The future of AV, or not?
Recently I read an article in the (IN)SECURE Magazine 19 entitled The Future Of AV: looking for the good while stopping the bad
. After my opinion there should be more to be said about it, based on the article.
Contrary to some industry observers, antivirus software is not dead. It is, however, undergoing a game-changing transformation.
Here should be noted that by game-changing
the author (Carey Nachenberg) is really saying that the antivirus software will be “antivirus” software only by name.
What do I mean by that? To tell you honestly I think that the VX (Virus eXchange) scene is dying slowly and only a couple, or should I say handful, of viruses/worms emerge annually. Without the virus creators, there should be no future for AV, right? Wrong!
AV software for many years detects Malware (Spyware, Trojan, RAT, Rootkits?) and if it were not for the strong impact of the word Virus I would be really sure they would be called Anti-Malware.
By some measurements, the volume of malicious software is now outpacing the production of legitimate programs. Symantec recently measured the adoption rate of new software
applications and found that out of almost 55,000 unique applications deployed during a weeklong measurement period on Microsoft Windows PCs, 65 percent were malicious.
This proves the fact that nowadays Malware do the harm, not viruses. I know some of you knew that, but it had to be said for those who didn’t.
(…) attackers can easily circumvent most generic signatures by tweaking existing malware files, scanning them with an antivirus scanner, and repeating the process until the scanner no longer detects the infection. Such modifications can be
done by hand or, unfortunately, all too easily via automation.
That doesn’t sound so new, it reminds me of the first tutorial I read about making viruses undetectable. And it’s not a new either, it’s a tutorial that dates as back as 1991, called How To Modify A Virus So SCAN Won’t Catch It.
Clearly, in such an environment, traditional signature-based detection – or blacklisting – alone is not enough.
You don’t say… What about heuristics, it’s been around for more than a decade, and great things can be done with it. I have in mind an AV program that implemented it quite well, but I don’t want to make from this article a promotive one.
As the volume of malicious code continues to skyrocket, security techniques must increasingly focus less on analyzing malware and more on analyzing “goodware.”
Whitelisting was, and is, always a better choice, in my opinion, than blacklisting.
Similarly, it!s difficult for security companies to locate less
popular, yet entirely legitimate, software applications and add them to a whitelist. Imagine a small software vendor that caters to just a handful of customers. What are the odds that this vendor!s software will be discovered and added to a whitelist in a timely fashion?
About the same as winning the lottery.
Perhaps the greatest benefit of a hybrid approach is that it would finally return the burden of antivirus protection from the shoulders of weary customers back to security vendors
Perhaps…
