Is Antivirus Software Becoming Obsolete?

Viruses, trojans, worms – malware (a contraction of ‘malicious software’) come in many forms. Even though these threats have been around for decades, the volume has increased steadily in line with overall internet usage. What’s more, just as the sophistication and capabilities of technology has improved over the years, so too has the proficiency of malicious programs. Indeed, if you aren’t keeping your technology up-to-date, then you’re leaving yourself compromised to the ever-increasing effectiveness of malware.

According to the IT security organization AV-Test, over 220,000 malicious software programs are detected every day. If you want to keep a close eye on daily detections, then head over to Virus Total, where a constantly updated graph shows the amount of threats found over the last 7 days.

And this isn’t even the whole picture. Not even the antivirus software installed on your computer can detect every threat that comes its way; depending on the software, the figure can even be as low as 60%. And even if a threat is detected it is usually too late:

“Most anti-virus tools use signature files to detect viruses. But it is an ‘after the fact’ method: Only when new viruses are detected are they added to the malware lists.” – Tech Page One

This means that if your computer or other hardware comes into contact with any new viruses, although your AV software may be able to detect them (though even this isn’t certain), they will not be able to defend against the attack. Indeed, proactive detection, according to Drew Robb, which “catches a virus before it infects your computer, is stalled at 80%.”

How your computer is threatened

So, what are the risks? What is all this malware out there designed to do, how does it do it, and what’s the point?

Well, firstly, it’s not just your desktop that’s vulnerable to malicious programs. Your laptop, tablet and smartphone are all potential targets for viruses and hackers too. Cyber criminals are constantly on the lookout for ways in which they can steal your passwords, rob you of your online banking details, or otherwise exploit the information on your machine for their financial benefit – and by installing viruses onto your computer is one of the ways in which they do this.

Cybercriminals have become more adept and organized at launching hit-and-run attacks than ever before, explains Stu Sjouwerman of KnowBe4:

“Fully professional eastern European cyber mafias have hired the best and brightest, and are innovating malware at a furious pace. Today, the bad guys raise a malicious website, run their attack and then disappear after a few hours – before [anti-virus] companies have updated their malware definitions.”

These attacks come in many ways – below are just a few of them:

Phishing

Phishing is a technique that cybercriminals have been increasingly adopting over the years. Not a virus as such, simply a scam – but precisely why any antivirus protection you have installed on your computer will be obsolete if you fall victim to the ploy.

You’ll receive an email from what looks like your bank. You click through to what appears to be your bank’s website, but is in fact just a very convincing facsimile. You’re asked for your card number and password, and, if you type it in, all you’re doing is handing this vital information over to the cybercriminal, giving them access to your real online banking account.

Drive-by Downloads

These infect existing websites. However, if you visit that website (and you may be sent an email link encouraging you to do so), it will proceed to install malware onto your computer.

Trojan Horse

These little nasties are embedded into small online applications – often screensavers and such like. If you download the screensaver and install it onto your computer, you are also installing the malware that has been written into the application.

Personalized Trojan Horse

These trojans work in pretty much the same way as above, however you’re personally targeted for the attack rather than it just being left to chance.

Again, it often works through the use of email. You will receive an email with a picture or other document attached (zip files are common). For whatever reason you’re duped into opening the attached picture, thus opening the door for the malware to get into your computer.

Ransomware

These usually use a delayed attack method, when sometime after you have downloaded a seemingly innocuous application or program – an update maybe, or even a ringtone – you suddenly see a pop up box on your computer. What you in fact downloaded was a piece of malware, and now the pop up box is telling you that it has locked down your computer – and it has.

It will then demand money from you to unlock your files, quite often by sending a text with a given short code. Your phone provider will be billed the amount in question, who in turn will bill you at the end of the month, usually with a fine slapped on for good measure.

So, how much protection does antivirus software provide against these threats?

Simply put, not enough. Because of the sheer volume of malware out there floating around the commercial internet, anti-virus programs alone are not enough to combat the problem. Indeed, some authorities, such as Mohammad Mannan, assistant professor at the Concordia Institute for Information Systems Engineering in Montreal, have even gone so far as to suggest that they are “totally useless”. Mannan again:

“If you use [antivirus programs], you might even be vulnerable [to malware] to some extent.”

It’s a question of figures, and the sheer amount of threats that are out there – a number which has grown significantly in the past decade. CBC News reports that in 2002 there were an estimated 17 million known “good” files out there on the commercial internet, with antivirus engines detecting 2 million “bad” ones. By 2012 the amount of good files had grown to 40 million, and the nefarious ones to 80 million.

The problem with antivirus software

The sophistication of today’s malware programs make it harder and harder for antivirus software to detect if there’s a problem. Indeed, users often don’t always even know that something phishy is happening on their computers. Tony Anscombe of AVG:

“Malware viruses used to be disruptive – if you got one, you knew you had it. Now, they’re deceptive and hide in the background.”

Antivirus software, in face of these ubiquitous threats, has inevitably become a multi-billion dollar industry. One of the reasons for this, in fact, is because users have to have it continuously updated to keep ahead – or rather just behind – the sophistication of new malware threats. The problem is in the very nature of the antivirus software – it is reactive. It only responds to the specific malware that it is programmed to detect. All the cybercriminal has then to do is make some slight modifications to the malware code, and the antivirus program becomes obsolete again.

The sheer number of malware variations make it effectively impossible for antivirus software to combat the problem. It just simply isn’t possible to create a blanket program that keeps all threats out.

So, what’s the answer?

Whitelisting

Whitelisting, as you might expect, is the opposite of blacklisting. Since a blacklist of all of the malware sites in existence would, frankly, be far too difficult to compile, the answer, some believe, is in the creation of a whitelist, which contains only the approved ‘safe’ sites.

The principle is rather similar to what Twitter uses to verify celebrity accounts. Since there became a proliferation of bogus celebrity accounts on the site, rather than identifying all the fake ones, Twitter simply offered a verification of the legitimate ones, so other users could tell the real from the fake.

Similarly, how whitelisting works is that when you surf the web, each time you visit a site a whitelist prompt appears in your browser, letting you know whether the site is whitelisted or not. It is then up to you as the user whether to use the site or escape from it.

Education

Malware is very often the result of user intervention – they may have clicked on a phishing link or opened an attachment. They may even have clicked through on something in social media which uses social engineering tactics (such as ‘clickbait’ – “you’ll never believe what happened when …”) to entice the user to click. It’s only by educating users on the risks, especially when it comes to businesses that must be compliant, that they’ll be able to understand and resist clicking.

File monitoring

Managed IT services are now replacing the old ‘break-fix’ model where IT support companies would come and fix a problem after it had occurred. The power of the cloud and monitoring services should be utilized wherever possible to stop malware entering the business environment and getting to the end user.

So is it time to completely abandon antivirus software?

No. Of course not. Antivirus software, although becoming increasingly outdated, still forms the first line of defense. It does no harm to have it installed on your computer, so there is no reason to remove it. It is rather like locking your front door and windows when leaving the house. Yes, burglars can still get in, but you’re not holding the door open for them. They will have to be motivated, and you won’t be as easy a target as the house next door who decided to remove all doors and windows altogether.

Indeed, Sjouwerman agrees:

“Companies still should have [antivirus software] – at least for now, as well as firewalls, a strong whitelist strategy and user training.”

So, although not completely obsolete, antivirus software is certainly becoming less and less useful, and is almost definitely no longer effective to the extent that it can function as complete protection on its own. The advice is to keep using it, but bolster with other techniques, but the on-going war against malware and the cyber-criminal will not be won with antivirus software alone.