and those almost never have antivirus. (and no, willfully installing onto an Android phone a wallpaper app that requests the ability to send email, and then the starts sending spam is not a virus, that's user stupidity). Although I'm told it's theoretically possible and these viruses might maybe exist in the wild somewhere, LMFAO.
  • 8 Hide
    RealBeast , January 7, 2013 12:53 AM
    Wow, what a revelation, anti-virus software can't fully protect careless users that frequent sleazy sites. Who would have thought?
  • 5 Hide
    vmem , January 7, 2013 12:54 AM
    people just need to learn how to use computers and the internet, and accept the fact that there isn't, and will never be, a perfect anti-virus/malware team/program. the attackers have an intrinsic advantage in that they only need to find ONE loophole in your defense, where-as the defenders gotta plug all the holes.

    An anti-virus can be good, with a good team, it can catch new stuff quickly and prevent it from spreading too far, but there's no way to stop that initial wave of infected computers.
  • 4 Hide
    A Bad Day , January 7, 2013 12:54 AM
    drosencraftAs has come up countless times in the comment sections of these types of stories, it's not enough to just say "stay away from bad websites". Malware and virus makers are smarter than that. The sophisticated ones find means of infecting legitimate websites. They find clever means of executing in banner adds or on the launch of a website. Virus protection should always be about both being smart and being safe. Don't click on every link you see, don't open stupid junk mail, and get a decent, basic, virus program to help you against the stuff that you might otherwise miss. These virus companies definitely, definitely, need to step up their game and do a better job of getting ahead of the curve whenever they can.


    If I recall, NY times website had an advertisement that was infected with a drive-by-download malware months ago. And I've seen school websites that were hacked and injected with java exploits.
  • -3 Hide
    RealBeast , January 7, 2013 12:56 AM
    Wow, what a revelation that careless users frequenting sleazy sites are not fully protected by their anti-virus and malware software. Who would have known?

    I guess if they don't work anyway, that's a very good reason to use the free versions.
  • 9 Hide
    vmem , January 7, 2013 12:57 AM
    i wrote teh herpes virusWhat i have yet to see in over a decade is an infected Linux machine of any kind, and those almost never have antivirus. (and no, willfully installing onto an Android phone a wallpaper app that requests the ability to send email, and then the starts sending spam is not a virus, that's user stupidity). Although I'm told it's theoretically possible and these viruses might maybe exist in the wild somewhere, LMFAO.


    you realize that the only reason that there are few linux viruses is because it's not worth a hacker's time to write on? it's much more profitable to infect say windows 7 or now any popular mac OS
  • 6 Hide
    A Bad Day , January 7, 2013 12:57 AM
    i wrote teh herpes virusThank you for acknowledging the obvious. In both my long, illustrious IT career and person life, every virus-ridden Windows PC I've ever encountered did in fact have antivirus installed. Antivirus are mostly there to give you false positives, so you can feel like they did something.

    What i have yet to see in over a decade is an infected Linux machine of any kind, and those almost never have antivirus. (and no, willfully installing onto an Android phone a wallpaper app that requests the ability to send email, and then the starts sending spam is not a virus, that's user stupidity). Although I'm told it's theoretically possible and these viruses might maybe exist in the wild somewhere, LMFAO.


    Linux's market share: Too small for hackers to waste their time on.

    Average Linux user: On avg more computer literate because it's easier for the general public to purchase a Windows/Mac computer than a Linux computer.

    And there's been malware appliances that bypassed all of the security/privacy settings and did whatever they wish on your phone without letting you know.
  • -5 Hide
    memadmax , January 7, 2013 2:05 AM
    Who's the idiot that takes a NEW YORK TIMES article and praises it as IT GOSPEL???????

    His name is at the top of this article >_>
  • 4 Hide
    blppt , January 7, 2013 3:24 AM
    Quote:
    Linux's market share: Too small for hackers to waste their time on.


    Not only that, but from what I've read, certain hackers are reluctant to target Unix/Unix-like systems for some reason, like it is an act of betrayal or something. So, you take the relatively small target, add it to these reluctant hackers, and you now have an extremely small group of people who would even consider going after Linux. Then, you have to wonder if any of these small groups have the skill needed to attack a Linux exploit.
  • 0 Hide
    john15v19 , January 7, 2013 4:45 AM
    Quote:
    One of the most mind-opening articles I have read. Amazing storyline, likable characters, and no plotholes. 10/10


    +1 Agreed...
  • 1 Hide
    Marcus52 , January 7, 2013 5:42 AM
    I agree, Wolfgang's little article here is refreshingly like news instead of the author's opinion. Well done!

    I have long thought of the typical good antivirus programs we use as filters that stop the most common infections; I don't think they should be seen as more than that. Real security requires real work, not just an addon program, but an in-house effort to keep the smart guys at bay.

    Of course, one of the best anti-malware things you can do is only allow programs to run on your computer that YOU started. Unfortunately, many people can't be bothered with a couple of extra mouse clicks, and turn off things like Window's UAC. Doing that is like saying "Sure, come into my house and do whatever you like, it's all good by me! Take my TV screen, my fridge, anything you want!"

    The worst program offenders though aren't anti-malware programs that let things in, it's browsers designed specifically to allow people to run programs on your computer without you even knowing. While they have been improved in protecting us to some degree, their very nature means that hackers/crackers have an invitation they shouldn't have.

  • -3 Hide
    DSpider , January 7, 2013 5:56 AM
    Atta go, Tom's! Spread that FUD. Spread it like Nutella!
  • 0 Hide
    ojas , January 7, 2013 9:53 AM
    Quote:
    It has taken us some time to learn that no PC, and now no smartphone and tablet, is complete without reasonable anti-malware equipment.

    Not us, just the Apple fan-people.
  • 1 Hide
    1965ohio , January 7, 2013 10:19 AM
    Many new anti-Malware software providers are responsible for most Malware and viruses to begin with. It is their way to make you fear that your current provider sucks and you should buy their product or multiple products in an attempt to feel safer. Most users don't realize that the safest way to use their computer is to not do anything questionable in the first place. Don't go to suspicious websites, don't look at porn all day, and don't open any email unless you definitely know the sender. I've occasionally used Norton and Avast and never found any real threats before. I've only had 2 viruses and 1 worm in 10 years. Since I usually reformat my PC and reinstall Windows every year, and use the web responsibly, I don't see the need for all this anti-Malware nonsense that usually is, in itself, Malware.
  • 0 Hide
    tanjali , January 7, 2013 10:51 AM
    How about not learning about safety from viruses and malwares but identify and jail the makers like common criminals they are.
  • 0 Hide
    Anonymous , January 7, 2013 11:46 AM
    I see the Microsoft PR brigade is out in full swing.

    Linux doesn't have enough marketshare for hackers to care? So having practically every web server isn't enough for them to care? So the Akamai servers all running Linux that the microsoft.com Windows servers hide behind aren't a big enough target? So every single google.com, facebook.com and twitter.com server running Linux isn't a big enough target?

    Since Linux powers virtually every internet facing server on the planet, rest assured that it's a plenty big enough target. If it were possible to hack it, people would already be doing so. An internet that works and is secure, courtesy of Linux. You're welcome, you ungrateful simpletons.
Display more comments