Eiram wouldn't go so far as to say that antivirus products have no place anymore. He agrees that many users, both at home and within corporate environments, still need to be protected from their own actions, like downloading risky software or clicking on malicious links.
Endpoint antivirus programs help reduce such basic threats. But does that outweigh the risk of a possible attack against the antivirus product itself? It depends on how likely those threats are to occur and the overall security of the antivirus product installed, he said.
People should carefully consider what security software is fit for their environment and especially which features they really need enabled. Antivirus buyers should check the security track record of the vendors they choose and look at how fast they deal with vulnerabilities affecting their products, as well as the type and severity of those flaws, Eiram said.
"People shouldn't just blindly install security software because they think it makes them safer," he said. "That may not be the case."
"We can never underestimate the pace at which the sophistication of malware is being advanced," Kaspersky's Zakorzhevsky said. "At the same time we can’t agree with the argument that antivirus is ineffective. Before a comprehensive strategy can be developed to detect sophisticated threats and targeted attacks aiming at businesses, generic malware must already be filtered and blocked."
A multi-layered strategy that combines traditional antivirus software with next-generation protection tools, intelligence sharing, security services, training of IT professionals and routine security assessments applied to software, hardware and applications, is the only approach the reduces the risk of corporate and personal data being compromised, he said.
Bitdefender admits that there are cases when antivirus products miss malware samples, but considers them isolated incidents that account for under one percent of all threats.
"So this ultimately boils down to filtering the bulk of opportunistic attacks -- which are based on known vulnerabilities or variants of known malware -- and then complementing the antimalware solution with security awareness programs, for instance," the company said.
One technology that could either complement or replace antivirus programs entirely in high-risk environments is application whitelisting, which only allows pre-approved applications to run on a computer. The U.S. National Institute of Standards and Technology recently encouraged the use of such protection mechanisms, which are available in some operating systems by default, and even released a guide with recommended practices.
Network perimeter protection is also important in defending corporate environments both from outside and inside threats, like data exfiltration attempts. However, users should not assume that network-level security appliances don't have vulnerabilities. In fact, security researchers have found a large number of flaws in these products as well over the years, and exploits for them are also being sold on the unregulated exploit market.
Sign up for Computerworld eNewsletters.