Antivirus -- myths and evolution
Antivirus products have steadily evolved over the years but a number of obsolete myths still persist.
For example, many people still believe that AV software can detect only what it knows, uses only static signatures and offers little or no protection. A new report from NSS Labs looks at the history of antivirus software and how it has, and continues to, evolve to meet new threats. It concludes that whilst endpoint protection is still essential it has evolved beyond simple antivirus programs.
NSS Labs research director Randy Abrams says, "AV has been proclaimed to be dead or dying for many years despite a trend of increasing revenues. The basic premise is that consumers and enterprises alike will drop the technology that so often fails them. The stigma that surrounds AV is a result of a long history of deceptive sales and marketing claims within the industry; for example, that the Virus Bulletin 100 award means a product will protect users from all threats, despite the obviously flawed use of an extremely limited sample set in such tests".
He also points out that exclusively antivirus products have become extinct and that those which focus solely on malware are mainly free products used to entice users to upgrade to a premium solution offering all-round protection.
The latest products use heuristic protection to identify suspicious behavior. Many recent high-profile threats have been identified by various products using heuristic techniques before signatures were released.
Of course the whole thing is, as ever, a cat and mouse game between the malware developers and the security providers. For a targeted attack cybercriminals may only need to defeat a few products to succeed.
Abrams points out that historic indicators suggest a strong probability that EPP vendors will soon offer breach detection systems products. He reasons that in order to successfully deploy protection products, organizations need to understand the strengths, weaknesses and scope of current protection products, as well as evaluate new technologies that complement them.
You can access the full report at a PDF on the NSS Labs website.