You Can’t Depend on Antivirus Software Anymore

Discussion in 'News Archive' started by antreas, Feb 17, 2017.

  1. antreas

    antreas Level 7

    Jun 11, 2014
    348
    1,064
    Malware has become too sophisticated.


    In 2005, Panda Software reported that a new strain of malware was discovered every 12 minutes. In 2016, the cybersecurity company McAfee says it found four every second.



    And those were just the strains the companies could detect. For malware—the umbrella term for parasitic software like viruses, worms, and Trojans that infiltrate and interfere with computer functions—hasn’t only proliferated: It’s evolved to better evade detection.



    Faced with this tsunami of sophisticated malware, antivirus software like McAfee, once practically synonymous with personal cybersecurity, has struggled to keep pace. In 2014, a senior vice president at Symantec (the company that created McAfee competitor Norton Antivirus) went so far as to publicly say he thought that antivirus software was “dead.” At the time, he estimated that the technology only caught about 45 percent of cyberattacks.



    Antivirus software is struggling to keep up because the primary strategy on which it relies—signature detection—is based on the outdated assumption that the malware you saw yesterday will look the same today. Generally speaking, when a cybersecurity company sees a new type of malware, it will analyze and create a detection signature for that specific strain. Like the immune system recognizing a pathogen it has seen before, antivirus software uses these signatures to scan files for known threats. This strategy worked reasonably well when viruses were mostly made by amateur hackers. But in 2003, according to McAfee, we saw the first real for-profit malware and since then, the growth of organized cybercrime has brought forth a series of innovations that allow malware to rapidly change its appearance. If the viruses of the early 2000s were the common cold, sophisticated malware of today is like HIV, able to change its protein coatings to avoid detection.



    One of these innovations is a process called “crypting,” which allows a developer to transform the appearance of a piece of malicious code using encryption tools and test it against antivirus software until it is undetectable. Similarly, developers can also use polymorphic code to turn malware into a chameleon, capable of changing its appearance every time it runs. One 2013 analysis found that 82 percent of malware disappears after an hour, and 70 percent of malware only exists once. This short lifespan means just a small percentage of antivirus detection signatures—0.34 percent in one analysis—catch active threats. The rest just hunt ghosts. Though some companies have introduced new strategies to combat these adaptations, they haven’t been enough to fully keep up with fast-moving threats.



    Despite its diminishing effectiveness, a startling number of users still use antivirus software as their first, or only, line of defense. According to a 2015 Google study comparing digital practices of security experts and nonexperts, 42 percent of nonexperts said antivirus software was among the most important steps they took protect themselves online. The response topped the list of measures taken by nonexperts, even ahead of “using strong passwords.” But, tellingly, it didn’t even crack the top five among those who work in the cybersecurity field.



    This knowledge gap is significant and worrying, because modern malware attacks can be devastating. One type of attack that has grown dramatically in recent years is ransomware, which encrypts one’s files and holds them for ransom. In 2016 alone there were 4,000 ransomware attacks a day, according to IBM. As we store more and more personal information on our computers—home videos, photos, financial information—the cost of infection only grows. So how can the typical user keep up their cyberhealth in a post-antivirus age?
     
  2. Umbra

    Umbra Moderator
    Staff Member

    May 16, 2011
    16,336
    24,464
    Male
    IT spec security
    Vietnam & France
    Windows 10
    Default-Deny
    It is what i said since years, unfortunately Average Joe doesn't have the skill/knowledge/time/will to use anything else than AVs.

    If only we had just malware encryption, but crafty malware writers will add legit certificates, use wrappers , add the encryption to make it FUD , then submit the malware to a battery of internal detection tests to see the effectiveness of the newborn malware ...and even before releasing it, they already have a new variant ready...

    Only the hardening of the OS and the carefulness of the users will assure safety, and this only for non-targetted attacks...if the criminal has a specific target...

    One solution would be to introduce cyber course in schools, as we had "sex safe habits" lessons.
     
  3. Wave

    Wave Guest

    There's a good way to bypass code emulation as well, someone I spoke to awhile back did it for educational purpose but never gave out the code to people. It basically works by requiring a special key sent to the process for it to execute it's payload, meaning the emulation will come out as clean since the AV won't know to submit a special key to the process.. :D

    pretty smart imo
     
  4. Nightwalker

    Nightwalker Level 6

    May 26, 2014
    287
    1,061
    Male
    Windows 10
    ESET
    Antivirus solution is dead on arrival for many security experts and yet in 2017 is still vital for many many users; malware has become too sophisticated and so has the security solutions.

    In my opinion anyone that can use security solutions beside antivirus doesnt need security solution at all (HIPS/Sandbox/ANTI EXEC and etc users), thats why there isnt comercial viability for something like System Safe Monitor or Online Armor in 2017, they are just for geek fun.

    What we need is the hardening of the OS like Microsoft is doing and education for the end user, but we dont need people diminishing antivirus, it is still very effective for many people.

    I am almost sure that a Windows 10 user that has Kaspersky IS or Emsisoft solution installed is much safer than a standard user in 2005 with Windows XP and thats taking the fact that they are much more malware files and attacks now.
     
    tonibalas, vemn, reboot and 10 others like this.
  5. Wave

    Wave Guest

    Windows XP is insecure overall so you are safer than W10 with nothing additional alone than Win XP with security software lol
     
    vemn, davisd, BugCode and 3 others like this.
  6. Andy Ful

    Andy Ful Level 12

    Dec 23, 2014
    591
    2,116
    Male
    business
    Poland
    Windows 10
    Microsoft
    "In 2005, Panda Software reported that a new strain of malware was discovered every 12 minutes. In 2016, the cybersecurity company McAfee says it found for every second.
    ...
    One 2013 analysis found that 82 percent of malware disappears after an hour, and 70 percent of malware only exists once."

    The true joke: The malware attacks are smarter and more frequent. There are so smart, that for a couple of years, I did not even noticed to be a target.:)Yet, in this period I was sick many times.:(

    I think that signature based anti-malware protection will evolve (AI learning, etc.), and like the immune system in live organisms, it will be the basis of computer protection in the future.:)
     
    tonibalas, shmu26, vemn and 6 others like this.
  7. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    1,883
    7,801
    AppGuard LLC, Virginia, U.S.
    #7 Lockdown, Feb 17, 2017
    Last edited: Feb 17, 2017
    Wait until the next version release... it will solve all your problems. :rolleyes:

    That's what everybody does here on these forums - right ? Hope that the next release will be SkyNet and protect their system absolutely - against every possible theoretical, hypothetical or realistic threat without them having to make a single decision.
     
    shmu26, Umbra, davisd and 7 others like this.
  8. Winter Soldier

    Winter Soldier Level 25

    Feb 13, 2017
    1,417
    9,935
    Male
    PLC programmer - Robotics industry
    Wormhole
    Windows 10
    Emsisoft
    Standard antivirus (maybe also under default settings) not only it is essentially useless against advanced attacks: it offers a false sense of security, which is notoriously more dangerous of the awareness of being in danger. For example, if the antivirus tells us that an attachment is clean, it is likely that we shall fall into the temptation to open it, even if it is dubious.

    If we are not advanced users, we have no way of knowing if the attachment drops a FUD .js downloader masked by 'invoice n°3454' for example.

    But of course 'zero fail' antivirus doesn't exist for now.
     
    Parsh, vemn and Der.Reisende like this.
  9. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    1,883
    7,801
    AppGuard LLC, Virginia, U.S.
    #9 Lockdown, Feb 17, 2017
    Last edited: Feb 17, 2017
    You shouldn't have macros enabled by default in any office suite or forget to disable them afterwards.

    I know some people think this is way too much to ask of a user, and I find that just plain ludicrous.

    Use software restriction policy. It will block the launch of the file downloaded by the malicious macro script.

    Use virtualization or rollback. When you see something bad, just revert the system to a prior clean state.

    This is not difficult.

    You cannot depend upon AV alone, but at the same time you don't need 137.4 layers of protection like you see with some security configurations nor do you need an AV\IS suite with 47 protection modules - with 7/8ths of them causing problems on most systems or not working at-all.
     
  10. Winter Soldier

    Winter Soldier Level 25

    Feb 13, 2017
    1,417
    9,935
    Male
    PLC programmer - Robotics industry
    Wormhole
    Windows 10
    Emsisoft
    You've got the point: but you have to be Advanced user for that, note that I capitalized the 'A' ;)
     
    vemn and Der.Reisende like this.
  11. Andy Ful

    Andy Ful Level 12

    Dec 23, 2014
    591
    2,116
    Male
    business
    Poland
    Windows 10
    Microsoft
    I think that signature solutions will be more like an immune system. Many people can be sick, some will die, but this is still very useful, anti-pathogen protection (for some millions of years).:)
    Of course, there are many new solutions, aside: antibiotics, surgery, stem cells, etc.
    I'm very excited to see the battle between malware and anti-malware.
     
    Parsh, vemn and Der.Reisende like this.
  12. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    1,883
    7,801
    AppGuard LLC, Virginia, U.S.
    You learn most practical IT security by doing. Plus, you ask for help when you need it. That's the whole point of Malwaretips in the first place. There's a massive amount of knowledgeable help to be had here - if you can get past "What AV\IS is best ?"

    You become an "Advanced" user by doing - and not by installing a security soft and being completely helpless and dependent upon it to tell you what to do.
     
    tonibalas, shmu26, vemn and 6 others like this.
  13. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    1,883
    7,801
    AppGuard LLC, Virginia, U.S.
    I'd like to be able to spectate for a few hundred years. 200 years from now they will still be publishing bypass videos...
     
    vemn, Der.Reisende and Andy Ful like this.
  14. Andy Ful

    Andy Ful Level 12

    Dec 23, 2014
    591
    2,116
    Male
    business
    Poland
    Windows 10
    Microsoft
    It can be even worse, because 200 years from now, many of us (future Malwaretips members) will have computers in our heads.
     
    shmu26 and Der.Reisende like this.
  15. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    1,883
    7,801
    AppGuard LLC, Virginia, U.S.
    AV is dead. Malware is too sophisticated. Install this AV and it will make decisions for you... until it makes the wrong decision or no decision at all. What you gonna do then ? :D

    Treat people like they're stupid, they'll act stupid. Make them believe that by installing a security soft that they bear no personal responsibility in keeping their systems safe, they'll leave everything to that soft. Don't educate them, they will behave ignorantly.

    This is the current state of user digital security.

    The truth is you can't reliably depend upon any solution - I don't care what it is. There is always some way possible for things to get screwed-up. Usually, all it takes is a user mistake.
     
    tonibalas, vemn, Umbra and 5 others like this.
  16. Winter Soldier

    Winter Soldier Level 25

    Feb 13, 2017
    1,417
    9,935
    Male
    PLC programmer - Robotics industry
    Wormhole
    Windows 10
    Emsisoft
    Thanks for your input :)
    Learning-by-doing, yes is the best strategy to learn, where learning is not only memorizing, but also and above all understanding through your actions.
     
    vemn likes this.
  17. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    1,883
    7,801
    AppGuard LLC, Virginia, U.S.
    :confused:.....:eek:

    Not me. I'll go down fightin' against that one. I know better...
     
  18. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    1,883
    7,801
    AppGuard LLC, Virginia, U.S.
    Practice, practice, practice...

    You wouldn't believe how many people install a security software, but don't know what it will do when it encounters a malicious action on their system. Some people sit there and... allow, allow, allow, allow in each notification,... and just keep going. They never investigate a thing or ask anyone a single question. It never occurred to them that maybe all those alerts meant something was wrong - let alone all the red colors and not even mentioning the wording "Danger ! Danger... Will Robinson !"
     
    shmu26, vemn, Andy Ful and 1 other person like this.
  19. Andy Ful

    Andy Ful Level 12

    Dec 23, 2014
    591
    2,116
    Male
    business
    Poland
    Windows 10
    Microsoft
    I can see this everywhere. :(
    Make people believe that buying advertised food is a great thing, and they leave everything that is healthy. Don't learn them think, they are going to believe in everything that someone will say in TV.
    Maybe the technology makes people more stupid, in some way?
     
    vemn and Fritz like this.
  20. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    1,883
    7,801
    AppGuard LLC, Virginia, U.S.
    I don't think so. Most typical users are more than capable of learning IT protection concepts at a level well beyond the rudimentary. The real problem is that educating users to a level that will make a difference - one that will truly improve their digital security posture - is considered too difficult, too expensive, too much of a challenge,... and a thousand other objections.

    People aren't stupid. But hand them Plug-and-Play inside a complete IT security knowledge vacuum and they will take full advantage of that and - "Oh... it's a miracle" - act stupid.

    IT security for the average user is about the same priority as visiting someone they really don't want to visit. They are clueless that what they don't know - what they are averse to doing or learning - can hurt them.
     
    vemn likes this.