Thursday, June 2, 2011

Is the Antivirus Dead?

 With malware continuing to come at a quick rate and AV vendors only able to detect so much some have wondered "Is the AV dead?" In my honest opinion the AV is one of the most well know parts of computer security.  In my opinion the everyday user does not understand other types of security tech such as HIPS, Some Sandboxes, and registry tweaks. However the AV as we know it is not the same scanner that it was when it first started. So the tradition AV may be dieing but not the AV as whole.

  When the AV first started is was just the basic scanner. Eventually background protection was added along with automatic updates. Those three things made up the traditional antivirus program, which is why we called them the Antivirus scanner. However the time of the traditional AV are passing/over for an AV program like that can't keep up with today's amount of malware. Antivirus programs are changing, here are some examples how AV programs have changed:

 Heuristics: Heuristics gave AV programs the ability to detect new malware and variants of malware that the AV did not have a sig for. However heuristics are not able to detect all new malware and can cause false positives on clean software.

Code Emulation: The ability to virtually run a file to check its behavior added a good improvement in detection for many AV engines. However once again that was not a fool proof way to detect all malware.

 Behavior blocking: Behavior blocking is great for the prevention of new malware. However most of the time the user has to decide on if they want to allow the behavior or not. So each user has a 50% chance of allowing a bad behavior or blocking a good one.

 However that is just what has been added. New tech is being added each year to all the AV programs. Here are some things I think will really help improve each AV product:

 Cloud: The Cloud Tech is really starting to take off. We even have full Cloud AV products being launched like Panda Cloud and Prevx. As more and more vendors start to add cloud into their products I think it will really help their detection rates.

Sandboxing/Isolating: I think Automatic Sandbox and File Isolating are really going to take off in AV products over the next few years. As vendors find ways to make it simpler for users it will greatly improve the detection ability of each product.

 So in my opinion the traditional AV product/scanner may be dieing but the Antivirus is not dead. AV products are not the same as when they started and maybe 10 years from now AV products won't be like they are now.

No comments:

Post a Comment