With the recent outbreaks of progressively more violent ransomware infections, one question seems to be coming up more and more frequently: is conventional virus protection still effective?
It’s a difficult question to address. True, virus scanners were essentially useless during the initial Cryptolocker outbreak, and again they were unable to stop Wannacry from wreaking havoc, but that doesn’t mean traditional scanners are without function. As we commonly have to explain to clients: anti-virus protection is a very reactive business. New viruses are released all the time to exploit security gaps, and there’s no way to protect against a threat that has never been seen before by anyone but its creator. Only after the infection is out in the wild can companies like ESET and Kaspersky learn to defeat it. Yet a good anti-virus program is always included in security considerations, so can the technology really be called dead?
THE SIGNATURE SAUCE
When we speak of traditional anti-virus, we are often referring to programs installed on a computer that run actively in the background. Historically, these programs utilize signature-based detection as a first defense against viruses. They work on a simple principle: once a virus is encountered in the wild, anti-virus companies add its “signature” to the database to protect against further outbreaks.
That’s one piece of the puzzle, of course. Modern anti-virus software also scans for behavior that is often associated with common viruses. They’re frequently triggered by common signs, such as macros being run in document files that were downloaded from the internet, and will step in to stop them. Then you have other non-signature based technology like heuristic analysis, personal firewalls, application blacklists, and other fancy monitors that try and prevent unknown threats from taking hold. Anti-virus has evolved over the years to protect against constantly evolving threats.
A REACTIVE BUSINESS
What lends credence to the idea that anti-virus software is a worthless defense is the reactive nature of its development. A new generation of virus will always have a window in which to run wild before software developers can adjust their detection methods to ensnare it. Wannacry used an exploit in Windows to execute silently, Cryptolocker was innovative enough to avoid detection, and we can go all the way back to viruses with randomized encryption codes which led some to declare AV dead back in the early 90’s. The claims that the business is in decline has been around for decades, it’s only picked up volume as virus outbreaks become more widespread.
Viruses aren’t developed in a vacuum, they are designed to work around common security measures, anti-virus included. Often, a developer will test their virus by executing it on systems running the most popular anti-virus applications. If the software is designed to detect a certain type of behavior, the virus developer will attempt to mask that behavior. It’s a battle in which the virus always gets the initiative. This unfortunately means that the only place that AV truly excels is in cleaning up after the fact.
THE BEST DEFENSE
The moral that should be learned is: anti-virus programs aren’t a catch-all defense. Just because you’ve got an up-to-date copy of Avira or ESET doesn’t mean that your system is inoculated against all threats; it’s really just one brick in the wall. How high you build the wall is up to you. Spam filters will help catch infected emails before they reach your network; backups will ensure that, should the worst happen, you can recover from it with minimal loss of data; firewalls protect from outside intrusion; regular software updates can prevent exploitable weaknesses; and good old fashioned user vigilance can help detect threats and minimize their impact. There are countless options for people who want to keep their data safe, but a strong defense always starts with a good anti-virus program.
That’s pretty far from being dead. Despite recent high-profile outbreaks, the industry has evolved over time to keep up with the changing virus landscape. Even if we focus purely on the old-fashioned signature-based detection, old viruses float around the internet indefinitely, waiting to land on an unprotected system. Without traditional anti-virus, actual removal of infections would be difficult without the use of a wipe and reload. Any way you slice it, these programs serve an important function and will probably continue to in the foreseeable future, so don’t cancel your subscription just yet. Our advice at Just Fix It; never go without a good anti-virus.