The year 2014 has been challenging for the cyber security professional. Numerous security breaches and vulnerabilities were discovered and exploited by hackers and cyber thieves; first Heartbleed, then the Internet Explorer vulnerability, GameOver Zeus, and the Russian password-stealing gang. In light of these events, you have to ask the question, “How can we counter these threats?” Symantec has told The Wall Street Journal that they feel antivirus technology is “dead.”
The one thing that everybody should know about the Internet is that it is not a safe place, especially without antivirus software. How can something so vital to our web browsing experience be dead? Perhaps what they meant to say was “outdated,” or maybe even “outclassed.” Antivirus protection has grown more sophisticated over the years, but so have the threats it was made to counter. Currently it does not appear to be winning the battles. Brian Krebs, cybersecurity expert, describes it as “a great example of how the cybercrime underground responds to – and in some cases surpasses – innovations put in place by the good guys.”
The War for the Web
From its inception, the Internet has been struggling against the threats created by hackers. At first, the antivirus industry consisted of small labs and technicians who would examine malware and figure out how to counter the threats it presented to the internet. Unfortunately they didn’t anticipate the dynamic growth of the cybercrime industry. As the amount of malware created proliferated and became more threatening, the antivirus industry had to respond in turn. They had to invest heavily in more powerful technologies, or the general public would be at the mercy of the cyber wolves.
This trend of threat and counter threat has continued and escalated. As antivirus companies grew more powerful, malware grew more and more sophisticated. An innovation called “crypting” eventually showed up, which let hackers check their malware side-by-side with the code of available antivirus software. This enabled the criminals know which antivirus software could identify their code as malicious. Hackers then altered the code until it was unrecognizable by the antivirus systems, resulting in an unidentifiable, “fully undetectable” code.
Another innovation by antivirus companies was introduced called “decrypting,” which allowed software to analyze and decode foreign information to determine if it was dangerous or even malicious. If an antivirus program detects something dangerous to your system, it won’t allow it entry.
Criminals frequently use malware to take advantage of on line operations, and even sophisticated decryption services aren’t always enough to contain the malware. Malicious software can be automatically distributed by servers, which are robots who control the output of the malware at a fixed rate. If you receive malware through email attachments, it can still enter into your system because the antivirus software hasn’t had time to decode it and identify it as harmful to your machine.
So, What Can be Done?
There is an obvious pattern developing here; as antivirus grows more sophisticated, malware finds a way to get one step ahead of it. It is for this reason that many authorities in the antivirus industry believe antivirus to be an outdated protective measure against modern threats. Juniper and FireEye have already concentrated their efforts on detection and response. They are operating with the idea to minimize the damage done by the malware rather than completely eliminate the threat. Juniper has tried putting fake data in firewalls to distract hackers, while Shape Security Inc. has taken steps toward making it more difficult for hackers to use stolen credit card information.
Using an outdated antivirus beats not protecting your computer at all against most low-level threats. Even crypting is not as useful as it is made out to be, and it might not even work at all. Keep an updated antivirus system in place to keep lesser threats in check.
If your business trusts all its secure data to antivirus software, you might want to consider a more dynamic solution. Quikteks’ Unified Threat Manager is one such solution, it takes a multilayered approach to cybersecurity, including powerful firewalls, antivirus, spam protection, and even web content filtering for secure web browsing. All you need to do is call (973) 882-4644 to make sure that your network security isn’t outclassed.