Anti-Virus Less Effective Than Ever
For a long time, a few things were true about viruses. One, they mostly affected Windows users. Two, simply using a commercial anti-virus program, either free or paid, was usually all one would have to do to inoculate a PC against such a thing. A cheap or free firewall offered additional security.
But, in the same way, that stronger punishments result in smarter criminals, the anti-virus industry reached its pinnacle some time ago and has gradually become less and less effective against its enemies. At the same time, viruses have migrated from simply targeted the Windows platform, instead being developed for Mac, Linux, Android, and iOS as these systems have become far more commonplace than they once were. Security by obscurity is no longer a reliable strategy, and even the most savvy desktop user now lives in a world where there are attackers able to outsmart him if he is not watchful.
Also read: Panda Antivirus Mistakes Itself as Malware
Last year, a top executive at Symantec, the producer of Norton Anti-Virus, proclaimed that the anti-virus was dead. He was echoing industry-wide sentiments that the mere installation of an anti-virus program was no longer the cure-all it had been for years. While the reasons are many, the biggest is the sophistication and financial motivation of malware producers.
Financial Motivation Bigger than Ever Before
In the early days of the Internet, malware was present. Malware has existed since the 1980s. In its earliest editions, malware was simply programmer’s playing jokes on each other, essentially. Occasionally it could have catastrophic effects on a system, but people didn’t spend nearly the time on their computers as they do now. More importantly, even in the first days of the Internet, commerce and banking online were unheard of. Most people didn’t even trust the basic tenets of the Internet, let alone trusting companies in other jurisdictions with their money. For the better part of the 90s, customers were more likely to place their orders via phone if they decided to make a purchase than they were to actually submit payment details over the Internet.
Now, we live in an entirely different paradigm. Most people have no issue entering their credit card information into a web form, and online banking is a requirement for any bank that wants to grow its customer base. What this means for the people developing malware and viruses is financial incentive that no legitimate business could offer. No overhead, lower risk than robbing people directly, and higher success rates.
Anti-virus has become less effective as the sophistication of malware developers has increased. Worse yet, crimeware outfits now exist which offer live technical support to bad actors when they run into problems implementing their malware.
Social engineering remains a problem, with phishing still a successful means of penetrating large organizations and gaining access to sensitive details from individuals. “Wrappers” or programming techniques that fool anti-virus programs and operating systems into believing that software is something that it isn’t, are more sophisticated and successful than ever before. “Crypters” are another technique now fashionable. A “crypter” basically encrypts the parts of a virus’s code that allow it to be detected by anti-virus software. Then, of course, there are the malware programs so efficiently written that they are too small to be detected. All of these methods combined have created a situation where viruses are getting through the anti-virus blockade every day, making a mockery of traditional inoculation procedures.
Anti-virus is in deep trouble these days, and consumers have no real guarantees of safety when downloading files and browsing the internet any longer. Successfully avoiding malware infections now requires greater vigilance on the part of the end-user than ever before. Luckily, as attackers have become more effective, so have users, as the younger generation has grown up with the internet in the home being a normal situation. Nonetheless, it seems that unless or until anti-virus catches up and starts winning the war again, education will be key. Users who want to be safe online will have to research everything they download and install, and implement safe browsing methods. Encryption of documents containing sensitive information is another good means of safe computing.
Companies like ThreatStream have offered a promising batch of research which might yield the result that viruses are detected and disabled before they even make it through to the hard drive. As much money as there is in creating viruses and malware, security and anti-virus are also huge industries. There is no true declaring the anti-virus “dead” until everyone stops making it, but from here it seems that it is no longer the most effective means of warding off viruses.