John McAfee turned some heads in the security community two years ago when he declared that the virus protection software industry, which he is widely credited with creating 30 years ago, is dead.
“In 1987, new applications for the Windows platform were being developed and released at a rate of about one new application per month,” he wrote. “Today, there are over 10 million malicious apps.” In short, conventional antivirus techniques simply can’t keep up.
Many security experts don’t agree. Although instances of new malware actually declined in 2016 for the first time ever, according to AV-TEST, there are plenty of reasons to keep virus protection software in your security arsenal. But today, the branded software package is only one of an assortment of virus-fighting tools on your computer, some of which you may not even know about.
Virus protection software has come a long way in 30 years. Infections were rare before the internet went mainstream, and even early post-internet attacks were more malicious than criminal. With the rise of online financial services, the popularity of e-commerce and the presence of a black market for personally identifiable information (PII), however, malware has become big business.
How Far We’ve Come
In retrospect, the early days of virus fighting were almost quaint. The first tools were basically signature checkers that looked for changes in file systems or applications that matched known patterns, and then flagged or blocked the programs from running. This technique is still used today, but it has some fundamental weaknesses. Among them is the failure of users to update their signatures on a regular basis and the fact that it takes time to catalog the 350,000 new malware variants that emerge each day.
Today’s most common weapon is heuristic virus checking, in which code is analyzed against a set of rules that indicate the presence of a virus. Although the heuristic approach can detect the vast majority of older viruses, it has some of the same weaknesses as the signature approach. Virus writers are constantly figuring out new ways to break the rules, and it’s difficult for software-makers to keep up.
Other detection methods, including scanning and interception, have their advantages, but these also suffer from similar drawbacks as heuristic and signature-based approaches. Meanwhile, criminals are always coming up with new attack techniques, such as rootkits, ransomware, keyloggers, backdoors and Trojans. It’s even possible, theoretically, to use the antivirus software itself as an attack vector.
So does that mean all is lost? Hardly. Antivirus software has evolved to fight all of these threats. Most experts agree that turning on automatic updates and performing full disk scans periodically can help users block most possible attacks.
Fighting Viruses Is a Team Sport
The security industry’s approach has evolved as well. In effect, fighting viruses has become a team sport, with operating systems and application developers assuming roles that are just as important as security professionals.
For example, Apple and Microsoft have introduced features such as gatekeeping, sandboxing, address space layout randomization and native virtualization support into their operating systems. Microsoft’s enormous list of security enhancements in the latest release of Windows 10 reflects the seriousness with which it’s waging the battle.
Most browsers now warn users away from suspicious sites and quarantine downloads upon request. Google scans every file it touches via Gmail, Drive and Chrome. Facebook does the same thing. Developers are also becoming more sensitive to the need to build security into their code by using only stored procedures for database calls and heading off cross-site scripting (XSS) attacks in HTML pages.
When you tie it all together, fighting malware has become an industrywide campaign, and the virus protection software on your desktop is only one of many fronts.
The Next Evolution of Virus Protection Software
McAfee is right that malware now proliferates too rapidly for humans alone to fight it. However, machines are another matter. Machine learning will enable defenses to evolve at nearly the same speed as the attacks. The technology holds some exciting potential to create the next evolution of virus protection.
When networked with each other, these defenses will get smarter at the speed of networks. So with all due respect to McAfee, the industry he created is very much alive. It’s just become a subset of a much larger movement.
Read the IBM Executive report on Cybersecurity in the cognitive era