Jump to content

You Can’t Depend on Antivirus Software Anymore


tao

Recommended Posts

Malware has become too sophisticated.

 

n 2005, Panda Software reported that a new strain of malware was discovered every 12 minutes. In 2016, the cybersecurity company McAfee says it found four every second.

 

And those were just the strains the companies could detect. For malware—the umbrella term for parasitic software like viruses, worms, and Trojans that infiltrate and interfere with computer functions—hasn’t only proliferated: It’s evolved to better evade detection.

 

Faced with this tsunami of sophisticated malware, antivirus software like McAfee, once practically synonymous with personal cybersecurity, has struggled to keep pace. In 2014, a senior vice president at Symantec (the company that created McAfee competitor Norton Antivirus) went so far as to publicly say he thought that antivirus software was “dead.” At the time, he estimated that the technology only caught about 45 percent of cyberattacks.

 

Antivirus software is struggling to keep up because the primary strategy on which it relies—signature detection—is based on the outdated assumption that the malware you saw yesterday will look the same today. Generally speaking, when a cybersecurity company sees a new type of malware, it will analyze and create a detection signature for that specific strain. Like the immune system recognizing a pathogen it has seen before, antivirus software uses these signatures to scan files for known threats. This strategy worked reasonably well when viruses were mostly made by amateur hackers. But in 2003, according to McAfee, we saw the first real for-profit malware and since then, the growth of organized cybercrime has brought forth a series of innovations that allow malware to rapidly change its appearance. If the viruses of the early 2000s were the common cold, sophisticated malware of today is like HIV, able to change its protein coatings to avoid detection.

 

One of these innovations is a process called “crypting,” which allows a developer to transform the appearance of a piece of malicious code using encryption tools and test it against antivirus software until it is undetectable. Similarly, developers can also use polymorphic code to turn malware into a chameleon, capable of changing its appearance every time it runs. One 2013 analysis found that 82 percent of malware disappears after an hour, and 70 percent of malware only exists once. This short lifespan means just a small percentage of antivirus detection signatures—0.34 percent in one analysis—catch active threats. The rest just hunt ghosts. Though some companies have introduced new strategies to combat these adaptations, they haven’t been enough to fully keep up with fast-moving threats.

 

Despite its diminishing effectiveness, a startling number of users still use antivirus software as their first, or only, line of defense. According to a 2015 Google study comparing digital practices of security experts and nonexperts, 42 percent of nonexperts said antivirus software was among the most important steps they took protect themselves online. The response topped the list of measures taken by nonexperts, even ahead of “using strong passwords.” But, tellingly, it didn’t even crack the top five among those who work in the cybersecurity field.

 

This knowledge gap is significant and worrying, because modern malware attacks can be devastating. One type of attack that has grown dramatically in recent years is ransomware, which encrypts one’s files and holds them for ransom. In 2016 alone there were 4,000 ransomware attacks a day, according to IBM. As we store more and more personal information on our computers—home videos, photos, financial information—the cost of infection only grows. So how can the typical user keep up their cyberhealth in a post-antivirus age?

 

Read more at the following reference page:

 

Ref:  < http://www.slate.com/articles/technology/future_tense/2017/02/why_you_can_t_depend_on_antivirus_software_anymore.html >

 

 

Link to comment
Share on other sites


  • Replies 20
  • Views 1.8k
  • Created
  • Last Reply

I keep on wondering  when this scary malware will infect me?  I use 1 antivirus  NOD32  is all ,a good firewall , script blockers , adblocker , popup blokers  , user scripts  do windows updates and use conman sense . I never had any trouble at all since in like 7 years and even then that was easy too solve  . Which leads me too think how computer savvy are these people who get infected ?

 

Back in the early 2000s it was easy to get infected because most virus was not defeated yet  Windows came with a bad firewall before Windows xp sp2 witch it was not great ever in Windows XP  and Microsoft didn't even have any kind of built in anti malware tell Windows 8 lol.

 

  So i just dont buy it , when I fire up my computer and i get infected like in the early 2000s and have too reformat,  i will actually believe things are as bad as they use too be .Things have improved a 100 fold since the old days and most of the stuff in the media is someone else's problem and not mine .  :P 

 

PS: Really  I believe antivirus from a company you trust is not a bad thing  on windows but you need too harden you're browser against exploits as well , I forgot too mention I dont use flash or Java  on Windows if it cant work without Java I dont need it and If I  cant watch it in MPV  or HTML5 I will just download it or rent it 

 

Also use conman sense and dont install everything you see . Just because it's there dont mean it's useful also keep any programs that call home that dont require internet blocked in you're firewall because you dont want too leave back doors for malware open.

Link to comment
Share on other sites


When Microsoft stops putting them n Windows and  people stop using it  it will be dead   They been saying it was dead every since most virus was defeated than they came out with anti-malware so people would still buy them.

 

Cybersecurity spending will exceed $1 trillion from 2017 to 2021.  it dont sound dead to me. Many believe windows will be dead in 15 years but i dont even know if i will be alive in 15 years.   It seems Microsoft thanks this too they keep porting all there best selling stuff over too other platforms  to secure there future . 

 

 

Link to comment
Share on other sites


36 minutes ago, Recruit said:

Antivirus is dead :sadbye:

You are wrong. So far, it serves a lot of very large profits. And this is the goal, and it works for a long time.

Link to comment
Share on other sites


29 minutes ago, Kalju said:

You are wrong. So far, it serves a lot of very large profits. And this is the goal, and it works for a long time.

 

Profit does not have anything to do with efficiency against threats ...... people buy antiviruses for their psychic comfort and they are not enough informed or they do not care ......

Link to comment
Share on other sites


For your information malware being discovered every twelve minutes is what panda said what about eset or kaspersky or bitdefender they havent said anything and they keep bringing new antivirus products out and improving on there current antivirus products.  Mcafee is dead (I dont know one person whose computer I have worked on that uses mcafee antivirus software (the best hacker I know used mcafee in early nineties and stopped using it because its crap) mcafee antivirus died in the early nineties and so there mentioning this thinking if we are going down we are going to attempt to bring the reputation of all antiviruses down with us) as a matter of fact john mcafee the founder wants nothing to do with mcafee he wants his name removed from the product and they havent done that yet.  Panda antivirus is not that good and norton saying antiviruses are dead yet they keep releasing new versions of there norton antivirus is hypocritical.  Viruses have been discovered every twelve minutes or couple of seconds for years way before mcafee and panda mentioned it.  Also norton used to be shitty now there malware detection has improved again hypocritical.  There are antiviruses out now for one webroot secureanywhere that doesnt use signature updates and relies on behavior analysis (machine learning and deep learning) which is the future.  Check out this website:

 

http://www.deepinstinct.com/#/home

 

The companies that have introduced new strategies are the signatureless behavior analysis companies and programs that offer anti ransomware anti exploit capabilities.  Antiviruses are not dead they are like us we are evolving and so are they.  I love the quote by shane tweaking.com programmer why fix something that is not broken well to make it better.

 

 

Link to comment
Share on other sites


8 hours ago, Kalju said:

You are wrong. So far, it serves a lot of very large profits. And this is the goal, and it works for a long time.

 

Actually he is right, it has been dead for years and has not been able to protect people who inadvertently visit a malicious website, receive a malicious ad, or click on a malicious link.  I get gigabytes of new malware every week that we test against various means we use to protect our systems and AV software does not do the job because it relies on fingerprints, code patterns, etc.  So anything it is not told to watch out for it won't find.  A good malware writer can use that same AV software to test his code against to 'adjust' it so it won't be detected.  On top of that how may people use cracked security software to 'protect' their systems because they are too cheap to buy the one piece of software they should buy if they are going to use it.  I have never, ever had a virus or malware on a system unless I intentionally put it there and that record goes back to 1968.  I don't think there are many people around today who have been working with computers that long or were involved in security back then when the main security item we were concerned with back then was electronic security, that being the ability to place a wire next to a data wire and because of the electrical emanations be able to copy the signals.  The easy fix for that was our data cables were powered by 6 volt lead-acid batteries.  AV programs are written for people who have no knowledge of security or the internal workings of their operating system and no knowledge of the part that ports play in the access and transfer of malicious data/code.  So from one perspective AV is alive and well but I would never rely on that alone to protect any system that connects with our network which is why we have such stringent rules in effect when it comes to allowing byod to connect to it.

Link to comment
Share on other sites


Actually kalju iis right stray they are improving products because it makes money and please stop with the narcissism your going to make me sick.  No one is unhackable mostly especially you stray.  I use eset nodthirtytwo antivirus and guess what Its protected my system everyday for a long time and I do try to get infected I visit porn sites alot and I know its protecting me because I get address has been blocked from eset alot.  I cant speak for all antiviruses I can speak for eset and kaspersky kaspersky is going to have anti-apt built-in to its antivirus in the future and apt's (advanced persistent threats are the most dangerous malware out there).  As a matter of fact kasperky has virus definitions for duqu two point zero which is worse then any malware you could possibly have or get stray yea I dont think I know antiviruses well the ones I mentioned are not dead and are very much alive.

 

 

 

 

 

 

Link to comment
Share on other sites


14 hours ago, straycat19 said:

.  So from one perspective AV is alive and well but I would never rely on that alone to protect any system that connects with our network which is why we have such stringent rules in effect when it comes to allowing byod to connect to it.

Technically  What is alive cant be dead , and what is dead cant be alive  It's ether one or the other, regardless of why you use it and even if you dont  fully depend on it but use it , you're doing you're part too keep it alive . 

 

Now on Linux Antivirus have always been dead because most all of the signatures for Linux Anti-malware are for windows only and most of them need root to even run witch its dangerous  to set something to automatically run as root on Linux . Also many on Linux who only use open source. so there is many factors for it being dead on Linux .  

 

But windows many things wont even run without allowing admin privileges , most All the signatures are for windows , Even Microsoft gives everyone who bought Windows 8 or higher free anti malware baked in . Windows have more malware than any other OS on the plant . So there are many factors that it want be dead anytime soon unless someone comes out with a better way. 

 

Topics telling us you cant depend on Antivirus but offer no better solution is are about as useful as people in the comments trying to say what alive is  dead when it just is not possible . .If you dont have any  real  solutions you're adding to the problem.

 

It's just like people who tell people not too use something because they dont instead of helping them with it ..If you dont use something you cant help them with it  but if they want to use it, they will and you're opinion want change this . You can tell people not too use it  all you want and dig up real or fake news about it  that fits you're agenda tell you turn blue in the face.it does no good . A man convinced against his will Is of the same opinion still. and after awhile  it gets boring, old and crusty  after you read about for over a year .. :P

Link to comment
Share on other sites


Still on demand is using them , If windows would been made right to began with and  sandboxed by default.  you would never needed a sandbox by a 3rd party vendor .. Personally I never used sandboxie on a x64 system and i never get infected ,  Reson why is because there  was so much controversy about  it not working right when it was 1st made . Many say it's still not 100% secure  that they just pushed it out too consumers just to sell it so I have my doubts about it too.

 

Back when sandboxie was x86 only it was easy to activate for free ..Once they made x64 they made it hard to activate for free, this shows that its all about money  And if sandboxing was all that and a bag of chips system wide many vendors would make x64 solutions for it . In the past they experimented with Antivirus  that offered sandboxing too.

 

Chrome already have a sandbox browser and people still get hacked and ransomware  and I used  Firefox  for years and ive not got hacked or had ransomware  that i know of since i had  a Yahoo ID stole from me in the early 2000s and back then I used YIM  and IE .

 

And I know ive not been hacked since 2011 for sure because i dont use USA services were a lot of  breeches have took place . So the proof is in the pudding sandboxing browsers is not 100% ether.

Link to comment
Share on other sites


So you think you are smart in not using a real-time scanner?

LOL

Imaging will do nothing if your computer is infected. It will simply backup the infected OS and every time you restore your image, the virus infection will be there.

Sandboxing is useful in preventing browsing and file based infections, but it's not effective in memory only payloads.

 

On the other side, today's antivirus software is not what it used to be. Yes malware is evolving but so is antivirus software. Today sandbox technology is included in any reputable AV software.  I see more benefit keeping an resident AV in real time.

Link to comment
Share on other sites


9 minutes ago, oliverjia said:

... I see more benefit keeping an resident AV in real time.

More benefit without harm!   :)

Link to comment
Share on other sites


1 hour ago, oliverjia said:

So you think you are smart in not using a real-time scanner?

LOL

I know  it's not more smart  .. I seen  it happen on here to someone before they said they had not used a antivirus in years and they downloaded something and got infected and it was detectable.. On the other hand back in  2008 i downloaded a infected keygen that was not detectable but if it was not for my interactive firewall and winpatrol  i would never knew it.   0 day  malware  getting by AV is nothing new by any means. On Demand is never as good as realtime and only should be used for a 2nd opinion.  Its just like default windows Firewall without a piggyback  its no good for outbound attacks, unless you know exactly what too allow and block  and how to turn it on.

Link to comment
Share on other sites


Until average users, especially those who go into a retailer and buy a laptop desktop, and go through oobe and THEN actually create a limited user account and then ediucate themselves for best praqctices online, nothing will change.

 

OOBE should really create a randomly named Admin account, which it then hides, after the gumby user has written down the username and password for it) and then immediately ask the user to create a limited user account.....which it then logs them into

 

After 30+ years in IT, i use a limited account, Free Avast, MalwareBytes scan once a month, but most importantly proper SoftWare Restriction Policies (ive talked about that to death on here...and not pseudo SRP crap like Crypto Prevent....)

 

Last time i had a virus...well over a decade ago and on that occasion i infected myself during a test of an AV package....

 

Link to comment
Share on other sites


Apart from Sandboxie, I've used Firewall+HIPS, anti-Exploit, and anti-Keylogging software. ;)

Not to mention other restrictions via Group-Policy, DNS settings, and uBlock Origin custom filters. ;)

On 18/2/2017 at 7:00 PM, oliverjia said:

So you think you are smart in not using a real-time scanner?

Simply, more experienced than the ones

who use just a couple of Real-Time scanners (Antivirus & Malwarebyte's)

and still get infected. :coolwink:

 

On Malware-Removal Fora,

infected users -asking for help-

have had Real-Time Scanners (Resident AVs and AMs),

whereas,

Malware-Removal Experts use on-Demand Scanners

to clean their infected Systems; systems that the Real-Time Scanners FAILED to effectively Protect.

Link to comment
Share on other sites


3 hours ago, pc71520 said:

Apart from Sandboxie, I've used Firewall+HIPS, anti-Exploit, and anti-Keylogging software. ;)

Not to mention other restrictions via Group-Policy, DNS settings, and uBlock Origin custom filters. ;)

Simply, more experienced than the ones

who use just a couple of Real-Time scanners (Antivirus & Malwarebyte's)

and still get infected. :coolwink:

 

On Malware-Removal Fora,

infected users -asking for help-

have had Real-Time Scanners (Resident AVs and AMs),

whereas,

Malware-Removal Experts use on-Demand Scanners

to clean their infected Systems; systems that the Real-Time Scanners FAILED to effectively Protect.

 

I agree more experience and tech savvy users are much less likely to have their OS affected by malware. But it's not because an on-demand scanner plus these other goodies: Firewall+HIPS, anti-Exploit, and anti-Keylogging, but more likely because more experience users are generally not click-happy type of users, and they know what they are doing. Oh, BTW, Firewall+HIPS, anti-Exploit, and anti-Keylogging are typically included in today's Internet Security Suites from most reputable vendors, such as KIS. Adware blockers such as uBlock Origin are certainly essential, but AppLocker is typically an overkill for home users, although, admittedly, AppLocker/Group Policy Restrictions are certainly effective in preventing 0-Day exploits.

Link to comment
Share on other sites


I been fooling with pcs for 15 years and i never needed to live in a bubble with sandboxie  No one else  on my network have ether  and no one has had much trouble in many years so its overkill in my book . From my own personal experience even back in the early 2000s i just reformatted  if i caught a virus  why take a chance ? At lest using Antivirus can prevent you form catching known malware ..For me if i use ondemand  its too late if im infected  im going scrub my drive and reformat . Antivirus has never been great at curing the problem but it can prevent some problems from happening. So prevention always wins over a non existent cure.

Link to comment
Share on other sites


3 hours ago, oliverjia said:

Oh, BTW, Firewall+HIPS, anti-Exploit, and anti-Keylogging

are typically included in today's Internet Security Suites from most reputable vendors, such as KIS.

-I prefer Comodo Firewall+HIPS over the KIS Firewall or any other Firewall found in an Internet Security Suite.

-I prefer the Zemana or SpyShelter Anti-Keyloggers over the Anti-Keylogging protection offered by KIS any other Internet Security Suite.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...