Computer security is hard and is getting harder. Costs are high and rising. It is not enough to have up-to-date antivirus software on the PC. Traditional anti-virus software is based on the fact that they are looking for well-known software “fingerprints”. Virus fingerprint database is maintained, and software is updated with new fingerprints constantly. This aim is to create a protective barrier that keeps the bad guys out. In recent years, a well-developed malicious software have been able to circumvent the protection effort. Maybe we need to change the protection philosophy. Anti-virus programs are all needed, but they are not enough. The computer security industry has made a mistake in focusing on the attacker used instruments that are easy to change. Some experts and companies now say it’s time to demote antivirus-style protection. “It’s still an integral part [of malware defense], but it’s not going to be the only thing,”
The Antivirus Era Is Over article points out that conventional security software is powerless against sophisticated attacks like Flame, but alternative approaches are only just getting started. “There’s nothing you can do” to keep determined and well-financed hackers out, said Rodney Joffe, senior technologist at Internet infrastructure company Neustar Inc and an advisor to the White House on cyber security. Consumer-grade antivirus you buy from the store does not work too well trying to detect stuff created by the nation-states with nation-state budgets. Pentagon Contractors Post Openings For Black-Hat Hackers article tells that “The arms race has started, and this proves it. It’s a clear sign of the demand to stockpile cyber weapons and expand the operations underway.”
Flame is just the latest in a series of incidents that suggest that conventional antivirus software is an outmoded way of protecting computers against malware. “Flame was a failure for the antivirus industry,” Mikko Hypponen, the founder and chief research officer of antivirus firm F-Secure, some weeks ago. “We really should have been able to do better. But we didn’t. We were out of our league, in our own game.”
Study: If your antivirus doesn’t sniff ‘new’ malware in 6 days, it never will article tells that mainstream antivirus software only has small window for detecting and blocking attacks. Carbon Black research suggests that antivirus firms are struggling to develop signatures for the hundreds of thousands of malware sample they receive every day. If signatures for a malware sample were not added within a few days after the sample first appeared, is probably never added. To overcome this problem, the experiment also showed that multiple antivirus products provided better security protection than just one. But in many cases it is not practical to run or economical to run many antivirus packages, at least on the same computer (usually different antivirus software do not play nicely together in one PC). I think in corporate environments it could maybe make sense to run one antivirus software on workstations and completely different one to scan the files on the main server.
Microsoft’s Windows RT signals shift to mobile computing, says Qualcomm article tells that Microsoft’s upcoming Windows RT operaing system signals a shift to mobile computing and marks the beginning of the end for the PC era. Qualcomm’s COO Steve Mollenkopf claims that in the future, all devices will run using mobile operating systems. In this vision our phone will be a remote for life, controlling everything we do. To adapt to this type of post-PC vision anti-virus companies try to push anti-virus software to smartphones. Symantec sees that bring-your-own-device (BYOD) revolution at the work place has driven up demand for mobile and tablet security.
Android represents a new market for antivirus companies as they are seen as targets “of the same security and privacy threats that plague laptops and desktops”. Verizon launches Mobile Security app for Android as antivirus companies target carriers that when consumers haven’t taken to antivirus software on mobile, companies like McAfee are striking deals directly with carriers: Verizon has introduced a McAfee-based Mobile Security app for its line of Android devices with monthly fee. F-secure also makes mobile anti-virus software and they have for long time co-operated with operators.
Maybe the co-operation with operators and trying to push to mobile devices is the way the antivirus software companies should be heading because the value people see on traditional antivirus software could be declining due those recent event that show the problems of traditional antivirus software and the competition from many free antivirus software choices. Many companies offer free versions of their popular antivirus programs for home users while offering versions with more advanced features as an upgrade option for professional and business users. Many computers also come with decent antivirus software bundled with the computer (some are preview that work for short time, but quite often the bundled antivirus license can works for 1-3 years). For example Symantec has been facing declining license sales, but increased subscriptions as customers prefer to pay for security software as a subscription.
Corporate level antivirus software is not cheap and make good money for anti virus software companies. Anti-virus software sucks up too much security cash claims study article tells that computer scientists at the University of Cambridge carried out the cybercrime study (Lead author Prof Ross Anderson). Tech boffins: Spend gov money on catching cyber crooks, not on AV article tells that Cambridge brains say that the UK government should be spending more on catching cybercriminals instead of splurging taxpayers’ money on antivirus software. Cure is the best form of prevention. “In fact, a small number of gangs lie behind many incidents and locking them up would be far more effective than telling the public to fit an anti-phishing toolbar or purchase antivirus software.” The report indicated that the UK was spending almost £640m annually on the problem and less than £10m of that sum was spent on cybercrime law enforcement.
Some Hacked Companies Fight Back With Controversial Steps. Known in the cyber security industry as “active defense” or “strike-back” technology, the reprisals range from modest steps to distract and delay a hacker to more controversial measures. Hacked companies fight back with controversial steps article tells that private sector does need to fight back more boldly against cyber espionage, but does not recommend that companies try to breach their opponent’s computers. There are already companies that will enable victims to fight back, within the bounds of the law, by also identifying the source of attacks. “Hacking back would be illegal, but there are measures you can take against people benefiting from your data that raise the business costs of the attackers”. Deception plays an enormous role. Also asking the government to raise a case with the World Trade Organization, or going public with what happened to shame perpetrators of industrial espionage are ways to go.
According to Prof Anderson it is mainly the US government – and the FBI in particular – that carry out the “heavy lifting” when it comes to pursuing cybercrime. “Cybercrime has created a swamp,” he added. “You need to drain the swamp by arresting people.” Prof Anderson also recommended improving consumer protection legislation for victims of credit card fraud. He said that the fear of fraud by businesses and consumers was leading some to avoid on-line transactions, imposing an indirect cost on the economy. Consumers in countries like the Netherlands, Finland and Ireland enjoyed much stronger protection than in UK. Consumer protection is clearly an important part of the cybersecurity puzzle.
54 Comments
Tomi Engdahl says:
Infosec bods try Big Data in search for better anti-virus mousetrap
It might not be a meaningless marketing term after all…
http://www.theregister.co.uk/2014/06/20/big_data_panda/
Infosec house Panda Security is looking to Big Data and application monitoring as a means to achieve better malware detection.
The launch of Panda Advanced Protection Service (PAPS) is a response to the widely known shortcomings of signature-based anti-virus detection as well as a means for Panda to sell extra services. The technology will be marketed to larger firms as well as offered through cloud tech partners, such as Spanish managed security services firm Indra.
The sheer volume of malware production has long outpaced legacy blacklisting techniques based on recognising known bad apps by their signatures. In response security vendors have developed technologies such as heuristics (generic detection of similar malware), whitelisting and cloud-based technologies.
Most modern security scanners incorporate all these technologies despite marketing claims by rival vendors to the contrary.
Panda – like most of its peers – argues that anti-virus technology still has its place as something that’s necessary, albeit insufficient.
“Anti-virus is a cost-effective means to detect and stop known attacks,” said Luis Corrons, technical director of PandaLabs.
Tomi Engdahl says:
Ask Slashdot: How Dead Is Antivirus, Exactly?
http://ask.slashdot.org/story/14/08/17/012209/ask-slashdot-how-dead-is-antivirus-exactly
Symantec recently made a loud statement that antivirus is dead and that they don’t really consider it to be a source of profit. Some companies said the same afterwards; some other suggested that Symantec just wants a bit of free media attention. The press is full of data on antivirus efficiency being quite low. A notable example would be the Zeus banking Trojan, and how only 40% of its versions can be stopped by antivirus software. The arms race between malware authors and security companies is unlikely to stop.
Tomi Engdahl says:
Symantec Moving All Norton Security into One Cloud Service
Symantec also will retire some of its stand-alone Norton legacy products, such as Norton Internet Security, Norton AntiVirus and Norton360.
The days of buying a compact disc and loading security software—or any software, for that matter—onto a PC or server are rapidly dwindling.
Data security provider Symantec Aug. 19 became the latest vendor to announce that its main software product—Norton—is moving into a cloud-based subscription model. – See more at: http://www.eweek.com/security/symantec-moving-all-norton-security-into-one-cloud-service.html?google_editors_picks=true#sthash.I4cgBdtG.dpuf
Tomi Engdahl says:
Antivirus tools miss almost 70 percent of malware within the first hour
http://betanews.com/2015/02/12/antivirus-tools-miss-almost-70-percent-of-malware-within-the-first-hour/
Threat protection company Damballa has released its latest State of Infections report for the fourth quarter of 2014 which highlights the limitations of a prevention-focused approach to security.
The report finds that within the first hour of submission, AV products missed nearly 70 percent of malware. Further, when rescanned to identify malware signatures, only 66 percent were identified after 24 hours, and after seven days the total was 72 percent. It took more than six months for AV products to create signatures for 100 percent of new malicious files.
This has an impact on containment and raises the risk that at any time there may be live infections on a network. The report also highlights the importance of automating manual processes and decreasing the noise from false positives to make the most of skilled security manpower, rather than trawling through uncorroborated alerts to find the true infections
In order to reduce manual efforts, Damballa advises that security teams must have automatic detection of actual infections able to reach a statistical threshold of confidence in a true positive infection. They also need integration between detection and response systems, and policies that enable automated response based on a degree of confidence.
Damballa State of Infections Report Q4 2014
https://www.damballa.com/state-infections-report-q4-2014/
With only 4% of the almost 17,000 weekly malware alerts getting investigated, the traditional approach to preventing malware attacks needs a makeover.
With limited financial and human resources to apply to security, no company can afford to dedicate the majority of its budget to failing security controls. While prevention-based defenses will continue to be important, companies need to put greater emphasis on detection and response.