Is the age of anti-virus (AV) software over?
Earlier this spring, Brian Dye, a senior manager at Symantec, announced that AV software is dead. As he reasons, even the best AV software today can usually detect only around 45% of malware attacks. This is despite the efforts of developers to increase the effectiveness of computer security suites.
Today’s AV tools use a variety of techniques that help them detect malware. Four of the most common are:
- Signature-based Detection: In which, a computer scans for a fingerprint of a particular type of malware.
- Heuristic Detection: It seeks to identify malware that may not have been created yet.
- Behavior-based detection: It uses program behavior to ID malicious code.
- Cloud-based Detection: It analyzes malware on the provider’s infrastructure instead of locally.
You can read more about these detection methods here.
The problem with anti-virus software today is that attackers far outpace these types of techniques. As journalist Brian Krebs writes on his blog, attackers use any number of security services today to disguise their malware’s code. Anti-virus software packages in turn do not pick up on these re-invented pieces of malware, a fact that seems to support Dye’s pronouncement.
However, even though AV tools are unable to detect a majority of attacks today, that does not mean they are “dead.” Expert Bruce Schneier notes that anti-virus software is still useful for detecting the “background radiation” of the web, or the range of malware that amateur attackers commonly launch today. Additionally, in their Security Intelligence Report Vol. 14, Microsoft researchers observe that computers without basic AV software are infected by malware attacks 5.5 more times than those that are protected. That likelihood of an attack is directly proportional to newer OS versions, which demonstrates that the value of AV tools appreciates with newer technology.
Beyond that, Dye hardly says anything new. Two years ago, MIT Technology Review published an article entitled “The Antivirus Era is Over,” in which author Tom Simonite wondered how the IT world would evolve following the detection of some high-profile cyber attacks, including Flame. More recently, in a report last April analyzing the performance of some of the top AV software out on the market, Google observed that most tools by themselves only detect 25% of malicious files from the web, which, as in the case of Symantec, led some to wonder whether anti-virus software was dead.
So what does this all mean?
Dye might be correct if he is claiming that the AV market’s growth potential is dead. But anti-virus software as an enduring cyber security tool is hardly obsolete. On the contrary, the viewpoints offered by Symantec, MIT Tech Review, and others simply reveal that the world of computer security has changed, thereby necessitating an adjustment in industry focus. Companies are now beginning to concentrate on understanding the intentions of the attackers themselves, knowledge which they can then use to deny hackers access to company networks. This trend is everywhere, including at a cyber boot camp in California that teaches young coders about white hat thinking.
AV software still provides a crucial layer of baseline security. But with the development of new technologies, the cyber security industry more broadly has switched its focus away from anti-virus tools and towards the human element. How we understand and exploit human intention and weakness will undoubtedly continue to play a large part in the field for the foreseeable future.