People are saying antivirus is dead, and they’re right.
What most people call antivirus has been as dead as doornail for more than five years.
Simply identifying specific files as malicious software by checking them against some sort of blacklist just isn’t good enough to stop attacks from modern cybercriminals, which is why we updated our technology more than half a decade ago.
Traditional antivirus protection fails, for instance, against so-called “drive-by attacks.”
In these common attacks, a user visits a particular website and a completely unique file is created to exploit vulnerabilities and infect a user’s PC.
That’s why any security solution worth having now uses reputation-based detection. Instead of only checking a file against a list of malicious files, we are now also looking at file’s genealogy. If it’s unique and has never been seen before, our reputation-based protection find it highly suspicious.
“The bad guys think that they can get around detection by creating a unique malicious file for every user. But this is exactly how we beat them,” Hypponen says.
Exploits such as drive-by are the most common way both for consumers and business users get infected today. There are millions of malware samples out there, but only a few dozen vulnerabilities are widely exploited at any given time.
It’s a choke point: If we prevent the exploit from taking place, the malware never gets into our customer’s computer.
“Reputation-based detection is a bit like digital Judo,” explains F-Secure’s Chief Research Officer Mikko Hyppönen. “We take an enemy’s attacks and turn them against him—or her.”
“On this note, we often see references to tests focused on antivirus signature scanning,” said F-Secure’s Chief Technology Officer Mika Ståhlberg. “Some of these are even done using VirusTotal. These kinds of tests only measure 10-year old technology and do not include reputation detection.”
Testing should always be “real world. That means it should use all the features of a product – preferably with the default settings users use most often. Tests should also include all the steps of a possible infection, including the exploit step.
Antivirus is dead. Long live reputation-based antivirus.
[Image by Robert S. Donovan via Flickr.]
F-Secure invites our fellows to share their expertise and insights. For more posts by Fennel, click…
April 18, 2018
The absence of regulation is what has resulted in the innovation of software we see today.…
September 13, 2017