Categories: SecurityWorkspace

Don’t Blame Antivirus Software, Warns NSS Labs

Antivirus software has its critics, despite the fact that it continues to protect firms and raise the bar for attackers, says a new report from research firm NSS Labs.

The report finds that antivirus software has largely been criticised based on two-decades-old misconceptions.

Antivirus Misconceptions

The antivirus software running on users’ computers does far more than matching patterns, or signatures, for known threats. Instead, it uses a variety of technologies – from firewalls and host intrusion detection to behavioural heuristics and anomaly detection – to find what is likely to be malicious software, or malware, Randy Abrams, research director at NSS Labs, told eWEEK.

Today’s anti-malware software – the term “antivirus” is another hold out from the days of a less complicated threat – does the equivalent of the credit check required by a bank, looking at a variety of factors to assess risk, he said.

“If you want a loan at a bank, you have to have a reputation that they call a credit score,” Abrams said. “If you have a low credit score, it does not mean you wouldn’t pay the bank back; it just means that you are a greater risk.”

Despite increasingly nuanced detection strategies, the antivirus industry has become the punching bag of the security industry, mainly because it is the last line of defence against the compromise of a computer that could, and most often does, lead to a major breach. When a computer is infected with malware, users do not blame the firewall or the network intrusion-detection system – they criticise the software that protects the endpoint, Abrams said.

When Chinese hackers infiltrated The New York Times, for example, the media latched onto the fact that only a single program used by the attackers was detected by the Symantec anti-malware. In fact, only 24 percent of the malware used in similar incidents has historically been detected by any endpoint-security solution, according to a Mandiant report.

Endpoint Protection

While Abrams may sound like an apologist for the endpoint-protection software industry, he is not. The industry has evolved better defences but still has not done enough, Abrams said. Because attackers have time to test against the most major antivirus products and find ways to circumvent their defences, no software program can protect the endpoint indefinitely.

Yet, rather than resign themselves to that fact, anti-malware firms need to evolve and build a more holistic defence against attackers, not only detecting and blocking bad software, but detecting signs of, and helping users remediate, a compromise before the breach gets worse, he said.

“When some other companies detect a breach, the antivirus firms look bad, but when their software detects the breach, then they look like they are doing their job,” Abrams said. “By taking on both tasks, they are creating a much better system of security.”

Are you a security pro? Try our quiz!

Originally published on eWeek.

Robert Lemos

Robert Lemos covers cyber security for TechWeekEurope and eWeek

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

2 days ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

2 days ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

2 days ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

2 days ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

2 days ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

2 days ago