In 2005, Panda Software reported that a new strain of malware was discovered every 12 minutes. In 2016, the cybersecurity company McAfee says it found four every second.
And those were just the strains the companies could detect. For malware—the umbrella term for parasitic software like viruses, worms, and Trojans that infiltrate and interfere with computer functions—hasn’t only proliferated: It’s evolved to better evade detection.
Faced with this tsunami of sophisticated malware, antivirus software like McAfee, once practically synonymous with personal cybersecurity, has struggled to keep pace. In 2014, a senior vice president at Symantec (the company that created McAfee competitor Norton Antivirus) went so far as to publicly say he thought that antivirus software was “dead.” At the time, he estimated that the technology only caught about 45 percent of cyberattacks.
Antivirus software is struggling to keep up because the primary strategy on which it relies—signature detection—is based on the outdated assumption that the malware you saw yesterday will look the same today. Generally speaking, when a cybersecurity company sees a new type of malware, it will analyze and create a detection signature for that specific strain. Like the immune system recognizing a pathogen it has seen before, antivirus software uses these signatures to scan files for known threats. This strategy worked reasonably well when viruses were mostly made by amateur hackers. But in 2003, according to McAfee, we saw the first real for-profit malware and since then, the growth of organized cybercrime has brought forth a series of innovations that allow malware to rapidly change its appearance. If the viruses of the early 2000s were the common cold, sophisticated malware of today is like HIV, able to change its protein coatings to avoid detection.
Full Article
You Can’t Depend on Antivirus Software Anymore
Userlevel 7
+52
Userlevel 7
+34
Thanks Petr for an interesting article. I thought this bit was particularly chilling:
"One 2013 analysis found that 82 percent of malware disappears after an hour, and 70 percent of malware only exists once. This short lifespan means just a small percentage of antivirus detection signatures—0.34 percent in one analysis—catch active threats. The rest just hunt ghosts."
As pointed out, having a good AV is but one line of defense that you you need to protect yourself from the barrage of malware out there; good security habits such as keeping all software updated and using a password manager are also essential.to effectively protect against cyber crime.
"One 2013 analysis found that 82 percent of malware disappears after an hour, and 70 percent of malware only exists once. This short lifespan means just a small percentage of antivirus detection signatures—0.34 percent in one analysis—catch active threats. The rest just hunt ghosts."
As pointed out, having a good AV is but one line of defense that you you need to protect yourself from the barrage of malware out there; good security habits such as keeping all software updated and using a password manager are also essential.to effectively protect against cyber crime.
Userlevel 7
+56
In case of Webroot they would see it even for a short period of time because the Webroot BrightCloud® Threat Intelligence has so many sensors and without the need of Definition downloads.
Userlevel 6
interesting article! I have to agree partialy on this : you cannot depend on signature based detection anymore. the threat landscape is evplving so rapidly , that signatures alone cannot hack it anymore. a " layered " security setup is best to have these days , imho atleast 😉
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.