Value of Traditional Antivirus Software Questioned

News
By Wolfgang Gruener
published

It has taken us some time to learn that no PC, and now no smartphone and tablet, is complete without reasonable anti-malware equipment.

But now it seems there is reason to believe that the average antivirus and security software package may not be capable of doing what it is supposed to do and new solutions are necessary to promise better protection from emerging threats.

An article published by the New York Times suggests that the "antivirus industry has a dirty little secret", namely that "its products are often not very good at stopping viruses." That blanket statement could, of course be debatable, especially when we are referring to "viruses". However, there is little doubt that malware creators usually have the advantage in a cat and mouse game, in which the mouse has been evading the cat from the very beginning of viruses (which can be traced back to 1971 and the first computer virus - Creeper, deployed to Arpanet).

The NYT article discusses an ongoing trend of a change in the antivirus and malware industry, which intends to shorten the reaction time of virus detection and removal time frames. Specifically, software developed by startups focuses on examining known and unknown code behavior on a network and allowing only known behavior to pass certain gates. Even if malicious code makes its way into network and client territory, behavioral analysis may be able to react faster and initiate malicious code removal faster than current signature-based anti-malware solutions, which often require days, weeks or even months to come up with an effective removal solution.

Of course, one of the more prominent failures of the security software industry were Flame and Stuxnet, tow high-profile viruses for espionage and industrial equipment destruction purposes, which eluded detection for several years. There are even reports that espionage viruses similar to Flame are in operation that have yet to be detected. F-Secure's Mikko Hypponen wrote in an article for Wired that Flame was "a spectacular failure for [his] company, and for the antivirus industry in general."

The solution? The malware problem is getting more complex and the security software industry will have to provide a more "comprehensive" solution to address evolving threats.

Contact Us for News Tips, Corrections and Feedback

Wolfgang Gruener
30 Comments Comment from the forums
  • reprotected
    One of the most mind-opening articles I have read. Amazing storyline, likable characters, and no plotholes. 10/10
    Reply
  • joytech22
    Malware creators will always be one step ahead, they are the guys who design the things to get around what's protecting their target.

    Hell, even I made a decompression bomb with a self-extracting 7zip package packaged with 26tb of stuff (Compressed to 15kb) and just set it to -s so there was no main window. (I didn't send it out or anything, I'm just experimenting for personal fun)

    Technically that isn't a virus but it's equally as devastating to system performance.


    Back on topic, Antivirus software like Avast (which has live streaming of cloud updates) is pretty good as long as the team behind developing the protective detection method is fast at finding samples to detect against.
    Reply
  • DRosencraft
    Bad guys always have the advantage in that they are inherently better able to react proactively than good guys. A virus or malware maker only has to find a little hole to worm their way through. To protect yourself you have to be right every time. As has come up countless times in the comment sections of these types of stories, it's not enough to just say "stay away from bad websites". Malware and virus makers are smarter than that. The sophisticated ones find means of infecting legitimate websites. They find clever means of executing in banner adds or on the launch of a website. Virus protection should always be about both being smart and being safe. Don't click on every link you see, don't open stupid junk mail, and get a decent, basic, virus program to help you against the stuff that you might otherwise miss. These virus companies definitely, definitely, need to step up their game and do a better job of getting ahead of the curve whenever they can.
    Reply
  • JamesSneed
    If nobody is good at it, then might as well use a free Antivirus at least then if your not one of the first to be hit you will still be protected later, for free.
    Reply
  • Thank you for acknowledging the obvious. In both my long, illustrious IT career and person life, every virus-ridden Windows PC I've ever encountered did in fact have antivirus installed. Antivirus are mostly there to give you false positives, so you can feel like they did something.

    What i have yet to see in over a decade is an infected Linux machine of any kind, and those almost never have antivirus. (and no, willfully installing onto an Android phone a wallpaper app that requests the ability to send email, and then the starts sending spam is not a virus, that's user stupidity). Although I'm told it's theoretically possible and these viruses might maybe exist in the wild somewhere, LMFAO.
    Reply
  • RealBeast
    Wow, what a revelation, anti-virus software can't fully protect careless users that frequent sleazy sites. Who would have thought?
    Reply
  • vmem
    people just need to learn how to use computers and the internet, and accept the fact that there isn't, and will never be, a perfect anti-virus/malware team/program. the attackers have an intrinsic advantage in that they only need to find ONE loophole in your defense, where-as the defenders gotta plug all the holes.

    An anti-virus can be good, with a good team, it can catch new stuff quickly and prevent it from spreading too far, but there's no way to stop that initial wave of infected computers.
    Reply
  • A Bad Day
    drosencraftAs has come up countless times in the comment sections of these types of stories, it's not enough to just say "stay away from bad websites". Malware and virus makers are smarter than that. The sophisticated ones find means of infecting legitimate websites. They find clever means of executing in banner adds or on the launch of a website. Virus protection should always be about both being smart and being safe. Don't click on every link you see, don't open stupid junk mail, and get a decent, basic, virus program to help you against the stuff that you might otherwise miss. These virus companies definitely, definitely, need to step up their game and do a better job of getting ahead of the curve whenever they can.
    If I recall, NY times website had an advertisement that was infected with a drive-by-download malware months ago. And I've seen school websites that were hacked and injected with java exploits.
    Reply
  • RealBeast
    Wow, what a revelation that careless users frequenting sleazy sites are not fully protected by their anti-virus and malware software. Who would have known?

    I guess if they don't work anyway, that's a very good reason to use the free versions.
    Reply
  • vmem
    i wrote teh herpes virusWhat i have yet to see in over a decade is an infected Linux machine of any kind, and those almost never have antivirus. (and no, willfully installing onto an Android phone a wallpaper app that requests the ability to send email, and then the starts sending spam is not a virus, that's user stupidity). Although I'm told it's theoretically possible and these viruses might maybe exist in the wild somewhere, LMFAO.
    you realize that the only reason that there are few linux viruses is because it's not worth a hacker's time to write on? it's much more profitable to infect say windows 7 or now any popular mac OS
    Reply