Trend Micro rails against standalone antivirus apps
Standalone antivirus applications are dangerous because they cannot adequately protect users and so create a false sense of security, according to the top malware expert at Trend Micro.
However, the company continues to sell its standalone antivirus application because of "customer demand".
At a press luncheon in Sydney yesterday, Trend Micro's top malware specialist Raimund Genes critisised companies — including his own — for selling standalone antivirus applications.
"Normally the [Trend Micro] consumer team kills me for this because I think you shouldn't offer separate antivirus, you only should offer a security suite because just offering an antivirus offers a false sense of security for the user base," he said.
"Just buying an antivirus because it is $10 cheaper lowers [the user's] level of security but they think they are secure... but the market demands it, the retailers demand it, the distribution channel demands it — this is why we still deliver it even if I hate it," said Genes.
A member of Trend Micro's consumer team who was attending the luncheon agreed with Genes. He said: "It is only because the market demands it. I would rather nobody bought standalone antivirus. We are trying to re-educate the market".
The comments directly contradict the descriptions on the Trend Micro website, which describes its antivirus (and anti-spam) application as the "essential security you need to safeguard all your data and files... you can rest easy knowing you have systematic, ongoing protection against the latest malicious viruses, worms, Trojan horse programs, and spyware."
Gene's comments came after he was questioned about competition from free antivirus applications such as AVG. According to Genes, free antivirus applications were only useful to 'geeks' who knew what they were doing.
"If you know what you are doing, it is not bad. As a security expert, why not AVG, why not something for free? But what you have to consider is that all these extras to the AV are not normally combined... so if you are a security geek you are able to combine and get a free firewall component, a free AV component and combine them all to protect you. For the average end user that is mission impossible. You need a security suite that combines all the elements — that is what you are not getting for free," Genes told attendees.
Signature-based blacklists are dying
Genes also said that blacklist-based malware protection would be dead within two years.
The executive said Trend Micro discovered 800 new pieces of malware every hour targeting Windows-based systems. The company expects that figure to double next year, which will make the traditional approach to antivirus unworkable.
"Two years from now, you will not be able to store the [signature] files on a computer any more... you will not have enough memory space," Genes said. "Some people are saying that antivirus is dead, and I have to agree the traditional methods to combat malware have no future."
"By 2010, every file that is opened will need to be scanned against 20,000,000 signatures," he said.
One possible solution that has been touted by various security experts is whitelisting, where known good applications and files are allowed to execute and unknown files are blocked.
James Turner, a security analyst for IBRS, agreed that blacklists were dying and said whitelists provided a sensible solution.
"Imagine giving the bouncer to a club the phone book... whitelists make sense — people talk about the range of applications that run in an enterprise, there are a fair few of them, but they're not constantly changing," said Turner.
The whitelist approach was adopted recently by Symantec in order to improve the efficiency of its malware scanners.
However, Genes argued that there were too many "good" applications being produced for effective whitelisting.
"Microsoft is generating 10,000 binaries every week. How do you tag them all as known good?" he asked. "There are so many custom applications in an enterprise environment — there are millions of freeware [releases] out there."
Genes said the rapidly evolving threat landscape required evolving security. "I think it needs to be a combination of different technologies, there is not one silver bullet any more."