You Can’t Depend on Antivirus Software Anymore

A

antreas

Thread author
Malware has become too sophisticated.


In 2005, Panda Software reported that a new strain of malware was discovered every 12 minutes. In 2016, the cybersecurity company McAfee says it found four every second.



And those were just the strains the companies could detect. For malware—the umbrella term for parasitic software like viruses, worms, and Trojans that infiltrate and interfere with computer functions—hasn’t only proliferated: It’s evolved to better evade detection.



Faced with this tsunami of sophisticated malware, antivirus software like McAfee, once practically synonymous with personal cybersecurity, has struggled to keep pace. In 2014, a senior vice president at Symantec (the company that created McAfee competitor Norton Antivirus) went so far as to publicly say he thought that antivirus software was “dead.” At the time, he estimated that the technology only caught about 45 percent of cyberattacks.



Antivirus software is struggling to keep up because the primary strategy on which it relies—signature detection—is based on the outdated assumption that the malware you saw yesterday will look the same today. Generally speaking, when a cybersecurity company sees a new type of malware, it will analyze and create a detection signature for that specific strain. Like the immune system recognizing a pathogen it has seen before, antivirus software uses these signatures to scan files for known threats. This strategy worked reasonably well when viruses were mostly made by amateur hackers. But in 2003, according to McAfee, we saw the first real for-profit malware and since then, the growth of organized cybercrime has brought forth a series of innovations that allow malware to rapidly change its appearance. If the viruses of the early 2000s were the common cold, sophisticated malware of today is like HIV, able to change its protein coatings to avoid detection.



One of these innovations is a process called “crypting,” which allows a developer to transform the appearance of a piece of malicious code using encryption tools and test it against antivirus software until it is undetectable. Similarly, developers can also use polymorphic code to turn malware into a chameleon, capable of changing its appearance every time it runs. One 2013 analysis found that 82 percent of malware disappears after an hour, and 70 percent of malware only exists once. This short lifespan means just a small percentage of antivirus detection signatures—0.34 percent in one analysis—catch active threats. The rest just hunt ghosts. Though some companies have introduced new strategies to combat these adaptations, they haven’t been enough to fully keep up with fast-moving threats.



Despite its diminishing effectiveness, a startling number of users still use antivirus software as their first, or only, line of defense. According to a 2015 Google study comparing digital practices of security experts and nonexperts, 42 percent of nonexperts said antivirus software was among the most important steps they took protect themselves online. The response topped the list of measures taken by nonexperts, even ahead of “using strong passwords.” But, tellingly, it didn’t even crack the top five among those who work in the cybersecurity field.



This knowledge gap is significant and worrying, because modern malware attacks can be devastating. One type of attack that has grown dramatically in recent years is ransomware, which encrypts one’s files and holds them for ransom. In 2016 alone there were 4,000 ransomware attacks a day, according to IBM. As we store more and more personal information on our computers—home videos, photos, financial information—the cost of infection only grows. So how can the typical user keep up their cyberhealth in a post-antivirus age?
 
D

Deleted member 178

Thread author
It is what i said since years, unfortunately Average Joe doesn't have the skill/knowledge/time/will to use anything else than AVs.

If only we had just malware encryption, but crafty malware writers will add legit certificates, use wrappers , add the encryption to make it FUD , then submit the malware to a battery of internal detection tests to see the effectiveness of the newborn malware ...and even before releasing it, they already have a new variant ready...

Only the hardening of the OS and the carefulness of the users will assure safety, and this only for non-targetted attacks...if the criminal has a specific target...

One solution would be to introduce cyber course in schools, as we had "sex safe habits" lessons.
 
W

Wave

Thread author
It is what i said since years, unfortunately Average Joe doesn't have the skill/knowledge/time/will to use anything else than AVs.

If only we had just malware encryption, but crafty malware writers will add legit certificates, use wrappers , add the encryption to make it FUD , then submit the malware to a battery of internal detection tests to see the effectiveness of the newborn malware ...and even before releasing it, they already have a new variant ready...

Only the hardening of the OS and the carefulness of the users will assure safety, and this only for non-targetted attacks...if the criminal has a specific target...

One solution would be to introduce cyber course in schools, as we had "sex safe habits" lessons.
There's a good way to bypass code emulation as well, someone I spoke to awhile back did it for educational purpose but never gave out the code to people. It basically works by requiring a special key sent to the process for it to execute it's payload, meaning the emulation will come out as clean since the AV won't know to submit a special key to the process.. :D

pretty smart imo
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Antivirus solution is dead on arrival for many security experts and yet in 2017 is still vital for many many users; malware has become too sophisticated and so has the security solutions.

In my opinion anyone that can use security solutions beside antivirus doesnt need security solution at all (HIPS/Sandbox/ANTI EXEC and etc users), thats why there isnt comercial viability for something like System Safe Monitor or Online Armor in 2017, they are just for geek fun.

What we need is the hardening of the OS like Microsoft is doing and education for the end user, but we dont need people diminishing antivirus, it is still very effective for many people.

I am almost sure that a Windows 10 user that has Kaspersky IS or Emsisoft solution installed is much safer than a standard user in 2005 with Windows XP and thats taking the fact that they are much more malware files and attacks now.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
"In 2005, Panda Software reported that a new strain of malware was discovered every 12 minutes. In 2016, the cybersecurity company McAfee says it found for every second.
...
One 2013 analysis found that 82 percent of malware disappears after an hour, and 70 percent of malware only exists once."

The true joke: The malware attacks are smarter and more frequent. There are so smart, that for a couple of years, I did not even noticed to be a target.:)Yet, in this period I was sick many times.:(

I think that signature based anti-malware protection will evolve (AI learning, etc.), and like the immune system in live organisms, it will be the basis of computer protection in the future.:)
 
5

509322

Thread author
Wait until the next version release... it will solve all your problems. :rolleyes:

That's what everybody does here on these forums - right ? Hope that the next release will be SkyNet and protect their system absolutely - against every possible theoretical, hypothetical or realistic threat without them having to make a single decision.
 
Last edited by a moderator:

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Standard antivirus (maybe also under default settings) not only it is essentially useless against advanced attacks: it offers a false sense of security, which is notoriously more dangerous of the awareness of being in danger. For example, if the antivirus tells us that an attachment is clean, it is likely that we shall fall into the temptation to open it, even if it is dubious.

If we are not advanced users, we have no way of knowing if the attachment drops a FUD .js downloader masked by 'invoice n°3454' for example.

But of course 'zero fail' antivirus doesn't exist for now.
 
5

509322

Thread author
Standard antivirus (maybe also under default settings) not only it is essentially useless against advanced attacks: it offers a false sense of security, which is notoriously more dangerous of the awareness of being in danger. For example, if the antivirus tells us that an attachment is clean, it is likely that we shall fall into the temptation to open it, even if it is dubious.

If we are not advanced users, we have no way of knowing if the attachment drops a FUD .js downloader masked by 'invoice n°3454' for example.

But of course 'zero fail' antivirus doesn't exist for now.

You shouldn't have macros enabled by default in any office suite or forget to disable them afterwards.

I know some people think this is way too much to ask of a user, and I find that just plain ludicrous.

Use software restriction policy. It will block the launch of the file downloaded by the malicious macro script.

Use virtualization or rollback. When you see something bad, just revert the system to a prior clean state.

This is not difficult.

You cannot depend upon AV alone, but at the same time you don't need 137.4 layers of protection like you see with some security configurations nor do you need an AV\IS suite with 47 protection modules - with 7/8ths of them causing problems on most systems or not working at-all.
 
Last edited by a moderator:

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
You shouldn't have macros enabled by default in any office suite or forget to disable them afterwards.

I know some people think this is way too much to ask of a user, and I find that just plain ludicrous.

Use software restriction policy. It will block the launch of the file downloaded by the malicious macro script.

Use virtualization or rollback. When you see something bad, just revert the system to a prior clean state.

This is not difficult.

You cannot depend upon AV alone, but at the same time you don't need 137.4 layers of protection like you see with some security configurations nor do you need an AV\IS suite with 47 protection modules - with 7/8ths of them causing problems on most systems or not working at-all.
You've got the point: but you have to be Advanced user for that, note that I capitalized the 'A' ;)
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Wait until the next version release... it will solve all your problems. :rolleyes:

That's what everybody does here on these forums - right ? Hope that the next release will be SkyNet and protect their system absolutely - against every possible theoretical, hypothetical or realistic threat without them having to make a single decision.
I think that signature solutions will be more like an immune system. Many people can be sick, some will die, but this is still very useful, anti-pathogen protection (for some millions of years).:)
Of course, there are many new solutions, aside: antibiotics, surgery, stem cells, etc.
I'm very excited to see the battle between malware and anti-malware.
 
5

509322

Thread author
You've got the point: but you have to be Advanced user for that, note that I capitalized the 'A' ;)

You learn most practical IT security by doing. Plus, you ask for help when you need it. That's the whole point of MalwareTips in the first place. There's a massive amount of knowledgeable help to be had here - if you can get past "What AV\IS is best ?"

You become an "Advanced" user by doing - and not by installing a security soft and being completely helpless and dependent upon it to tell you what to do.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I'd like to be able to spectate for a few hundred years. 200 years from now they will still be publishing bypass videos...
It can be even worse, because 200 years from now, many of us (future MalwareTips members) will have computers in our heads.
 
5

509322

Thread author
AV is dead. Malware is too sophisticated. Install this AV and it will make decisions for you... until it makes the wrong decision or no decision at all. What you gonna do then ? :D

Treat people like they're stupid, they'll act stupid. Make them believe that by installing a security soft that they bear no personal responsibility in keeping their systems safe, they'll leave everything to that soft. Don't educate them, they will behave ignorantly.

This is the current state of user digital security.

The truth is you can't reliably depend upon any solution - I don't care what it is. There is always some way possible for things to get screwed-up. Usually, all it takes is a user mistake.
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
You learn most practical IT security by doing. Plus, you ask for help when you need it. That's the whole point of MalwareTips in the first place. There's a massive amount of knowledgeable help to be had here - if you can get past "What AV\IS is best ?"

You become an "Advanced" user by doing - and not by installing a security soft and being completely helpless and dependent upon it to tell you what to do.
Thanks for your input :)
Learning-by-doing, yes is the best strategy to learn, where learning is not only memorizing, but also and above all understanding through your actions.
 
  • Like
Reactions: vemn
5

509322

Thread author
Thanks for your input :)
Learning-by-doing, yes is the best strategy to learn, where learning is not only memorizing, but also and above all understanding through your actions.

Practice, practice, practice...

You wouldn't believe how many people install a security software, but don't know what it will do when it encounters a malicious action on their system. Some people sit there and... allow, allow, allow, allow in each notification,... and just keep going. They never investigate a thing or ask anyone a single question. It never occurred to them that maybe all those alerts meant something was wrong - let alone all the red colors and not even mentioning the wording "Danger ! Danger... Will Robinson !"
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
...
Treat people like they're stupid, they'll act stupid. Make them believe that by installing a security soft that they bear no personal responsibility in keeping their systems safe, they'll leave everything to that soft. Don't educate them, they will behave ignorantly.
...
I can see this everywhere. :(
Make people believe that buying advertised food is a great thing, and they leave everything that is healthy. Don't learn them think, they are going to believe in everything that someone will say in TV.
Maybe the technology makes people more stupid, in some way?
 
  • Like
Reactions: vemn and Fritz
5

509322

Thread author
Maybe the technology makes people more stupid, in some way?

I don't think so. Most typical users are more than capable of learning IT protection concepts at a level well beyond the rudimentary. The real problem is that educating users to a level that will make a difference - one that will truly improve their digital security posture - is considered too difficult, too expensive, too much of a challenge,... and a thousand other objections.

People aren't stupid. But hand them Plug-and-Play inside a complete IT security knowledge vacuum and they will take full advantage of that and - "Oh... it's a miracle" - act stupid.

IT security for the average user is about the same priority as visiting someone they really don't want to visit. They are clueless that what they don't know - what they are averse to doing or learning - can hurt them.
 
  • Like
Reactions: vemn

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top