But how can one of the most fundamental parts of our home and business Internet security systems be dead? Perhaps a better word would be outdated, or maybe even outclassed - not by other types of software, but by the threats themselves. As Brian Krebs says, "this is a great example of how the cybercrime underground responds to - and in some cases surpasses - innovations put in place by the good guys."
World War III : The Web at War
When the battle for the Internet started around fifteen years ago, the antivirus industry was young. It consisted mainly of small labs where technicians would examine malware and come up with the best way to protect the public from it. Unfortunately, the industry didn't remain this way. As the amount of malware increased, the antivirus industry was left with an ultimatum - invest heavily in new technologies, or fall prey to the hordes of deadly software.
While the antivirus companies fortified their weapons, so too did malware grow more sophisticated. Eventually, an innovation called "crypting" emerged, which allowed hackers to scan their malware against the codes of all available antivirus systems, to see which among them could detect the code as malicious. The code is then altered until the antivirus software no longer identifies it as malicious. Once no software can detect their true intentions, the hackers dub the malware "fully undetectable."
Cracking the Code
You might have heard the term "decryption". In this case, it could be defined as protecting your data by analyzing and decoding foreign data that could be seen as potentially malicious. Afterward, the antivirus, if it has detected something unsavory, will not allow it into your system. Unfortunately, there is only so much that these services can do to protect your system when faced with such a formidable opponent.
Often times, the criminals abusing malware will use crypting services that take advantage of sophisticated operations, such as automated distribution of malware via servers. These servers are basically robots that control the output of malware at a controlled rate fixed by the user. This basically means that, if malware is spread through attachments in emails, they could very well make their way into your system if you open the attachment too quickly after receiving it. Why? Because the antivirus software hasn't had time to decode it and recognize that it is harmful to your PC.
A New Solution
All of this leads officials to believe that antivirus, as a protective software, is outdated. Leaders in the antivirus industry, Juniper and FireEye, have turned their efforts toward detection and response, rather than prevention. It seems that antivirus companies deem it inevitable that malware will get through their defenses, making stopping it difficult and almost impossible. So, they instead are trying to find ways to minimize the damage done and eliminate the threat where it is. Juniper has been experimenting by putting fake data in firewalls to distract hackers, while Shape Security Inc. seeks to make it more difficult for hackers to use credit card numbers and passwords that have been stolen.
Of course, a good antivirus can still go a long way toward keeping your computer safe. Some crypting isn't as useful as it's made out to be (crooks can still lie to other crooks) or they might not work at all in the first place. In this case, it is still important to have an up-to-date antivirus, though it might not be as useful as it used to be.
If your business is only utilizing antivirus for your network security, it would be wise to consider something more powerful such as our Unified Threat Management (UTM) solution, which has multiple layers of protection, from firewalls, virus/spam protection, and content filtering to help keep your data safe.