Is the Era of Antivirus Software Over?
Brian Dye, Symantec's senior vice president for information security, recently declared that "antivirus is dead."
These remarks from Symantec, which invented commercial antivirus software in the 1980s, certainly caused a bit of a stir in the security industry. Have we really come to the point where antivirus software is not needed at all?
Antivirus software primarily protects against the threats that we already know exist, but the whole concept of antivirus does have some limitations:
- It is a reactive technology rather than a proactive one.
- It does a good job of catching new variants of the existing threats, but it may not catch everything.
- As Symantec says, it can get overwhelmed or worked around by a skilled attacker without a high degree of difficulty.
In short, antivirus software could potentially lead to a false sense of security. It is no wonder that Symantec believes that nearly 55 percent of cyber attacks go unnoticed by commercial antivirus software.
Are we headed to a world where "detect and respond" systems are more valuable than "prevent only" systems? Looking at the trends around recent security threats, it becomes apparent that the next security vulnerability could be as impactful as the imagination of the originator. Since the attacker's imagination knows no bounds, it becomes increasingly difficult to prevent an attack from happening.
The next best option appears to be faster detection of vulnerability and then choosing the best response. FireEye Inc.'s recent acquisition of Mandiant is a case in point. Mandiant's approach to threat response augments FireEye's virtual machine-based security platform for threat protection.
Google's Chromebook represents a different breed of device that allegedly eliminates the need for antivirus software. Chromebook devices are somewhat similar to Android devices in that they are said to be tightly locked down with little chance of an executable being installed, which reduces the chance of being infected.
Some have dismissed Symantec’s assertion about antivirus being dead as a dangerous marketing ploy. With Symantec's antivirus sales revenue declining and the free antivirus versions gaining larger market share, it is evident that Symantec, like many security vendors, needs to seek a fresh direction. As Mr. Dye said, "If customers are shifting from protect to detect and respond, the growth is going to come from detect and respond."
Whatever the case, it is evident that over-reliance on one source of protection is insufficient, especially when today's technologies are getting heterogeneous and complex. Detect-and-respond systems may be seen as a backward step in the progression of security technology, as this approach makes preventive threats less appealing. On the other hand, this shift also signifies the reality of today’s world where security breaches are common and faster response and decreasing damage are the priority.
Antivirus software may not be completely dead, as it still helps prevent malicious threats, but layered security is the best path forward. But more than anything, sensible user behavior is the best protection.