The traditional antivirus era is over?

Computer security is hard and is getting harder. Costs are high and rising. It is not enough to have up-to-date antivirus software on the PC. Traditional anti-virus software is based on the fact that they are looking for well-known software “fingerprints”. Virus fingerprint database is maintained, and software is updated with new fingerprints constantly. This aim is to create a protective barrier that keeps the bad guys out. In recent years, a well-developed malicious software have been able to circumvent the protection effort. Maybe we need to change the protection philosophy. Anti-virus programs are all needed, but they are not enough. The computer security industry has made ​​a mistake in focusing on the attacker used instruments that are easy to change. Some experts and companies now say it’s time to demote antivirus-style protection. “It’s still an integral part [of malware defense], but it’s not going to be the only thing,”

The Antivirus Era Is Over article points out that conventional security software is powerless against sophisticated attacks like Flame, but alternative approaches are only just getting started. “There’s nothing you can do” to keep determined and well-financed hackers out, said Rodney Joffe, senior technologist at Internet infrastructure company Neustar Inc and an advisor to the White House on cyber security. Consumer-grade antivirus you buy from the store does not work too well trying to detect stuff created by the nation-states with nation-state budgets. Pentagon Contractors Post Openings For Black-Hat Hackers article tells that “The arms race has started, and this proves it. It’s a clear sign of the demand to stockpile cyber weapons and expand the operations underway.”

Flame is just the latest in a series of incidents that suggest that conventional antivirus software is an outmoded way of protecting computers against malware. “Flame was a failure for the antivirus industry,” Mikko Hypponen, the founder and chief research officer of antivirus firm F-Secure, some weeks ago. “We really should have been able to do better. But we didn’t. We were out of our league, in our own game.”

Study: If your antivirus doesn’t sniff ‘new’ malware in 6 days, it never will article tells that mainstream antivirus software only has small window for detecting and blocking attacks. Carbon Black research suggests that antivirus firms are struggling to develop signatures for the hundreds of thousands of malware sample they receive every day. If signatures for a malware sample were not added within a few days after the sample first appeared, is probably never added. To overcome this problem, the experiment also showed that multiple antivirus products provided better security protection than just one. But in many cases it is not practical to run or economical to run many antivirus packages, at least on the same computer (usually different antivirus software do not play nicely together in one PC). I think in corporate environments it could maybe make sense to run one antivirus software on workstations and completely different one to scan the files on the main server.

Microsoft’s Windows RT signals shift to mobile computing, says Qualcomm article tells that Microsoft’s upcoming Windows RT operaing system signals a shift to mobile computing and marks the beginning of the end for the PC era. Qualcomm’s COO Steve Mollenkopf claims that in the future, all devices will run using mobile operating systems. In this vision our phone will be a remote for life, controlling everything we do. To adapt to this type of post-PC vision anti-virus companies try to push anti-virus software to smartphones. Symantec sees that bring-your-own-device (BYOD) revolution at the work place has driven up demand for mobile and tablet security.

Android represents a new market for antivirus companies as they are seen as targets “of the same security and privacy threats that plague laptops and desktops”. Verizon launches Mobile Security app for Android as antivirus companies target carriers that when consumers haven’t taken to antivirus software on mobile, companies like McAfee are striking deals directly with carriers: Verizon has introduced a McAfee-based Mobile Security app for its line of Android devices with monthly fee. F-secure also makes mobile anti-virus software and they have for long time co-operated with operators.

Maybe the co-operation with operators and trying to push to mobile devices is the way the antivirus software companies should be heading because the value people see on traditional antivirus software could be declining due those recent event that show the problems of traditional antivirus software and the competition from many free antivirus software choices. Many companies offer free versions of their popular antivirus programs for home users while offering versions with more advanced features as an upgrade option for professional and business users. Many computers also come with decent antivirus software bundled with the computer (some are preview that work for short time, but quite often the bundled antivirus license can works for 1-3 years). For example Symantec has been facing declining license sales, but increased subscriptions as customers prefer to pay for security software as a subscription.

Corporate level antivirus software is not cheap and make good money for anti virus software companies. Anti-virus software sucks up too much security cash claims study article tells that computer scientists at the University of Cambridge carried out the cybercrime study (Lead author Prof Ross Anderson). Tech boffins: Spend gov money on catching cyber crooks, not on AV article tells that Cambridge brains say that the UK government should be spending more on catching cybercriminals instead of splurging taxpayers’ money on antivirus software. Cure is the best form of prevention. “In fact, a small number of gangs lie behind many incidents and locking them up would be far more effective than telling the public to fit an anti-phishing toolbar or purchase antivirus software.” The report indicated that the UK was spending almost £640m annually on the problem and less than £10m of that sum was spent on cybercrime law enforcement.

Some Hacked Companies Fight Back With Controversial Steps. Known in the cyber security industry as “active defense” or “strike-back” technology, the reprisals range from modest steps to distract and delay a hacker to more controversial measures. Hacked companies fight back with controversial steps article tells that private sector does need to fight back more boldly against cyber espionage, but does not recommend that companies try to breach their opponent’s computers. There are already companies that will enable victims to fight back, within the bounds of the law, by also identifying the source of attacks. “Hacking back would be illegal, but there are measures you can take against people benefiting from your data that raise the business costs of the attackers”. Deception plays an enormous role. Also asking the government to raise a case with the World Trade Organization, or going public with what happened to shame perpetrators of industrial espionage are ways to go.

According to Prof Anderson it is mainly the US government – and the FBI in particular – that carry out the “heavy lifting” when it comes to pursuing cybercrime. “Cybercrime has created a swamp,” he added. “You need to drain the swamp by arresting people.” Prof Anderson also recommended improving consumer protection legislation for victims of credit card fraud. He said that the fear of fraud by businesses and consumers was leading some to avoid on-line transactions, imposing an indirect cost on the economy. Consumers in countries like the Netherlands, Finland and Ireland enjoyed much stronger protection than in UK. Consumer protection is clearly an important part of the cybersecurity puzzle.