“For years, signature-based antivirus detection has been only a fraction of what security companies have been offering… If someone thinks that antivirus being dead is news then we don’t know in what world they have been living in for the past five to six years,” F-Secure’s Timo Laaksonen said — two years ago!
But the question has remained a topic of constant debate among security researchers, which is why “Is AV dead?” was the theme of AVAR, an annual event organized by the Association of Anti-Virus Asia Researchers (AVAR) since 1998.
This year, F-Secure hosted the event and our chief research officer Mikko Hypponen delivered a keynote at the three-day event in Kuala Lumpur that featured discussions that tackled the questions of AV’s demise with sessions like “Is AV Dead – Or Just Missing in Action?” and “Advanced Endpoint Protection Says AV is Dead. Should you?”
When many people — including Wikipedians — mention antivirus they’re referring to software that “used to prevent, detect and remove malicious software” by “relying heavily upon signatures to identify malware.”
What’s a signature? Now you ask!
Once a piece of malware is identified, “a signature of the file is extracted and added to the signatures database,” which is either unique to the AV solution or shared with several providers via a common database.
Highly professionalized modern malware is obviously designed to evade signature detection, which has existed for decades.
“All technically minded people know that there aren’t any signature-only endpoint protection products on the market,” F-Secure Labs’ “Cyber Gandalf” Andy Patel explained in a recent post, on the News from the Labs blog.
Andy notes that F-Secure’s endpoint solutions employ four “non-signature” technologies that go beyond classic signature protection. He adds that “we actually have internal test configurations with signature-based technologies disabled and our products still do a great job at blocking emerging threats.”
Why should this matter to you, someone who doesn’t reverse engineer malware for a living?
Because given the billions of dollars being made in cyber crime and the billions being invested by nation-states in both offensive and defensive cyber tools, the average internet user’s best hope for securing her data is finding security that’s at least as advanced as the threats it faces.
And any industry that doesn’t constantly ask if its technology is becoming obsolete is probably already there.
So is AV dead? Maybe.
Or, as Timo noted years ago, it’s been assimilated like a piece a much larger puzzle. Because this is the digital age and that’s just what happens to most everything.
This is a guest post from an F-Secure fellow. Hi, my name is Matti Aksela…
May 22, 2017
Last week’s WannaCry outbreak caused havoc in many parts of the world before subsiding thanks…
May 18, 2017