2015 -- the year automated malware protection and firewalls become worthless?

2015 -- the year automated malware protection and firewalls become worthless?

Whether you're a home or business user, one thing you've probably had drummed into you for years is the importance of virus protection, an effective firewall and malware guards. Well, as we start our journey into 2015 such security tools may not be anywhere near as effective as they used to be. Is it worth investing in them at all?

The suggestion isn’t that we should ditch firewalls and malware protection altogether -- that would be insanity. But security expert Ilia Kolochenko says that we need to rethink our reliance on automated security tools.


Kolochenko is CEO of High-Tech Bridge and Chief Architect of ImmuniWeb, and he has looked forward to the year ahead to make a number of security predictions. Perhaps the most interesting is the idea that we will no longer be able to rely on automated security tools to offer the level of protection we need. That's not to say that they won't have their place, just that human intervention is going to be necessary as attacks become more complex and evolve more quickly.

Web Application Firewalls, Web Vulnerability Scanners or Malware Detection services will not be efficient anymore if used independently or without human control. Both web vulnerabilities and web attacks are becoming more and more sophisticated and complex to detect, and human intervention is almost always necessary to fully detect all the vulnerabilities. It's not enough to patch 90% or even 99% of the vulnerabilities - hackers will detect the last vulnerability and use it to compromise the entire website. As a solution to the new threats High-Tech Bridge has launched ImmuniWeb SaaS -- a unique hybrid that uses automated security assessment combined with manual penetration testing.

Kolochenko also believes that we'll see an increase in the number of online problems originating from external sources. It's fair to say that direct attacks that exploit vulnerabilities in sites, apps and services will continue, but there will be an increase in attacks that take other forms. Plugins are seen as being particularly problematic, as is cross-site scripting (XSS), and these are just two examples of security problems that require human intervention.

So while it might not quite be time to ditch the malware tools and firewall entirely, it is time to appreciate that even the best tool is only ever going to offer limited protection.

Photo credit: alphaspirit / Shutterstock

12 Responses to 2015 -- the year automated malware protection and firewalls become worthless?

  1. Hecc-MA says:

    Human AV, think I already got one.

  2. Adam Smith says:

    Thanks for the article Mark. I get the feeling that commercial products that 'scan' your drives for malicious files are just picking up the damage after it has potentially already compromised your computer
    These days drive by attacks as you visit a compromised website are becoming more innovative and destructive
    However, I hope you continue to recommend http://www.virustotal.com as a great way to check out the safety of files, including .exe files, on your computer

  3. john young says:

    Security always has and will be layered and multifaceted. Relying on one solutions is ignorant.

    True hard core hacking is actually rare. The average hacker/malware is looking for simple open holes in your security. Sadly it happens all of the time. Either because of ignorance or over worked IT staff's that eventually drop the ball because their IT department is like a triage unit, always moving on to the next project or fire.

    A business/corporation needs to layer security to protect its self. Users access should be heavily restricted down to their actual job and nothing more. They should not be administrators on their Windows boxes so they can't install anything, since 99.9% of malware/hacks today are the result of a Windows machine being hacked. They should have extremely restricted internet access, enough to do their job and no more. Any Internet access they have needs to be behind multiple layers of security that scrutinizes it heavily for its content.

  4. MosheBenSholom says:

    The biggest security hole will always be between the seat and keyboard.

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.