IS ANTIVIRUS DEAD? NOT SO FAST
Is antivirus dead? Not so fast. By Aryeh Goretsky, ESET Distinguished Researcher I recently had the opportunity to participate in an interesting discussion with a sysadmin whose CEO was wondering if he should renew his company s antimalware software license. It wasn t a question of cost, or the efficacy of the software. He was wondering if computer viruses were something that might be gone in three years. The question of whether antivirus software (or antimalware software, as it is properly called, for reasons I ll explain below) is still relevant is actually a logical question for a nontechnical person to ask. It is something even technical people who don t work in security might wonder about, too. And it s best answered by taking a look at what s happened in the field over the past several years. First off, describing the software that detects malicious software (malware) as antivirus software is something of a misnomer. Yes, this is how it is marketed and discussed in the computer trade press, but that s because the term antivirus has such a high recognition rate. But it s really like talking about cars and referring to them as horseless carriages. Malware detections spiked in 2014 to more than 143 million, up 72% from the previous year, according to AV-Test, an independent testing company. As it turns out, actual computer viruses have been on the decline for years. They are not quite extinct, but on a daily basis, the amount of bona fide computer viruses that your antimalware vendor sees on a daily basis is in the single-digit percentage (that s between 1% and 9%) these days. Everything else security software protects you against is some kind of malware, whether it be agents, bots, malvertising, multi-stage downloaders, ransomware, rootkits, Trojans, or others. Yes, this is all stuff that you want to block and do not want running on your computer, but very little of it is actually viral in nature these days. So while computer viruses have been going away for a number of years, they will never go away completely. Just as the threats have evolved, so has the software that protects against them.
Times, and software, change How has your antimalware software changed over the years to combat these threats? For one thing, we are frequently told how antivirus is dead 1 and that signature-based technologies are obsolete. This is partially true: No one in the industry relies just on static detection signatures these days. We were even moving away from those when I left McAfee Associates in 1995! In 2014, AV-Test detected 12 million fresh strains of malware every month. These days, even the simplest antimalware programs have multiple methods of protecting you against threats, going far beyond static detection signatures. They are using behavioral, cloud, contextual, emulation, generic signatures, heuristics, prevalency checks, and many other techniques to help determine whether a given piece of code should be allowed to execute. But even these antimalware programs have their limitations, which is why thought leaders, consumers, and companies must be educated that today s complex security challenges demand a combination of defenses. The old scan/detect/protect/clean era of antivirus protection is indeed over. So while even a free antimalware program is better than no protection at all, the relatively low cost for a competent security suite is well worth it for the extra protection. 1 Most famously by Brian Dye, a former VP of Symantec, whose comment about market growth in this space for his then-employer was taken somewhat out of context by the Wall Street Journal. The global cybersecurity market will grow 2015 $106.32 billion Source: MarketsandMarkets.com 2020 $170.21 billion Compound annual growth rate of 9.8%
As cybersecurity specialists, we must reinforce to the media and the public that the most effective protection is based on a combination of solutions. A good security suite delivers this multipronged approach by including extra elements, such as a two-way firewall, Web filtering, removable device controls, and other layers of protection. And it s worth reminding ourselves that while the majority of the blame belongs to the criminal, marketing also plays a part if it encourages customers to rely merely on software solutions for protection. Businesses and consumers must be educated about cybersecurity and the role that their own behaviors play in protecting identity, securing personal information, preventing credit card fraud, and making smart decisions about Internet and free Wi-Fi usage. The larger picture to look at here isn t about malware, it s about crime, or perhaps criminality. All of this brings us to the core question: Will criminals stop trying to steal money and services, commit fraud, and perform other computer-mediated crimes just because a particular kind of attack they use is now prevented? My feeling here is that the answer is no. They ll find new ways of making (i.e., stealing) money, because that is what they do. They want to take something that isn t theirs, and they will simply adapt and find new ways to do this as the technologies change over time. Fortunately, computer users have additional security tools at their disposal as well. Antimalware software is still a part of that toolkit, but additional technologies such as backups, firewall protection, data encryption and multifactor authentication must be part of the package for it to be truly effective. David Harley, ESET senior research fellow, contributed to this report. Almost all of the malware seen these days is written and/or used for financial gain by the criminals behind it. Whether it s encrypting your files and holding them for ransom, stealing debit/credit cards, sending spam, or providing DDoS for hire, someone or some gang of criminals is doing it in order to make money. As a matter of fact, this has become so prevalent that when a piece of malware doesn t make money, it becomes newsworthy.
For over 25 years, ESET has been developing industry-leading security software for businesses and consumers worldwide. With security solutions ranging from endpoint and mobile defense to encryption and two-factor authentication, ESET s high-performing, easy-to-use products give users and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running uninterrupted. For more information, visit www.eset.com. Copyright 1992 2015 ESET, spol. s r. o. ESET, ESET logo, ESET android figure, NOD32, ESET Smart Security, SysInspector, ThreatSense, ThreatSense.Net, LiveGrid, LiveGrid logo and/or other mentioned products of ESET, spol. s r. o., are registered trademarks of ESET, spol. s r. o. Windows is a trademark of the Microsoft group of companies. Other here mentioned companies or products might be registered trademarks of their proprietors. Produced according to quality standards of ISO 9001:2000.