“It is dead.”
Those three words, uttered by Brian Dye from Symantec in regards to anti-virus (AV) software sent shockwaves through the PC community in 2014. It also caused confusion among consumers who equated Symantec with keeping them safe from viruses.
Of course, Dye’s remarks were given within the context of his business which had seen a year-over-year decline in sales of its AV products. What Dye actually told the Wall Street Journal was that he didn’t think AV was a money maker anymore. And by 2014, Dye was largely correct as companies had moved beyond the traditional role of setting up a perimeter defense around their network to keep the bad guys out. More adaptive and responsive approaches to security were seen as the future. CEO of Cisco, Bret Hartman said, “The entire industry has moved beyond anti-virus a long time ago.”
I was selling computers around this time, and I began to field questions from customers wondering if they needed to worry about AV anymore. Many people assumed the threat had ended while others figured the battle had merely changed venues. Our customers wondered if a paid solution was better than what Microsoft included for free in Windows 7. Within a few years, it become difficult explain the differences between a free and paid AV product like Norton. And when users can’t see a difference, they will almost always select the free product.
This week I’d like to take a look at the AV and malware market. Why did it become commoditized? We’ll also take a look at some of the latest threats and products customers are using to combat them.
If you purchased a computer over the past 20 years, AV software was probably one of the first products you installed. For many years Norton was the biggest name in AV and security software. There were always free products available, but if you wanted the very best, you purchased Norton. I remember my insurance agent telling me that nothing sold flood insurance like a flood. I’m sure the same goes for products like Norton that benefit from named viruses and trojans that hit the nightly news. The Melissa virus of 1999 and the Sasser worm of 2004 are two examples that people outside of technology knew by name because they were so destructive.
Over time, Norton expanded into a suite of products that could be confusing. Some might say Norton tried to do too much. I’ll give Norton the benefit of the doubt, but I believe they could have done a better job at educating customers about each product in the suite.
When Microsoft shipped the popular Windows 7 operating system, they included basic protection against viruses, spyware and rootkits. And that’s when I began to see the consumer market for AV software change because Microsoft’s offerings were considered “good enough” by many. Windows 8 and Windows 10 came along and offered even more advanced protection.
Norton and its competitors saw the handwriting on the wall and realized that competing with a product baked into Windows was a losing business proposition. So they began offering free or lite versions of their products. For better or worse, Microsoft effectively did to AV products what they did to Netscape, Opera and a host of other browsers in the late 90s. AV products had become a commodity.
A little over a year ago, a friend called seeking help with his laptop that wouldn’t allow him to access his Documents folder. His web browser was also acting odd. I tried doing a Google search and noticed his browser was redirecting to another website that looked sort of like Google if Google had been created in FrontPage. When I tried to access his Documents folder, a warning popped up on the screen demanding payment of $400. My friend was lucky that he’d backed up all his files to Dropbox a few weeks earlier, and performing a full system restore brought his system back to normal. But it wasn’t without a lot of stress and wasted time.
My friend had been hit by a ransomware attack which tends to be more calculated and devious than your basic virus or trojan attack. A trojan might attempt to steal data off your computer, but ransomware encrypts files and folders and holds them hostage until you pay. Examples of ransomware include CryptoLocker, CryptoDefense and CryptoWall, and each can infiltrate your network through an email attachment or download from a scam website.
Expect to hear a lot more about ransomware attacks because they are increasingly lucrative to the crooks unleashing them. Reported ransoms paid during the first quarter of 2016 hit a staggering $200 million, and I’ll bet the real number is significantly higher because only a fraction of attacks are reported. No company wants to admit they forked over the Bitcoins or cash to make it go away.
It’s a frightening proposition for any business to suddenly lose access to business-critical data, and the thieves understand this as well as anyone. After a number of well-publicized attacks, consumers turned their attention away from virus attacks to ransomware. Many didn’t understand that no single suite of software could keep them 100% safe.
So what can be done?
Individuals should make sure Windows Defender is enabled and updated with the latest definition. Third-party solutions for safer technology like ESET help IT professionals find threats before they cause problems. They should also make sure they are performing frequent backups of their critical files. Better yet, backup your entire system with a product like ShadowProtect. This is the best solution because it allows you get rid of the intruding software by wiping your system, and installing a fresh image before the system was infected.
It’s one thing to restore a user’s desktop. But if one of your servers gets hacked, you’re looking at a much larger and potentially expensive and time-consuming problem. This is where your backup solution pays huge dividends. That’s exactly what happened to CPI Solutions when a technician discovered that files on their server had been encrypted by ransomware, including critical financial data going back several years. CPI used ShadowProtect to backup data on the server, and a recent backup was free of any ransomware. Within a couple of hours, a technician was able to restore all data to the server.
Thieves in this line of work are crafty and intelligent. I’m sure we’ll see new intrusion techniques introduced. AV and malware products will play a part in keeping them at bay. But nothing takes the place of performing regular system backups. I know that sounds old fashioned but it’s the truth. I talk to customers each week who failed to backup their most crucial data, and all I can do is remind them to start taking regular backups. Software takes a lot of pain out of the backup process today so there’s really no excuse.