Is antivirus really dead?


By Peter Stelzhammer, AV-Comparatives
Tuesday, 03 June, 2014


Is antivirus really dead?

In an interview with the Wall Street Journal on 4 May 2014, the senior vice-president of Symantec claimed that antivirus technology is “dead”. He continued, “We no longer regard antivirus as a money-maker.”

In his opinion, current tactics have no future, and new technologies, which the company is developing, are necessary.

What does Dye’s statement mean for computer users? Can Windows users all uninstall their security programs and feel safe online?

Or should the proclamation be taken as seriously as the statement by Bill Gates in 2004 that spam would disappear within two years? Ten years later, AV-Comparatives’ honeypots alone collect over 2 million spam mails and 300,000 malware samples every day.

Did he really mean antivirus is dead? Surely he means signature-based detection?

The truth is that ‘antivirus software’ today means sophisticated security programs in which the traditional signature-based detection works alongside new technologies such as heuristics, sandboxing, cloud analysis, whitelisting, URL blockers and phishing protection.

Dye’s statement clearly refers only to the old signature-based detection mechanism. Traditional antivirus software, which only recognises threats by comparing them with a blacklist, is indeed obsolete, and has more or less ceased to exist. This has been the case for some years, so Symantec has not really said anything new.

Are car seatbelts senseless?

In modern cars, traditional security features such as seatbelts are being supplemented with modern technologies such as automatic braking systems, night-vision devices and lane-departure warning systems.

The seatbelt is still just as useful as ever, and the new features complement it rather than replace it. Using all the features together provides the highest possible level of safety (even if absolute protection cannot be achieved).

The same principle applies to internet security software. Using a combination of all the relevant technologies provides the highest possible level of security. Making security software without signature-based detection would be like making a car without a seatbelt, and of course nobody would suggest doing that.

Philipp Wolf, vice-president protection labs at Avira, says: “As an antivirus company, we have developed along with the threats, and constantly update our technologies and toolsets.” He claims that traditional antivirus software has already died out, and that suites with multiple protection technologies are almost always used today.

A similar view comes from Eugene Kaspersky, CEO and chairman of Kaspersky Lab: “I’ve heard antiviruses being declared dead and buried quite a few times over the years, but they’re still here with us - alive and kicking,” he said. “I fully agree that single-layer, signature-based virus scanning is nowhere near a sufficient degree of protection - not for individuals, not for organisations large or small; however, that’s been the case for many years.”

There is no miracle cure to protect against malware and polymorphic attacks. Cybercriminals are constantly developing new malware and new methods of attack. By means of social engineering, they can persuade people to open attachments they shouldn’t open or click on links they shouldn’t click on; this has proved to be a very successful tactic.

“Symantec’s statement seems to relate to the enterprise, and not the consumer and small business,” says Avast CEO Vince Steckler. “Enterprises have traditionally relied on many layers of defence, and antivirus is one of those layers.

“Antivirus though is a broad-spectrum defence and as such is often complemented by other products, such as those protecting against targeted attacks that enterprises worry about,” Steckler says. “In the consumer and SMB space, the situation is quite different: customers typically do not have multiple layers of protection. They have one, their AV product. These products though are not the simple AV products of past years.”

The comparison with car security may seem clumsy to some people, but there is sense in it. Would you buy a car without a seatbelt? You would be laughed at if you suggested to a car dealer that you can do without the seatbelt because the car has an airbag.

I wouldn’t hesitate to choose a car with a seatbelt over one without, and this is exactly the attitude to take with security software and signature-based detection.

Picture: Dieter Schütz/pixelio.de

Related Articles

Strategies for navigating Java vulnerabilities

Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...

Not all cyber risk is created equal

The key to mitigating cyber exposure lies in preventing breaches before they happen.

How AI can help businesses manage their cyber risks

Artificial intelligence can be a powerful ally in the fight against cyberthreats.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd