This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Palo Alto Networks CTO: anti-virus technology can't stop targeted attacks

Share this article:

Anti-virus is dead because it is unable to detect attacks properly and is incapable of working on mobile devices, according to Nir Zuk, founder and CTO of Palo Alto Networks.

Zuk told SC magazine that the "15-year-old technology is unable to detect everything on the network" and "does not run on mobile devices".

He added: “Why does it not detect? Because attacks are very different, they are so widespread and, because of that, vendors see them and assume they are bad.

“This was good a few years ago when anti-virus vendors would see an attack and assume that it was propagated to as many machines as possible. But now they are targeted and the attacks are against a small number of companies and to a single user, so anti-virus cannot detect them.

“The attacker can pick up targets by finding out who works for a company via LinkedIn, what they like from Facebook and make them go to a website or receive an attachment from a trusted person - and there is nothing that anti-virus can do about it.”

Zuk said there is a gap in the mobile security market and solutions will come from new companies. “In the same way that Microsoft leads on the OS but is not a mobile or internet player, [mobile] is ruled by Apple and Google. But the market is so big that new vendors will come in,” he said.

David Harley, chief executive of Small Blue-Green World, said it was hard to defend the position that "anti-virus doesn't detect anything", and a more reasonable argument would be that "anti-virus doesn't detect everything".

“Then I would have agreed with [Zuk] and so would every other researcher in the anti-virus business. But then, I have yet to see any '100 per cent' solutions. A totally generic solution may get close to blocking 100 per cent of threats, but will discard some ‘true positive' objects,” he added.

“Personally (and in principle) I'd rather advocate a sound combination of defensive layers than advocate the substitution of one non-panacea for another, as vendors in other security spaces sometimes seem to. Actually, a modern anti-virus solution is already a compromise between malware-specific and generic detection, but I still wouldn't advocate anti-virus as a sole solution, any more than I would IPS, or whitelisting, or a firewall.”

Harley also disagreed with the assumption that anti-virus technology does not bother to block non-generic, targeted attacks.

He said: “The sheer number of malicious attacks does mean that anti-virus labs have to prioritise to some extent, but that prioritisation is rather more complex than that and it is far from the only factor in detection. The relationship between a given binary and other malware families, for instance, is a big factor in determining whether that binary is detected at a time when there is no malware-specific detection for it.

“It's quite possible that a single, targeted attack won't be detected initially by many or any anti-virus solutions, especially if it involves the combination of a zero-day and the use of multi-scanning to tweak the binary until no common engine detects it, but to dismiss anti-virus on those grounds is to throw out a whole generation of babies with a very small quantity of bathwater.

“The fact that anti-virus is focused on malicious binaries does make it less effective in attack scenarios that are more generic in nature, but that's why you need multi-layering. Horses for courses.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Snowden, Ellsberg ask hackers to help obscure whistleblower activity

Snowden, Ellsberg ask hackers to help obscure whistleblower ...

Crowds of people came out to see Daniel Ellsberg chat with Edward Snowden at HOPE X conference.

Apple accused of hiding backdoors in all 600 million iOS devices

Apple accused of hiding backdoors in all 600 ...

Apple has built backdoors in its own iOS operating system that can leak the personal data of all 600 million iPhone and iPad users and may have been exploited by ...

MH17 spammers direct Twitter users to Zeus-ridden websites

MH17 spammers direct Twitter users to Zeus-ridden websites

In the aftermath of the MH17 tragedy which saw almost 300 people lose their lives in an airplane crash over Ukraine, cyber-criminals are taking advantage by leading social media users ...