“Antivirus is dead!”, claims Brian Dye, Symantec’s Senior Vice-President for Information security, in an interview with the Wall Street Journal. This claim has been a source of confusion and argument.
Peter Stelzhammer, joint founder of the independent test lab AV-Comparatives, has some comments on this:
In an interview with the Wall Street Journal on the 4th May 2014, the Senior Vice-President of Symantec claimed that antivirus technology is “dead”. He continued, “We no longer regard antivirus as a money-maker”. In his opinion, current tactics have no future, and new technologies, which the company is developing, are necessary. What does Brian Dye’s statement mean for computer users? Can Windows users all uninstall their security programs and feel safe online?
Or should the proclamation be taken as seriously as the statement by Bill Gates in 2004 that spam would disappear within two years? 10 years later, AV-Comparatives’ honeypots alone collect over 2 million spam mails and 300,000 malware samples every day.
Did he really mean antivirus is dead? Surely he means signature-based detection?
The truth is that “antivirus software” today means sophisticated security programs in which the traditional signature-based detection works alongside new technologies such as heuristics, sandboxing, cloud analysis, whitelisting, URL-blockers and phishing protection.
The statement by Symantec’s Vice-President clearly refers only to the old signature-based detection mechanism. Traditional antivirus software, which only recognises threats by comparing them with a blacklist, is indeed obsolete, and has more or less ceased to exist. This has been the case for some years, so Symantec has not really said anything new.
Are car seatbelts senseless?
In modern cars, traditional security features such as seatbelts are being supplemented with modern technologies such as automatic braking systems, night-vision devices and lane-departure warning systems. The seatbelt is still just as useful as ever, and the new features complement it rather than replacing it. Using all the features together provides the highest possible level of safety (even if absolute protection cannot be achieved).
The same principle applies to Internet security software. Using a combination of all the relevant technologies provides the highest possible level of security. Making security software without signature-based detection would be like making a car without a seatbelt, and of course nobody would suggest doing that.
Philipp Wolf, Vice-President Protection Labs at Avira says: “As an antivirus company, we have developed along with the threats, and constantly update our technologies and toolsets.” He claims that traditional antivirus software has already died out, and that suites with multiple protection technologies are almost always used today.
A similar view comes from Eugene Kaspersky, CEO und Chairman of Kaspersky Lab: "I've heard antiviruses being declared dead and buried quite a few times over the years, but they're still here with us - alive and kicking," he said. "I fully agree that single-layer signature-based virus scanning is nowhere near a sufficient degree of protection - not for individuals, not for organizations large or small; however, that's been the case for many years."
There is no miracle cure to protect against malware and polymorphic attacks. Cybercriminals are constantly developing new malware and new methods of attack. By means of social engineering, they can persuade people to open attachments they shouldn’t open or click on links they shouldn’t click on; this has proved to be a very successful tactic.
“Symantec’s statement seems to relate to the enterprise, and not the consumer and small business”, says Avast CEO Vince Steckler. “Enterprises have traditionally relied on many layers of defence and antivirus is one of those layers. Antivirus though is a broad-spectrum defence and as such is often complemented by other products, such as those protecting against targeted attacks that enterprises worry about. In the consumer and SMB space, the situation is quite different: customers typically do not have multiple layers of protection. They have one, their AV product. These products though are not the simple AV products of past years.”
The comparison with car security may seem clumsy to some people, but there is sense in it. Would you buy a car without a seatbelt? You would be laughed at if you suggested to a car dealer that you can do without the seatbelt because the car has an airbag. I wouldn’t hesitate to choose a car with a seatbelt over one without, and this is exactly the attitude to take with security software and signature-based detection.
Peter Stelzhammer, joint founder of the independent test lab AV-Comparatives, has some comments on this:
In an interview with the Wall Street Journal on the 4th May 2014, the Senior Vice-President of Symantec claimed that antivirus technology is “dead”. He continued, “We no longer regard antivirus as a money-maker”. In his opinion, current tactics have no future, and new technologies, which the company is developing, are necessary. What does Brian Dye’s statement mean for computer users? Can Windows users all uninstall their security programs and feel safe online?
Or should the proclamation be taken as seriously as the statement by Bill Gates in 2004 that spam would disappear within two years? 10 years later, AV-Comparatives’ honeypots alone collect over 2 million spam mails and 300,000 malware samples every day.
Did he really mean antivirus is dead? Surely he means signature-based detection?
The truth is that “antivirus software” today means sophisticated security programs in which the traditional signature-based detection works alongside new technologies such as heuristics, sandboxing, cloud analysis, whitelisting, URL-blockers and phishing protection.
The statement by Symantec’s Vice-President clearly refers only to the old signature-based detection mechanism. Traditional antivirus software, which only recognises threats by comparing them with a blacklist, is indeed obsolete, and has more or less ceased to exist. This has been the case for some years, so Symantec has not really said anything new.
Are car seatbelts senseless?
In modern cars, traditional security features such as seatbelts are being supplemented with modern technologies such as automatic braking systems, night-vision devices and lane-departure warning systems. The seatbelt is still just as useful as ever, and the new features complement it rather than replacing it. Using all the features together provides the highest possible level of safety (even if absolute protection cannot be achieved).
The same principle applies to Internet security software. Using a combination of all the relevant technologies provides the highest possible level of security. Making security software without signature-based detection would be like making a car without a seatbelt, and of course nobody would suggest doing that.
Philipp Wolf, Vice-President Protection Labs at Avira says: “As an antivirus company, we have developed along with the threats, and constantly update our technologies and toolsets.” He claims that traditional antivirus software has already died out, and that suites with multiple protection technologies are almost always used today.
A similar view comes from Eugene Kaspersky, CEO und Chairman of Kaspersky Lab: "I've heard antiviruses being declared dead and buried quite a few times over the years, but they're still here with us - alive and kicking," he said. "I fully agree that single-layer signature-based virus scanning is nowhere near a sufficient degree of protection - not for individuals, not for organizations large or small; however, that's been the case for many years."
There is no miracle cure to protect against malware and polymorphic attacks. Cybercriminals are constantly developing new malware and new methods of attack. By means of social engineering, they can persuade people to open attachments they shouldn’t open or click on links they shouldn’t click on; this has proved to be a very successful tactic.
“Symantec’s statement seems to relate to the enterprise, and not the consumer and small business”, says Avast CEO Vince Steckler. “Enterprises have traditionally relied on many layers of defence and antivirus is one of those layers. Antivirus though is a broad-spectrum defence and as such is often complemented by other products, such as those protecting against targeted attacks that enterprises worry about. In the consumer and SMB space, the situation is quite different: customers typically do not have multiple layers of protection. They have one, their AV product. These products though are not the simple AV products of past years.”
The comparison with car security may seem clumsy to some people, but there is sense in it. Would you buy a car without a seatbelt? You would be laughed at if you suggested to a car dealer that you can do without the seatbelt because the car has an airbag. I wouldn’t hesitate to choose a car with a seatbelt over one without, and this is exactly the attitude to take with security software and signature-based detection.
