An executive at a company whose name is synonymous with antivirus software raised eyebrows earlier this year when he pronounced the death of that form of system protection. Nevertheless, while the effectiveness of that software may have waned over the years, security experts say the pronouncement by Symantec's senior vice president for information security Brian Dye was premature.
Certainly the growth in sophistication of malware has made untenable the use of signature-based antivirus software as a standalone source of protection for systems. "More than half the threats we stop aren't stopped by our AV software," said Chandra Rangan, vice president for product marketing at Symantec.
"We're trying to educate people," he added. "We're saying that if you just have signature-based antivirus, it's not enough."
While signature-based antivirus software alone doesn't provide enough protection in today's threat landscape, it's still making a significant contribution to system security. "If you went to any of the Fortune 1000 companies and said, 'Antivirus is dead; remove it from all your systems,' you would find a lot of security officers laughing at you," said Brian Kenyon, chief technical strategist with Intel Security (formerly McAfee). "The reality is — even in its current form — AV stops a lot of stuff today."
Kenyon added that blocking threats is only one part of antivirus's job in protecting systems. "It's not just about stopping things," he said. "It's also about cleaning things and eradicating them from a system."
"But," he continued, "if you asked, 'Is the current AV architecture and capability the future of our industry?' I would definitely say, 'No, not in its current form,' but I don't believe it's dead.
Limiting the definition of antivirus to signature-based software may be doing an injustice to the technology. "AV is not defined by signatures; it is defined by protection against malicious software," said Randy Abrams, a research director at NSS Labs, an independent testing service. "Products that only protect against viruses and only with signatures have been dead since the 90s."
Malware fighting antivirus software continues to have value in the enterprise, even as powerful new defense platforms come online, like breach defense systems (BDS). "These systems are designed to quickly detect and contain security breaches that every enterprise has or will have experienced," Abrams explained. Initially BDS products performed their role as described; however, IT personnel were left cleaning up the problem.
"AV vendors began to seize on the opportunity and offer a complete end-to-end solution," he continued. "The result has been that the pure play BDS vendors have had to add malware detection and remediation functionality to their systems."
Pronouncing antivirus's death is nothing new. In 2006, for example, Hurwitz & Associates released a report titled "Anti-virus is dead." In it, analyst Robin Bloor maintained that antivirus would be replaced by tools that used whitelisting to wipe malware from the computing scene. Whitelisting is used effectively today in some environments, but it has its drawbacks.
Sign up for Computerworld eNewsletters.