Yes, you still need endpoint malware protection

[Batu69]

While operating systems and apps are more secure, the need for endpoint security remains.

There has been a steady stream of reports and claims lately that many of us no longer need endpoint security, that antivirus (AV) programs on our PCs are worthless.

Gizmodo flat out said that you really don't need an antivirus app anymore, arguing that Windows 10 and the browsers have tightened up security to the point that they adequately protect end users. Windows Central asked the same question, but determined that more protection is better than less.

 

Tom's Guide was a little less sweeping, arguing that free antivirus programs are as effective as those charging an annual subscription of $50 per user or more. And security firm KnowBe4 said that most AV programs are useless against ransomware because it's such a different animal.

 

So can you ditch the AV program? Nonsense, say security experts.

 

"Would you tell your mom to remove the antivirus from her computer? No? Ok then," says Randy Abrams, an independent security consultant who previously worked for NSS Labs and ESET, the maker of the NOD32 antivirus program.

 

He acknowledged that antivirus is far from perfect, but said it still protects against most threats. "They've been saying since early 2000s that antivirus is dead, it's not effective. The truth is it's effective against the vast majority of threats but not so much the brand new stuff," says Abrams.

 

Abrams says that most malware is old, and a recent report from security firm WatchGuard confirms this. The company found that 30 percent of malware attacks in the fourth quarter of 2016 were zero-day exploits that couldn't readily be caught by antivirus programs. But that means 70 percent of malware attacks were not zero-days, and often these attacks were from virus strains that have been around for months if not years, which an AV program can catch.

 

David Perry, an independent consultant who has worked for Symantec, McAfee, F-Secure, and Trend Micro, said has heard the 'AV is dead' refrain many times and it's never true. "Pretty much every year someone says antivirus is dead. With endpoint protection, we need to do everything. As good as your gateway protection might be, they still needed to clean up an infection on the desktop," he said.

 

"Who has an alternative to sell that started the rumor this year?" he continues. "There are people in those industries who consider antimalware superfluous, but ask someone at a big bank or Boeing, they will agree that they need some way to clean malware off those desktops. They don’t want to have to flash them every day."

 

Perry thinks we are headed to a future where client PCs will all use virtual desktops, so if you get an infection you simply reimage the PC. "That's what people on my level do but that's not an option for a law firm," he said, although eventually it will be. Abrams also felt ransomware can be handled without a malware product by keeping proper backups, so if a computer is hit with ransomware it can just be wiped and restored.

 

Another proposed solution is whitelisting, where a security program only allows applications from a pre-approved list to run. This is the opposite of the blacklist method of antivirus, where executables are compared a list of known bad players and blocked if there is a match. The security company PC-Matic runs constant ads on cable news channels hyping its whitelisting security, but Perry thinks it's an unworkable solution.

 

"If you do solid whitelisting, you don’t let anything [be] added to your system, so how do you get onto a web page because they all run JavaScript and Ajax. Are you going to stop using Netflix? It downloads Silverlight if you watch it on Windows 7. You're going to frustrate yourself all the time. There isn't one executable in a program. Microsoft Word isn’t one EXE; there are 150," he says.

 

Still, malware continues to hit the internet and end users at an ever-increasing rate, the two say. "When I started, we saw 30 pieces [of new malware] a day. Now it's 150,000 a day if not more. By the time tomorrow comes it's all new again," said Perry.

 

A lot of malware developer kits (yes they have those) allow for the constant generation of new, slight variants of the same malware, sometimes coming just five minutes apart. Abrams says 80 percent of the new malware samples sent in to antivirus companies are seen just once because of all the variants. "It's a zero-day but how many people does it affect? One," he says.

 

Ransomware is a problem because it often involves suckering people into loading a malware package by visiting a website or clicking a link. And technology can't overcome stupidity.

 

"Antivirus programs have improved a lot, but I'd say the level of ransomware hitting people is indicative that there are still problems. Technology has a hard time beating social engineering. To some degree it's perspective. It comes down to educating end users and that's tricky," says Abrams.

 

Article source

[Agent 86]

1 hour ago, Batu69 said:

"Would you tell your mom to remove the antivirus from her computer? No? Ok then," says Randy Abrams, an independent security consultant who previously worked for NSS Labs and ESET, the maker of the NOD32 antivirus program.

 

this is so lame. first he thinks he knows what we would tell our mothers, if in fact she did have a computer, and in fact if she did have an A/V installed, and if in fact bla bla bla. He must be a mind reader! One thing for sure, he is very bias being tangled up with NSS Labs and ESET. I disagree, IMHO A/V solutions are very worthless.

[46&2]

@OP nice article. I agree with @Agent 86 tho. I have no use for antiquated and cumbersome softs. Let the sheeples do as they collectively do. More power to 'em. LMFAO if my mom had a computer I would be a busier person by far than I already am. My mom has never, nor will she ever have a computer. She has no need for one, imagine that!

[dMog]

I  have a brother who has a computer...i tell him his best defense to keep it clean is for him to never go on it ...he just has a knack for screwing it up and finding new ways to get really preventable shite on it... if as we all know the best and the first line of defence is your brain and your common sense... well he strikes out on those all the time when it comes to computers..i will not even allow him to check his email on my computers..... he just goes to the wrong porn sites I  suspect

[pc71520]

18 hours ago, Agent 86 said:

I disagree, IMHO A/V solutions are very worthless.

Especially against unknown threats (a.k.a. 0-day malware).

[Nastrahl]

19 hours ago, Agent 86 said:

this is so lame. first he thinks he knows what we would tell our mothers, if in fact she did have a computer, and in fact if she did have an A/V installed, and if in fact bla bla bla. He must be a mind reader! One thing for sure, he is very bias being tangled up with NSS Labs and ESET. I disagree, IMHO A/V solutions are very worthless.

 

We should thank him to consider our mothers like idiots.

 

When you buy an house you firstly check that it has a solid door (firewall), then you could consider investing on security cameras (AV) if you need, which most people actually don't (even if there's nothing wrong on monitoring for any purpose).

 

Edit: it can strengthen your security feeling too, but it's not an absolute necessity.