This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Debate: Anti-virus is dead

Share this article:
Amichai Shulman and Sarb Sembhi

Pro: Amichai Shulman, CTO of Imperva

I think that the main reason that AV is dead is that it does not fit in the threat landscape of today.
On the one hand, there is the technological issue of attackers being able to generate new malware samples with incredible speed. In that kind of environment, looking for signatures is useless.

The other side of it is the change in IT landscape. When you rely on AV you assume that you have control over the machines that access the network.  But with the modern environment, and the BYOD trend, you don't have that control over the devices accessing your systems and data sources.

When viruses and malware started you had a small group of people able to generate malware and action malware, and propagation from one computer to another was done by replicating internally.

But hackers have introduced polymorphism, which takes a single sample and repackages it. Initially, it was client side polymorphism so the virus came with code that was able to generate new variations of the same virus. What AV would do would be to find that replication code.

Today, polymorphism happens on the server side and attackers almost never rely on internal replication, they just rely on infecting as many people in the same organisation using a large campaign, like water holing, phishing, or drive-by downloads

You need to think where to use AV and where not to use AV. You also need to rethink the value of AV as a security tool, and as a consequence, rethink your budget.

Anti: Sarb Sembhi, Director of Consulting Services at Incoming Thought

Is it dead? Surely if that were true Symantec would stop selling the product altogether.

For organisations that have plenty of controls in place AV will be one or two additional controls - if they host and network / border AV. However in environments where AV is the only control, it's not dead as there is no other security. It's the only control they've got so it's a vital element of their security armour.

It's the same if you look at personal users – for some AV is one of many controls, for others it is the only control, and yet there will be that last group who don't even use AV and will end up with their devices forming the basis of botnets around the world.

It's a given to say that AV products that rely only on signature-based detection are dying, but most AV companies have been using other technologies, like behavioural analytics to monitor what's going on. I believe that all large anti-virus companies will rise to the challenge or go out of business.

I can't see any big companies giving up AV just because a few people have said it's dead. There is endpoint and network antivirus and each one offers something different. It's only dead if no-one is using it.

I would challenge any large corporation to stop using AV completely as it does protect end users and provide some level of protection. The value may have diminished but it hasn't diminished completely.

As long as AV is considered as one of many tools to check off the risks, then that's OK, as it's just one of the many types of controls available.


Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Card and banking fraud back on the rise again

Card and banking fraud back on the rise ...

Banking and card fraud back on the rise again says the FFA UK as crime increasingly moves online.

Apple unveils iOS 8.0 - security from the ground upwards

Apple unveils iOS 8.0 - security from the ...

iOS 8.0 - 1.1GB large, but with Apple providing lots of security patches and upgrades...

eBay downplays significance of `old school' XSS attack on its auction portal

eBay downplays significance of `old school' XSS attack ...

eBay vulnerable to XSS attack enabling re-direction of users says BBC.