Symantec made a few headlines earlier this week with its rather odd pronouncement that antivirus was, to all intents and purposes, “dead”, and that security firms would need to look elsewhere to stay in business.
The comments came from Symantec’s Brian Dye in an interview with the Wall Street Journal. This isn’t the first time someone in the industry has made such a claim of course. Such statements are usually made when one company or another launches some fancy new product that’s able to detect and mitigate cyberattacks using some kind of new technology. And with Symantec, the same holds true for it now intends to focus on ‘security-as-a-service’, protecting enterprises by tracking attacks as they take place, mitigating them, giving advice and investigating who’s doing the attacking.
But is antivirus really dead, or is this just more hyperbole designed to draw attention to a struggling company’s latest rescue plan?
An evolving threat landscape
Quite a few security experts were keen to weigh in with their own take on the matter, and the general consensus is that antivirus isn’t dying, it’s merely transforming into something far more sophisticated.
As Costin Raiu, senior security researcher at Kaspersky Lab, notes in a blog post, “Traditional signature-scan antivirus as the sole method of protection has been dead for many years. It has been replaced by a much more sophisticated bundle of products and technologies, which combine heuristics, sandbox analyzers, cloud reputation and whitelisting technologies to protect the user.”
Most enterprises have already embraced these trends, and so it can certainly be argued that traditional antivirus, which uses malware signatures to detect threats, is on its last legs.
And it’s a point that Vincent Steckler, CEO of Avast, agrees with wholeheartedly:
“Symantec’s statement seems to relate to the enterprise, and not the consumer and small business,” he writes in his own blog on the matter. “Enterprises have traditionally relied on many layers of defense and antivirus is one of those layers. Antivirus though is a broad-spectrum defense and as such is often complemented by other products, such as those protecting against targeted attacks that enterprises worry about.”
“In the consumer and SMB space, the situation is quite different: customers typically do not have multiple layers of protection,” he adds. “They have one, their AV product. These products though are not the simple AV products of past years. The true statement in the story is that consumer security is so much broader than AV. AV is used as a generic name as it is what customers know.”
“They instead incorporate firewalls, intrusion detection, heuristics, virtualization, sandboxes, and many other layers of protection and not just antivirus. Therefore, we believe AV is not dead in the consumer space. It is far from dead there.”
Antivirus was never enough
Security expert and investigative journalist Brian Krebs weighed in with his own thoughts on the debate, and pointed out that it’s long past the time that enterprises can rely on antivirus alone – they need to go on the attack if they’re to survive.
“In short, as I’ve noted time and again, if you are counting on your antivirus to save you or your co-workers from the latest threats, you may be in for a rude awakening down the road,” he wrote.
Even so, Krebs doesn’t believe that antivirus software is completely useless – far from it. “Very often, your antivirus product will detect a new variant as something akin to a threat it has seen in the past,” he explains. “Perhaps the bad guys targeting you or your organization in this case didn’t use a crypting service, or maybe that service wasn’t any good to begin with.”
“In either case, antivirus remains a useful — if somewhat antiquated and ineffective – approach to security. Security is all about layers, and not depending on any one technology or approach to detect or save you from the latest threats.”
So the general consensus seems to be that rather than dying, antivirus is actually just evolving into something else – something far more sophisticated than a simple malware scanning tool that can be installed on our systems in just five minutes. And this is a natural progression too, given the way the nature of threats is constantly evolving.
“Antivirus has to evolve,” writes Panda Security’s Luis Corrons in a blog post. “It has been evolving and it will be evolving forever. To evolve you need to invest in it, and no company invests in something they consider dead.”
“To be involved in the creation and development of new technologies and revolutionary approaches to combat malware and fighting cybercriminals is one of those secret ingredients.”