Many of us have fallen into a false sense of security when it comes to antivirus software. Not that long ago, antivirus solutions like Symantec, McAfee, and Kaspersky where the primary and most effective defense from malware and viruses. Unfortunately the landscape has changed significantly over the years and it is believed that traditional antivirus solutions won’t stop half of the threats exposed to your workstation. In fact, in 2014 Symantec’s Senior President Bryan Dye remarked that he believed antivirus solutions caught only 45% of the cyberattacks occurring at the time. So why have these tools become so ineffective? While there may be many factors impacting your antivirus negatively, we will focus on three primary variables. But first, let’s review how traditional antivirus works.
How Antivirus Software Works
To simplify, typical antivirus software relies heavily on what are called “signature files” to identify potential viruses and malware. If you think of a virus or malware as a small piece of software or code, each one has a unique signature and as it infects devices it is identified and reported after the fact. This new virus signature is gathered by antivirus companies, like Symantec, and they then update their “signature files” and push this new information out to their customers. The newly updated antivirus should now be able to identify this particular virus and block it before it can infect your machine. As you can see this is a somewhat retroactive approach, which we will address in this article.
The primary pitfall of antivirus, which is within your control, is the selection and maintenance of an antivirus solution. Often, people convince themselves that all antivirus providers are the same and that once they’ve selected and installed a solution they need not worry again. However, a poorly selected antivirus can have consequences. Let us consider the previously mentioned signature files. When you choose an antivirus solution, you are trusting that the vendor you selected is quickly gathering, updating, and dispersing changes to these files to combat the latest threats. Unfortunately this is not always the case, and this can be particularly unreliable with free versions of antivirus software. In addition, once an antivirus solution is installed issues can occur with the software or your workstation that make it unable to receive the updated signature files and they are not able to identify new virus threats. As you can imagine, this significantly limits the effectiveness of any solution you have chosen.
As previously mentioned, traditional antivirus software is an inherently retroactive approach. The term “Zero-Day Threats” is becoming more familiar to the average person. This refers to a virus, software vulnerability, or unique cyberattack that is newly discovered. These tend to permeate networks and machines at an accelerated rate until solutions are created or signature files are updated. Due to the nature of a “Zero-Day Threat”, antivirus solutions are always lagging after the event to apply changes to their software that will help block in the future. This creates a security gap while you waiting for the update to occur.
A third factor impacting your antivirus software is polymorphic viruses. This sounds like something out of a science fiction novel, and that is somewhat fitting. This is a newer breed of viruses that have the ability to change themselves slightly, creating a completely different signature, thereby being undetected by antivirus software. If left alone they will continue to spread to other machines, modify their signature and so on. Traditional signature file based antivirus solutions never have a chance to update fast enough to catch every permutation of the virus.
What can be done?
By now you have likely come to the conclusion that antivirus alone will not provide you adequate protection. So what should you do? To start, don’t abandon antivirus software entirely. It still provides some level of protection, but make sure that you do your homework and select a reputable vendor and check your software with regularity to ensure that it is getting updates. Also be sure to keep yourself and your employees informed on the latest news, tips, and tricks in IT security. Being knowledgeable is the best weapon towards avoiding viruses or identifying them before they’ve had a chance to spread. Lastly, be on the lookout for next generation antivirus solutions including “security fabric” firewall solutions. Advancements are being made in the ability to identify behaviors of malicious programs and in improving signature file changes through methods like “crowd sourcing”. While these progressions in technology are promising it would be reasonable to expect that the cat-and-mouse game of viruses vs. antivirus platforms will continue and you should not be overly reliant on any one source of technology or tactic.