Is antivirus software still relevant?

Featured eBooks
AI, From Front Line to Back Office
Trust in Government
Chasing New Industry
Insights & Reports
A Resilience Blueprint for Local Governments
Presented By Schneider Electric
Download Now
Building AI-Ready Networks: A Public Sector Guide to Private Connectivity Fabric (SM)
Presented By Lumen
Download Now
By Lou Magnotti

By Lou Magnotti

|

No matter how useful antivirus software can be, its drawbacks are causing information security professionals to take a second look at antivirus protection – and the alternatives.

Federal agencies are big users of antivirus software, and regardless of their technical competence, government security professionals still find themselves victims of malware. Unfortunately, simply installing antivirus technology does not protect today’s endpoints.

In a 2014 Lastline Labs study on the effectiveness of antivirus scanners, much of the newly introduced malware went undetected by nearly half of the antivirus vendors. After two months, one third of the antivirus scanners still failed to detect many of the malware samples. The malware dubbed "least likely to be detected" went undetected by the majority of antivirus scanners for months or was never detected at all.

For those malware samples that initially eluded all of the scanners, the average time for at least one of the samples to achieve detection was two days. None of the antivirus caught every new malware sample. 

Some significant drawbacks to antivirus software include:

  • Antivirus software can impair endpoints.
  • An incorrect decision may lead to a security breach when inexperienced users don’t understanding the prompts.
  • False positives can be as destructive as false negatives. If the antivirus software employs heuristic detection, success depends on achieving the right balance between false positives and false negatives.
  • Antivirus software generally runs at the highly trusted kernel level of the operating system, creating a potential avenue of attack.

No matter how useful antivirus software can be, its drawbacks are causing information security professionals to take a second look at antivirus protection – and the alternatives.

Several years ago, the Milnsbridge Corporation sponsored case studies focused on a new approach, called CloudAV  that moves antivirus functionality into the network cloud and off personal computers.  The study focused on virtualizing the detection functionality with multiple antivirus engines, significantly increasing overall protection.

Traditional antivirus software that resides on most PCs checks documents and programs as they are accessed. Because of performance constraints and program incompatibilities, only one antivirus detector is typically used at a time.  CloudAV, however, can support a large number of malicious software detectors that act in parallel to analyze a single incoming file.  Each detector operates in its own virtual machine, so the technical incompatibilities and security issues are resolved.

Some of the drawbacks deal with speed in handling the volume of data. While CloudAV stores previously screened data, processing time is an issue. There is also the concern of the cloud provider’s level of security in and of itself. Regardless, several CloudAV providers are available in today’s market.

Many of the existing operating systems come with antivirus software built in.  Others may use application whitelistings (AWL) – as opposed to blacklisting – as an integral part of the OS. 

Most people in the IT field are familiar with blacklisting because it is the technology used in almost every antivirus product in existence. It simply checks every new file on a system to see if it contains malware. If malware is detected, it is blocked from executing and carrying out any damage.

AWL is just the opposite. It will deny the execution of any application not previously and explicitly identified as “not malicious.” AWL offers more security primarily because it denies malicious code that has never been seen before (zero-day issues) and code that blacklists won’t recognize immediately. Security professionals must keep in mind that there is considerable expense in the AWL game, not only with the initial purchase but with the internal man-hours required to make changes and test new patches and application updates on the servers. Additionally, AWL will not permit IT managers to use their  systems the way they like because it blocks non-malicious code such as new applications. Therefore, most users have traded security (whitelisting) for ease-of-use (blacklisting).

Another reason information security professionals are taking a second look at antivirus protection is the “cost vs. rewards” to their respective organizations. The advent of malware insurance has offset the cost incurred by damages from malware; however, there are also losses to one’s reputation and possibly even regulatory fines to consider. Couple this with the premise that no antivirus technology will guarantee 100 percent security, and government security professionals find themselves in a conundrum when faced with the task of providing cost-effective advice to senior executives.

So, what is an agency to do? While the drawbacks of using antivirus are all valid, many agree that the technology should still be used as part of a “security-in-depth” approach. Maintaining an arsenal of sophisticated security tools that protect the enterprise network from the “outside-inward” is still the preferred, balanced approach to security. Equally important, antivirus technology must be complemented with a good security education and awareness program along with other information security policies and procedures.

NEXT STORY: NOAA forecasts more accurate weather predictions

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.