All of the security breaches and vulnerabilities of 2014 sure have made for an interesting year; first Heartbleed, then the Internet Explorer vulnerability, GameOver Zeus, and the Russian password-stealing gang. In light of these events, you really have to ask the question, "how can we fight these threats?" Symantec has told The Wall Street Journal that they feel antivirus technology is "dead."
Anyone who knows anything at all about the Internet knows that it is not a safe place, especially without antivirus software. How can something so vital to our web browsing experience be dead? Perhaps what they meant to say was "outdated," or maybe even "outclassed." Antivirus may have grown more sophisticated over the years, but so have the threats that it fights against, and it doesn't appear to be winning any battles. Brian Krebs, cybersecurity expert, describes it as "a great example of how cybercrime underground responds to - and in some cases surpasses - innovations put in place by the good guys."
The War for the Web
From the dawn of its inception, the Internet has been struggling against the threats put in place by hackers. At first, the antivirus industry mainly consisted of small labs and technicians who would examine malware and how to protect the world from it. However, they didn't anticipate the explosive growth of the cybercrime industry. As the amount of malware grew ever more threatening, the antivirus industry had to respond in turn. They had to invest heavily in more powerful technologies, or throw the general public to the wolves.
But the trend continued, and while antivirus companies grew more powerful, malware grew more and more sophisticated. An innovation called "crypting" eventually showed up, which let hackers check their malware side-by-side with the code of available antivirus software. This let the criminals know which antivirus software could identify the code as malicious. Hackers then altered the code until it was unrecognizable by the antivirus systems, resulting in an unidentifiable, "fully undetectable" code.
Codebreaking
Another innovation put into place by antivirus companies was introduced called "decrypting," which allowed software to analyze and decode foreign information which could be seen as dangerous or even malicious. If an antivirus has detected something unfavorable for your system, it won't allow it into the system.
Criminals can often abuse malware to take advantage of sophisticated operations, and even decryption services aren't enough to stop malware from spreading. Malicious software can be automatically distributed by servers, which are usually robots who control the output of the malware at a fixed rate. If you receive malware through email attachments, they can still make their way into the system because the antivirus software hasn't had time to decode it and mark it as harmful to your machine.
So, What Can be Done?
There is an obvious pattern to be seen here; as antivirus grows more sophisticated, malware finds a way to get one step ahead of it at every turn. It is for this reason that many authorities in the antivirus industry believe antivirus to be an outdated protective measure against modern threats. Juniper and FireEye have already concentrated their efforts on detection and response, and would rather deal with it in an orderly manner than prevent the inevitable. The idea is to minimize the damage done by the malware rather than completely eliminate the threat. Juniper has tried putting fake data in firewalls which distracts hackers, while Shape Security Inc. has taken steps toward making it more difficult for hackers to use stolen credit card information.
Even if antivirus is outdated, it sure beats not protecting your computer at all against most low-level threats. Even crypting isn't as useful as it is made out to be half of the time, as criminals can still lie to other criminals and it might not even work at all. Keep an updated antivirus system in place to keep lesser threats in check.
If your business is trusting all secure data to an antivirus software, you might want to consider a more dynamic solution. SolutionOne's Unified Threat Manager is one such solution, which takes a multilayered approach to cybersecurity, including powerful firewalls, antivirus, spam protection, and even web content filtering for secure web browsing. All you need to do is call (214) 299-8555 to make sure that your network security isn't outclassed.
Comments