Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Is Anti-Virus Dead?

published on 2013-09-12 11:31:00 UTC by Trojan7Malware
Content:
After seeing this debate for a while I decided to write up my view. It's hard to get your point across in 140 characters ;). 

My opinion:
My personal opinion is that anti virus has had it's time and its now time for a new method to take the reins. Ill break down several reasons why AV (Anti virus) is dead.

Bypass: 
It's been common knowledge for several years that anti virus especially the signature based variant can easily be bypassed by adding fake calls,legitimate code stolen from other program's,encryption,delayed execution and several other methods. It's now become such a trivial process to make AV completely useless that people who have barely understand a language can successfully bypass AV. No offence to HF users but majority of the people there a children. Most around the age of 13 and still using dark comet RAT. Even on a forum like HF you can purchase a Crypter that will maintain FUD. 

Blocking:
The majorly of AV vendors have a "I'm always right" attitude. This leads to legitimate,previously hacked websites becoming blocked,legitimate software becoming blocked and businesses destroyed. I've seen several entirely legitimate program's become detected by AV and subsequently a entire,costly re-code is required. 

Following other vendors like sheep:
  This happens all the time, especially via virustotal. Say F-Secure detects a program as malicious another vendor for example avast will block the program PURELY because F-Secure did. How do I know this? It's really easy. Host a website that downloads a malicious program,submit to VirusTotal and see which vendors IP's actually connect. You'll be surprised its almost none yet the file becomes fully detected. 

Marketing: 
So many vendors claim to be the best and detect all threats. This is entirely a lie and should really be a offence (false advertising). This results in people clicking anything they usually wouldn't because they think "if its malicious my anti virus will detect it". Trust me, I've seen it happen. 

Vulnerabilities: 
Remember, just because they're anti virus doesn't mean the software doesn't contain vulnerabilities. Not only do several AV vendors take months to patch vulnerabilities some as severe as RCE many also don't have bug bounties. Call me or anyone else a money whore but the reason anyone is in Infosec is because of money, if it wasn't you'd have another job. Included in the RCE,stack collision and buffer overflows is DoS vulnerabilities. Not only can your AV software lead to you been hacked it can also lead to your computer been totally useless.

Summary: 
I'd like to be clear here. I'm not saying delete your AV as that's just beyond stupid. They do a good job at detecting threats but good really isn't the standard we need. We need another solution to a growing problem. I'm not sure what that solution is nor am I sure how viable a potential solution is but we need to innovate. AV has remained almost the same for 10 years whilst malware has completely evolved from simple troll worms to program's that can potential destroy a country (stuxnet). 
Article: Is Anti-Virus Dead? - published about 11 years ago.

http://trojan7malware.blogspot.com/2013/09/is-anti-virus-dead.html   
Published: 2013 09 12 11:31:00
Received: 2021 06 06 09:05:03
Feed: Trojan7Malware
Source: Trojan7Malware
Category: Cyber Security
Topic: Cyber Security
Views: 2

Custom HTML Block

Click to Open Code Editor