Is the antivirus era really over? Not yet

Antivirus missed well conceived malware such as Stuxnet, Duqu and Flame, but so did business-grade defenses. Simply put, antivirus is being hung out to dry.
Written by Larry Dignan, Contributor

Antivirus software has its issues: Signatures need to be updated, new attacks avoid common defenses and it's consumer grade protection. But it's far too early to write the antivirus software obituary.


MIT's Technology Review declared the antivirus era over. In a nutshell, the Flame attack highlighted how antivirus scans aren't perfect. F-Secure's research chief Mikko Hypponen said on Ars Technica that the antivirus industry failed.

Hypponen noted that the antivirus industry has frequently missed well conceived malware such as Stuxnet, Duqu and Flame. These attacks weren't run-of-the-mill malware since they were created by governments to target oppressive regimes.

Indeed, antivirus missed those attacks---but did ultimately find them---but let's not get crazy with the bashing here. Why? Simply put, antivirus is being hung out to dry. Newfangled defenses---notably business grade IDS and IPS---all missed Stuxnet, Duqu and Flame. If we're going to rant about antivirus it may be time to take out a few other defenses as collateral damage.

Meanwhile, it's worth considering the consumer alternatives to antivirus. Alternative approaches aren't commercialized.

Hypponen said:

The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well-resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers, and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose....It’s not a fair war between the attackers and the defenders when the attackers have access to our weapons.

Hypponen didn't declare the end of antivirus. He was just noting that the security industry is outgunned.

Now what? The Technology Review argued that it's time to demote antivirus. Going forward, antivirus is just part of the equation. Startups are cooking up new defenses, but commercialization appears to be distant.

In the meantime, antivirus, which may indeed be outgunned, is the best we have. And given the risks involved antivirus software will continue to sell. Passwords suck too, but you still use them. Antivirus will ultimately be demoted, but before we declare the end of an era I'd like to see the alternative defenses first.

See also:

Editorial standards