Lot of stuff (some wrong , some right) are being said in general terms about "AV being Dead" , but lucky you, the great Umbra is willing to share his unfathomable knowledge on the matter.
1- AV are "technically" dead, by technically , i mean the technology is obsolete since ages (for older members, they know me for my disdain of AVs) , look at those AI fancy stuff, AV vendors realized since a while that the classsic signature/heuristic is useless at its current state , so they look now for advanced algorithm analysis methods (aka the AI, because Ai sounds cool).
The signature model died the day BB/HIPS were introduced, because if your AV engine was efficient, why would you need a BB to backup it? because zero-day malwares make signatures obsolete.
Why obsolete? because malware writers have access to a variety of tools to obfuscate efficiently their newly created malware, they even use an "hacker" version of Virus Total , that test the malware against all known AV engines, without any submission; those tools exist since ages and improve permanently.
2- AV are not dead ! you would think now "umbra is a madman ! he just said on the paragraph above it is dead !"
they are very alive in market terms because:
- AV scanners are the most simple security tool a beginner can protect himself with. AVs does everything for you, it just warns you that it detected a malicious file. no need skills or deep knowledge of the OS to decrypt the mystical popup of HIPS/BBs.
- AV are good and easy money , put a yearly subscription, if you are a bit nasty , release you own malware that only you have a signature,
- Cheap cost , take engine v8 , add 3 new signatures, make it v9 via photoshop; job done.
- Give some cash to some security magazines reviewers and test labs to get good advertisement; then wait the cash to flow in.
Remember when Windows introduced built-in Windows Defender? all the crybaby security vendors and their campaign to discredit it ? yep, they didn't like the idea...and then all those so called "independent" tests labs suddenly rating WD as poor protection ? sure it is ok for them to compare a full-fledge AV with tons of prevention features while WD is tested just as a scanner by disabling Smartscreen and UAC ! come on test labs ! gimme a break...
Now M$ already introduced Appcontainer (aka "sandbox that doesn't break anything) on the Universal Windows Apps; and they will add full virtualization on Edge and a simple BB on WinDef (for enterprises) .
Beginners need AVs ? yes they still do but less than before thanks to M$. in 2020, Win7 will be unsupported, all computers will be shipped with Win10, in the meantime MS will surely introduce more capabilities to its native security. 3rd party AVs will be" optional" and no more "required"...
Then i will, as Agent Smith said to Neo, "You hear that Mr. Anderson?... That is the sound of inevitability... It is the sound of your death... I'm going to enjoy watching you die, Mr. Anderson. "
