Antivirus Is Dead

December 17, 2015

I’m not saying that antivirus software is really dead and that you should remove yours. Antivirus software supplies a level of defense that isn’t bad. However, if you think that having the “best” antivirus software that’s on the market will keep you safe, you’re mistaken.

When I was a kid and personal computers were just becoming popular, people were always talking about viruses. “Watch out for such-and-such virus,” they would say. “It will delete everything on your computer.” Every year on Michelangelo’s birthday, everybody would shut down their computer, dreading the nasty Michelangelo virus.

Yes, viruses are bad, but they aren’t what you should be fearing. The most dangerous and harmful cyber attacks today are targeted attacks. This type of attack is based on what we call advanced persistent threats, or APTs.

To carry out an APT, an attacker collects information about you, your habits, and your social life, mostly by researching social media, and then designs an attack tailored to you. According to Gartner, 70%-90% of the malware found in investigations of breaches was designed specifically for the breached organization. By personalizing an attack for you, cybercriminals can be quite sure that you will be tricked into opening an email attachment with malware that is undetectable.

The attackers can then take advantage of an undisclosed vulnerability in your software that enables them to access your system and carry out an APT, doing whatever they want in your computer.

Let’s look at a simple example. Maria is the manager of a human resources (HR) department at a large company. She gets hundreds of email messages every day, most of which contain résumés from people applying for a job. As a dedicated HR manager who is always on the lookout for candidates with potential, Maria opens every résumé she receives. If hackers want to gain access to Maria’s computer—and from there, to the network of the entire organization—all they have to do is send her a job application in an email message and attach a résumé that contains an exploit. The moment Maria clicks the attachment, she opens the door to her computer and the company’s network.

Now, returning to antivirus software, I imagine you’re wondering why it wouldn’t stop this kind of attack on Maria’s computer. The reason is that antivirus software can defend a computer only against identifiable attacks. In other words, the antivirus software must be able to detect an attack’s unique “signature.”

What happens when an attack is new and its signature is completely unknown? As many hackers have realized, undiscovered malware with a unique signature is antivirus software’s main weakness, which hackers are more than happy to take advantage of.

Today’s security systems must eliminate attacks before they can reach you. One solution’s way of accomplishing this task is to stop every email message before it enters the network, break down all attached files into their components, and reassemble the components without the malicious code. Signatures and detection play no role in this form of protection.

Back to the question of whether antivirus software is dead, the answer is no. Antivirus software is effective in stopping known malware but cannot protect you from nearly 70% of the unique, undetected malware that is out there.