Is good old-fashioned antivirus software going the way of CD-ROMs and Windows XP? Recent news reports suggest this. An executive at one major security vendor called antivirus “dead,” adding his company no longer sees it “as a moneymaker in any way.”
Meanwhile, Dr. Alan Solomon, creator of one of the first antivirus suites, wrote a blog post earlier this month saying he hasn’t used any antivirus software in at least a decade. Instead he uses Linux because Linux doesn’t seem to generate much in the way of malware.
Dr. Solomon writes:
I stopped using an antivirus a long time ago, because I couldn’t see how it could work in a world where you would need daily updates, which means that each update is tested for … how long? Not very long, obviously. Because these days, we’re looking at around 100,000 new malware samples PER DAY. Or 200,000, depending on who you talk to.
The Trouble With Antivirus Software
For the most part traditional antivirus software uses signatures and heuristics to suss out malware in a network. It’s a great way to keep well-known viruses from infecting or reinfecting that network, but it’s obviously less successful at protecting that network from the 100,000+ new pieces of malware each and every day.
An antivirus vendor may need up to 90 days to isolate a new strain of malware and provide the needed patch. While heuristics may help with mutations of that virus once it’s defined, there’s no guarantee that they will stop a quickly mutating piece of malware like Cryptolocker, which mutated into multiple versions, let alone other Zero-day attacks.
Even if antivirus software was capable of quelling zero-day attacks, its approach is inefficient. You know how antivirus software can make your home PC feel as if it’s connected to a dial-up modem? Imagine if you had the equivalent software on all your networked servers, PCs, and storage. Then imagine if that same piece of software were tasked to check hundreds of thousands of potential malware every single day.
Yeah, I thought so.
Just One Part of the IT Security Toolkit
Of course, no organization with any common sense relies solely on antivirus software to protect their IT infrastructure. Tech Week Europe quotes another security executive in a follow-up article titled, “Why Anti-Virus Is Not Dead (Again):”
It would be rather remiss to omit the signature system (you’d risk ignoring well-known malicious files, which seems rather silly), but to rely on it is clearly a bad idea.
That’s what the ‘AV is dead’ line always comes down to. It should really be: ‘AV products that rely solely on signatures are relatively useless in isolation’.
In other words, antivirus software is just one part of a comprehensive security plan that includes anything from risk assessment tools to improved security training of employees (many of who inadvertently create havoc by using weak passwords or visiting malicious websites).
It Only Makes Sense…
One of your best tools for combatting malware, including treacherous ones like Cryptolocker, is your backup and disaster recovery (BDR) solution. Several months ago StorageCraft’s Casey Morgan wrote a post discussing how incremental backups can offset these types of attacks by restoring your system to a point in time before it was infected.
[StorageCraft] ShadowProtect makes it simple to take point-in-time incremental backups as often as every 15 minutes, so you’ll have the option of restoring to an image taken just before your equipment was compromised by this malicious attack…By taking control of your data with intelligent, regularly scheduled backups, you’ve got a way to get systems back to normal—even if something like Cryptolocker encrypts critical files or attacks systems in other malevolent ways.
So instead of mourning or heralding the imminent death of one method of security, take the time to devise a security strategy that protects you from multiple angles. Given how complex IT infrastructures have become, it only makes sense that antivirus would be one of many solutions you would use to protect yourself.
Photo Credit: Kiko-knows via Deviant Art