3 min read

Traditional Antivirus Is Dead

November 10, 2015

traditional antivirus is dead

Antivirus (AV) software doesn’t work, is cumbersome and poor value for money, leading many to believe traditional antivirus is dead.

The AV industry is almost 30 years old and the software has been a necessary evil throughout that time. We all know the problems:

  • Slows down devices
  • Doesn’t find ‘enough’ viruses!

In February 2015 Threat protection company Damballa released its latest State of Infections report for the fourth quarter of 2014 which highlighted the limitations of the traditional approach to AV security.

The report found that within the first hour of submission, AV products missed nearly 70 percent of malware. Further, when rescanned to identify malware signatures, only 66 percent were identified after 24 hours, and after seven days the total was 72 percent. It took more than six months for antivirus products to create signatures for 100 percent of new malicious files.

1. Is one Vendor different or better from another?

Many people think the AV software they purchased from Company ‘X’ is different from Company ‘Y’? Think again!

The industry is only made up of a few unique engines that are heavily licensed. Regardless of which AV you choose, there's a good chance you actually just bought Bitdefender. This licensing program also makes it that much easier for attackers to target and avoid AV.

2. AV is Actually INCREASING Pop-Ups

Traditional AV companies understand their short-comings so they have started bringing in the marketing guys to find a way to stay relevant in the eyes of the consumer. The solution: More pop-ups! Over the last few years, AV software has INCREASED the number of times it interrupts your day to let you know it's “working”.

Working, of course, is a relative term.

3. AV Is Often The Reason Your PC Is Slow

Traditional AV companies take so much heat for hogging system resources, they will do anything to reduce the complaints, including hiding resource usage from computer users and even reducing the threat detection!

In the play book are tricks like paging memory to disk to hide memory usage, the invention of quick scans, and the worst offender of them all, on-access scanning. These tricks have hidden costs that cause instability, slowness, and decreased battery life.

4. Detection Relies On Internet Access

Ever tested your traditional AV without the internet?

Anyone who has will know that virus knowledge isn’t actually jammed into that constantly updating signature. Cloud lookups are a huge percentage of AV’s ability to detect things. Cloud-based lookups mean malware executes while the lookup occurs. This is also why one of the first things malware does to attack AV is stop AV from calling home. It’s partially to stop signature downloads, but it’s more effective at stopping detections the AV company has using the cloud.

So…what is the answer?

In 2015 most cybersecurity specialists believe that prevention is no longer possible and fast remediation is key.

I understand this approach, but my research has shown me that reports of the death of prevention are greatly exaggerated.

There are products like Cylance offering un-paralleled detection rates and significant decreases in machine resource usage, heralding a mathematical revolution to the security industry.

These leverage predictive mathematics, obviating the need for daily updates. No daily updates, means no daily scans and no performance degradation.

Once installed it will check all your existing files for malware. Unlike traditional AV it doesn’t have to wait for the malware to fire to discover it. 

Fretting about Ransomware will become a thing of the past!

Perhaps the best part of this machine-learning based solution is that the model file contains the entirety of malware intelligence, distilled down into one convenient package.

Subscribe to the LAN3 Blog


Topics: Insider Security

Written by Martin Jones @ LAN3