John McAfee turned some heads in the security community two years ago when he declared that the virus protection software industry, which he is widely credited with creating 30 years ago, is dead.

“In 1987, new applications for the Windows platform were being developed and released at a rate of about one new application per month,” he wrote. “Today, there are over 10 million malicious apps.” In short, conventional antivirus techniques simply can’t keep up.

Many security experts don’t agree. Although instances of new malware actually declined in 2016 for the first time ever, according to AV-TEST, there are plenty of reasons to keep virus protection software in your security arsenal. But today, the branded software package is only one of an assortment of virus-fighting tools on your computer, some of which you may not even know about.

Virus protection software has come a long way in 30 years. Infections were rare before the internet went mainstream, and even early post-internet attacks were more malicious than criminal. With the rise of online financial services, the popularity of e-commerce and the presence of a black market for personally identifiable information (PII), however, malware has become big business.

How Far We’ve Come

In retrospect, the early days of virus fighting were almost quaint. The first tools were basically signature checkers that looked for changes in file systems or applications that matched known patterns, and then flagged or blocked the programs from running. This technique is still used today, but it has some fundamental weaknesses. Among them is the failure of users to update their signatures on a regular basis and the fact that it takes time to catalog the 350,000 new malware variants that emerge each day.

Today’s most common weapon is heuristic virus checking, in which code is analyzed against a set of rules that indicate the presence of a virus. Although the heuristic approach can detect the vast majority of older viruses, it has some of the same weaknesses as the signature approach. Virus writers are constantly figuring out new ways to break the rules, and it’s difficult for software-makers to keep up.

Other detection methods, including scanning and interception, have their advantages, but these also suffer from similar drawbacks as heuristic and signature-based approaches. Meanwhile, criminals are always coming up with new attack techniques, such as rootkits, ransomware, keyloggers, backdoors and Trojans. It’s even possible, theoretically, to use the antivirus software itself as an attack vector.

So does that mean all is lost? Hardly. Antivirus software has evolved to fight all of these threats. Most experts agree that turning on automatic updates and performing full disk scans periodically can help users block most possible attacks.

Fighting Viruses Is a Team Sport

The security industry’s approach has evolved as well. In effect, fighting viruses has become a team sport, with operating systems and application developers assuming roles that are just as important as security professionals.

For example, Apple and Microsoft have introduced features such as gatekeeping, sandboxing, address space layout randomization and native virtualization support into their operating systems. Microsoft’s enormous list of security enhancements in the latest release of Windows 10 reflects the seriousness with which it’s waging the battle.

Most browsers now warn users away from suspicious sites and quarantine downloads upon request. Google scans every file it touches via Gmail, Drive and Chrome. Facebook does the same thing. Developers are also becoming more sensitive to the need to build security into their code by using only stored procedures for database calls and heading off cross-site scripting (XSS) attacks in HTML pages.

When you tie it all together, fighting malware has become an industrywide campaign, and the virus protection software on your desktop is only one of many fronts.

The Next Evolution of Virus Protection Software

McAfee is right that malware now proliferates too rapidly for humans alone to fight it. However, machines are another matter. Machine learning will enable defenses to evolve at nearly the same speed as the attacks. The technology holds some exciting potential to create the next evolution of virus protection.

When networked with each other, these defenses will get smarter at the speed of networks. So with all due respect to McAfee, the industry he created is very much alive. It’s just become a subset of a much larger movement.

Read the IBM Executive report on Cybersecurity in the cognitive era

More from Endpoint

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…