Do traditional antivirus solutions still have a role in the age of AI? [Q&A]
Antivirus software was one of the earliest cybersecurity solutions, with the first commercial programs appearing in the 1980s, and it remains at the core of protecting computer systems today.
But as threats evolve and become more sophisticated, does traditional antivirus still have a role to play or will it be overtaken by technologies like artificial intelligence?
We spoke to Peter Stelzhammer, co-founder of the independent testing organization AV-Comparatives to find out.
BN: Why have antivirus solutions endured for so long?
PS: In short, because there has always been a use for them. There is an ongoing cat and mouse game between antivirus efforts and cybercriminals -- and bad guys are getting smarter each year.
The foundations of viruses and antivirus (AV) software have changed dramatically over the past few decades. Viruses no longer originate from kids at school messing around on computers to earn their stripes among friends. We're now dealing with organized cyber gangs, deploying advanced software like ransomware and trojans that lead to chains of infection. Antivirus solutions still hold a vital role in protecting high value assets against adversaries, especially as most users within a business are not cyber experts, and therefore need support when defending against known and unknown threats.
Antivirus software will continue to prove invaluable in the face of phishing and ransomware kits. Now that any individual can become a criminal and launch their own attack campaign with ease, the threat pool will continue to grow.
A lot of people still view antivirus solutions as those that existed 20 years ago -- the old, clunky products that slow down workstations. However, AV software, like most other cyber solutions, has kept up with changing times and is more than capable of handling modern day threats. For example, they block malicious URLs in a phishing attack, and support threat behavior detection programs.
BN: What makes for good antivirus software?
PS: The ideal product delivers high protection rates and minimal false positives. It comes down to finding that fine balance of knowing what to block and what not to block. If the solution is overzealous in its protection, then it can affect productivity and users will end up switching it off.
Effective AV solutions should not overly involve the user in their operations. Sending messages that question whether the user wishes to execute a requested task undermines the whole purpose of the product. It can cause unnecessary confusion. If an older, tech-cautious individual loads up Internet Explorer and the AV solution pops up asking if they're sure they want to connect to the internet, it can trigger alarm bells and the user aborts the action. Equally, if a child goes to download a video game from an unknown source and the message pops up questioning the action, they won’t think twice about it and approve the request. The customer is paying for the AV software to know what it should or should not block.
There is still a misconception around AV products and their impact on system running speeds. While older solutions gained a reputation for slowing down workstations, this cannot be said for modern options. The delay time is now a few milliseconds which is imperceptible to everyday users.
BN: Why are your tests so important?
PS: Given how important antivirus software is in today's cyber landscape, it’s crucial to give customers cohesive and unbiased information on their options. It's important AV testing firms deliver independent tests on the range of antivirus solutions available.
These tests are designed to break through the marketing fluff and highlight the scientific facts and numbers that matter. In the same way that the government counts the cases of Covid in the country, AV testers count the number of infections detected in AV products. The transparent and recognized methodology is based on real-world testing, simulating the scenarios that users face on a regular basis.
Once products are tested, they are rated and those that score highly receive certification of an official seal of approval. For enterprise solutions, a product will either be approved or not, there is no in-between rating system. The two main elements that are frequently considered are protective capabilities and administration. Given that most solutions score better than 98 percent on the defense side, enterprises normally pay more attention to the administration and usability results. This is often what distinguishes the good solutions from the best.
BN: How has the threat landscape evolved in recent years?
PS: The threat landscape has changed massively over the last few years thanks to advancing technology, sophisticated attack techniques, and external factors like the pandemic. We're now faced with highly sophisticated threat vectors and multistage attacks, including spear phishing, social engineering, fraud, and ransomware.
Criminals will go to great lengths to uncover the specific security products being used by organizations so they can create a detailed map of the infrastructure. It's far easier for them to launch targeted attacks when they know what they’re up against. Multistage campaigns usually therefore start with a phishing email to harvest credentials that can deliver them access to the network later.
Remote working has certainly exacerbated the situation as employees often resort to using personal devices for work activities. Connecting these unknown devices to the enterprise network often undermines the organization's security policies and broadens their attack surface -- zero trust goes out the window and criminals get a free pass to the network.
Furthermore, one of the biggest elements of today's threat landscape that is often overlooked is mobile devices. If you think about it, today’s mobile phones are minicomputers with call functions. They're far more advanced than those that existed a decade ago, and often hold more personal and sensitive data than laptops. Criminals have started aiming their phishing campaigns at mobile devices because users are typically less concerned about cyberattacks, and it is physically harder to identify the signs of deception on a smaller device.
BN: How will new technologies like artificial intelligence and quantum computing affect the cybersecurity sector?
PS: As the industry stands, it is nearly impossible to brute force passwords with 12 characters. But with quantum, it becomes child's play. While quantum computers are currently too large and too expensive for everyday cybercrime, once it's become more accessible it will be able to crack passwords in a matter of days. Without a doubt, quantum computing is set to flip the cyber industry on its head.
Equally, however, these innovative and advancing technologies will greatly improve AV products, making them stronger and faster in preparation for future battles. While nearly all antivirus solutions currently on the market use machine learning to an extent, there are those that have taken it to the next level.
The aim of the game is to harvest the power of quantum and artificial intelligence before the opposition -- aka the cybercriminals -- succeed first.
Photo Credit: Sergey Nivens / Shutterstock