Is Antivirus Software Dead?

Always-on Internet connectivity is keeping malware concerns alive and well. We examine whether antivirus software is up to the task, or whether it's a security solution of the past.
The disaster-recovery approach assumes that something will go wrong, but makes it easy to pick up where you left off. Full-system incremental imaging -- like that available in Windows Vista and Windows 7, or the OS X Time Machine -- is a big aid to this, but could benefit from more fine-grained control or integration with the above-described sandboxing technologies to be even more effective. Example: being able to take snapshots of different aspects of a system state, such as the states of different programs, and selectively roll them back as needed if they are damaged.

Linux, Mac: Uncharted Territory

One area where many of these new techniques might well be tested in a live context is not Windows or even Linux, but the Macintosh. Malware protection for OS X has typically been very meager, and a good deal of that is because the Mac simply hasn't been that big a target for malware. Yet. If it does become a bigger target, it will have more protection than Windows did simply by dint of having processes not run as admin by default.

But, as described above, that approach only goes so far. If the Mac becomes popular enough to also be a regular malware target, then it will experience the same baptism by fire that Windows did. Then Apple will either have to add new platform-level features to fight such things more elegantly (e.g., whitelisting), or add antivirus products as a regular presence there. That by itself would knock out one of the major selling points of the Mac as a platform: its general lack of malware and inherent security. For now, however, it's a safe place.

The same could be said for Linux as well. Its measurable desktop marketshare is far below that of Windows or Mac, but that doesn't make it immune from being a target. And, as above, the fact that non-essential processes don't run as root is not a cure-all, and in many cases isn't even required to do the kind of harm most malware authors are after. It might not be possible to know how secure the average desktop Linux stack is from concerted attack without it actually becoming broadly used and therefore broadly attacked. There's something of a paradox here: if few people use Linux, it remains relatively untargeted but it also remains less use-tested in the real world, where attacks on computers are a way of life.

The ideal solution to malware would be a secure platform, where malware was a thing of the past. Unfortunately, software's very complexity makes a de facto secure platform almost impossible to guarantee.

The best long-term solutions will be platform-based. Such platforms can't be perfect, but they can approach a greater degree of security through continual, rigorous improvement (both internally and externally). The most useful interim solutions, though, will still come from third parties. What will be and already is pass is the old-school approach to system security, the "scan everything that moves" philosophy that creates at least as many problems as it solves.

Antivirus isn't dead. But it must evolve into a true complement to the kind of computing we now do, and to the threats we're now trying to guard against.

For Further Reading:

Wolfe's Den Podcast: Trend Micro Takes Security To The Cloud

Think Your Anti-Virus Is Working? Think Again

Microsoft Offers Free Security Essentials

70 Of Top 100 Web Sites Spread Malware

Popular News Topics Become Malware Bait

InformationWeek Analytics has published an analysis of the current state of identity management. Download the report here (registration required).

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5