Actually, this is exactly what Alan Solomon wanted to point out: AV is and always will be in an evolving state. He showed that the future of anti-virus programs would evolve, from pure signature-based detection to different kinds of technologies like heuristics and behavioral detection and even to more advanced protection methods. And now, with targeted attacks (aka APTs) and nation-state spying as new players in the threat landscape, AV is making another step in its evolution.
So what is it about this time? A couple of days ago, it was Brian Dye, Senior Vice President of Information Security at Symantec, who has claimed that anti-virus is dead, during an interview with The Wall Street Journal. Unfortunately though, the headline “AV is dead” has the potential to be misinterpreted by a wide audience, if it is put in another context.
The statement was part of a description of Symantec’s product strategy for business customers. It is nothing new that AV-solutions are a baseline protection against common threats. They are established and therefore only play a minor role when it comes to outlining the strategic aspects of upcoming security solutions for dedicated attacks. And in the complex environment of a company network, a wide range of special protections are at charge. But Dye’s statement never meant to say that AV products are useless. He just said that it needs more than an AV product to protect a company’s IT infrastructure. And this is undoubtedly true.
Nevertheless, the situation is completely different in the context of private users. In this sense, the “AV-is-dead”-quote refers to “old-fashioned” but well-established signature-based detection. A few decades back, AV-products solely relied upon a scan engine (or two) that use(s) signatures to look for malicious code in files. These times are over!
As the threats have tried to evade AV detection and became more and more sophisticated, the scanning technologies were adapted, too. During the last decades, new protection methods emerged and matured. Today, all major AV products combine traditional signature-based detection with more sophisticated dynamic protections. G Data products assemble a firewall, web traffic scanning, phishing protection, mail protection, and a behavior blocker. Furthermore, the most recent additions like BankGuard, ExploitProtection and KeyloggerProtection are monitoring tools, dedicated to defend against specific threats. Especially the new ExploitProtection module is effective against common drive-by-infections but also protects against specific attacks – like the most recent Internet Explorer zero-day. So the quote “AV is dead” is only true for products that have not changed their detection methods during the last decade, but this does not apply to the majority of AV-solutions
The resonance caused by this “out-of-context”-statement in the media is ambivalent. It shows that it is still easy to make headlines with such a statement. There seems to be a fundamental distrust about the effectivity of AV solutions. Some people even say that AV products are useless, or even dangerous. This is ridiculous!
PC users are permanently exposed to a huge number of attacks. How can anyone think that you are better off if you lay down your armor? We are processing, on average, 300,000 suspicious samples each and every day. The results go into both, reactive signature-based detection (about 8,200 per day) and proactive behavior rules. We are also analyzing and monitoring the wider threat landscape and develop special solutions that effectively protect against major attacks. Altogether, we block hundreds of thousands of attacks every single day. We might fail sometimes. But in the majority of cases, we do prevent attacks. So, comprehensive and up-to-date AV products are the best protection that a private user can get!
With our quest to protect our customers against cyber attacks, the evolution of AV products continues.
This article was originally published en written together with Ralf Benzmüller at the G DATA Blog page.