Batu69 Posted September 8, 2016 Share Posted September 8, 2016 More and more, the question being asked about endpoint protection and anti-virus isn’t “who should we use,” but rather, “do we even need anti-virus anymore?” Traditional anti-virus refers to those anti-virus-focused clients who used to be commonplace, like Norton and McAfee. While that method of protection worked in the past, the efficacy of it is starting to decrease, and that’s why some new vendors are arguing that, overall, anti-virus is dead. The anti-virus past Traditional anti-virus safeguards from known viruses and known malware. From a process level, every anti-virus has a unique signature or fingerprint. If you run a piece of malware or a virus through a cryptographic hashing process, it generates a new fingerprint and the anti-virus software keeps a database of all of those fingerprints. If it sees something like a Zeus, or any other anti-virus, it says “I know what you are” and it blocks that. The problem is that each and every very time you change a virus’ source code, even by one character, it generates a new hash or cryptographic signature, which has to be updated and distributed to the endpoints. So, now it has to store a thousand fingerprints, then ten thousand fingerprints, then a hundred thousand fingerprints… As a result, that database on your local machine gets bigger and bigger and bigger. So where the original anti-virus client may have been just 10 megabytes, now it’s 100 megabytes, and it constantly has to update that database signature. Now, it’s even more difficult, not only because there are hundreds of thousands of database signatures, but also because there are polymorphic viruses that change their own code, and it’s just an arms race between the virus and the anti-virus. We beat them, they beat us – it goes back and forth. A two-fold problem Anti-virus manufacturers made good strides in offloading the databases and storing most of the signatures up in the cloud. The anti-virus would identify something suspicious, search the internet, then come back and say whether or not it was a threat. That, however, is processor intensive, memory intensive, and it takes time, even with the speed of the internet. The problem doesn’t stop there. Because of the growing sizes of anti-virus programs, the impact on endpoint security is becoming bigger and bigger. If you look at some of the usual suspects, a lot of times, the cure is worse than the disease – your anti-virus is so big that your machine does nothing except constantly scan files for anti-virus. What now? The shift is now to next generation endpoints. There are really a finite number of ways (around 13-15) to compromise a Windows machine. However, there are n number of variables on those vectors. So, what “next generation endpoint” manufacturers are doing is watching the behavior of software. If the software only has to watch for a smaller number of different processes and behaviors, then that’s much more efficient – it doesn’t have to scan every file, just track that behavior. As a result, if it can block one of those attack vectors, it can shut the whole problem down in advance. Is anti-virus dead? Today, there are some manufacturers that will tell you that anti-virus is dead. While traditional anti-virus may not quite be dead, some would say the funeral isn’t far off. The next generation endpoint security market is a fast growing one, and there are tons of services attached to it for customers and partners who want to get into it. Where this really comes into play is with virtualization. Traditional anti-virus on virtual machines tends to be very problematic due to limiting factors such as disk contention, memory overhead and CPU bottlenecks. Since Windows machines are used by 90% of the world, they’re the biggest target. However, mobile phones, other mobile devices and Macs are becoming more and more prevalent. Everybody has a mobile device and they’re too small to run full anti-virus on, so we’re seeing a lot of small malware. This is where next gen endpoint will really come into its own in the near future. Partners who are educated about and able to deliver solutions around next-gen endpoint will be ahead of the curve. With the combination of malware analytics, application visibility firewalls, SSL decryption, security analytics suites, and cloud access service brokers (CASBs) coming more into play, we can actually start watching who’s doing what, where they’re going, should they be talking to this, should they be talking to that… As we keep saying, it’s defense in depth – you can’t rely on any one thing. So, as cool as malware analytics and the new malware pieces are, they are still part of an overall security strategy that needs to be developed. Different solutions, strategies and approaches to anti-virus and endpoint protection are rapidly appearing. Anti-virus isn’t dead yet, but it may be on its way. For more information about anti-virus and next generation endpoint security, please contact Davitt Potter or your Arrow representative. Article source Link to comment Share on other sites More sharing options...
Holmes Posted September 8, 2016 Share Posted September 8, 2016 This is a similiar thread: One of my responses is in there and I have said it before and Ill say it again no anti-viruses are not dead and I think that quote from davitt potter says it best. Users keep saying anti-viruses are dead because they end up using a antivirus (wouldnt surprise me if some have used microsoft security essentials that antivirus might as well be dead got infected because the anti-virus is not as good as kaspersky or eset or avast or bitdefender etc etc) that is not that good one that gives alot of false positives and has been tested and failed to be not very good at detection those antiviruses that give alot of false positives and have a shitty detection rate are dead the ones that do not give any false positives and have a good detection rate are not dead and prove that anti-viruses in general are not dead. If you look at the antivirus to be a perfect protector and not realize that its programmed to go after the malware it knows about then thats why you think there dead. There not and there constantly evolving and thats why I am always going to use one and thats why you should to. Link to comment Share on other sites More sharing options...
46&2 Posted September 8, 2016 Share Posted September 8, 2016 Is anti-virus dead? Been dead and buried here. I havent used an AV since AVG was huge. Link to comment Share on other sites More sharing options...
straycat19 Posted September 8, 2016 Share Posted September 8, 2016 30 minutes ago, 46&2 said: Been dead and buried here. I havent used an AV since AVG was huge. I haven't used one since I found out that they don't really work, and that was about 1999. There are much easier and more secure ways to protect a system without running another piece of useless software. About the only useful things within the Internet Security packages is the firewall. Otherwise they only find things that have already been found because other people were infected and they were able to obtain the fingerprint for the malware (let's not call them viruses, viruses haven't existed for years) and that is too late. Even when we were running AV programs on all the computers at work and a user would still pick up malware, we reverted to locking down the system to prevent future infections at all, at which point in time the AV program became useless since nothing could install on the system. Link to comment Share on other sites More sharing options...
Petrovic Posted September 9, 2016 Share Posted September 9, 2016 15 hours ago, Batu69 said: For more information about anti-virus and next generation endpoint security, please contact Davitt Potter or your Arrow representative. Hidden advertising Link to comment Share on other sites More sharing options...
pc71520 Posted September 9, 2016 Share Posted September 9, 2016 13 hours ago, 46&2 said: Been dead and buried here. Count me, too. Link to comment Share on other sites More sharing options...
RejZoR Posted September 10, 2016 Share Posted September 10, 2016 Every year these "antivirus is dead" comes up. Just like every year comes up "Linux will overtake Windows this year" predictions. The reality is, Antiviruses are very much alive and main means of protection for millions of systems. Also, people should understand antivirus as such has evolved far away from what it was 30 years ago. Faaaaar away. What we have now are far more sophisticated systems that could for the most part be classified as "Ai" systems. With 100.000 unique samples every day, there is no way anyone can process them by hand. All the job is done by sophisticated learning systems that gather data from users, send it to cloud where is processed and protection measures are returned back to same users. What this means is that whoever is writing a malware, if they want to test it, they need to feed it to the cloud system. Otherwise they could release a malware that gets detected this moment. If malware is not instantly detected, they have a VERY small time window in which they can exploit it. And this time window is incredibly tiny these days. Once sample is detected, it's useless. Link to comment Share on other sites More sharing options...
Holmes Posted September 11, 2016 Share Posted September 11, 2016 I completely agree with you rejzor and your post shoots the posts above it down like a silver bullet does to a werewolf. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.