Jump to content

Is anti Virus old technology?


atiustira

Recommended Posts

I think one of the comments on the link you supplied had a good point:

IMO the reason that Symantec declared AV "dead" is purely a business reason - they aren't making money on it anymore.

I agree with that comment in that AV is still necessary along with other security aids.

  • Like 2
Link to comment
Share on other sites

Hello,

 

Yes, anti-virus is old technology. And much like other old technologies, it's constantly being updated and improved.

 

By the way, as any "true security professional" will tell you, anti-virus software died in 1990. That was when the first polymorphic viruses appeared, causing the death-knell for the anti-virus industry, which couldn't keep up. All those anti-virus companies like McAfee, Symantec, etc. just gave up and closed their doors.

 

Oh wait, that didn't happen... I guess they must have adapted and moved on.

 

Regards,

 

Aryeh Goretsky

  • Like 4
Link to comment
Share on other sites

Hello :)

 

Ok so I still do find the post to be interesting. Anti-virus not dead at all but it is changing. It couldn’t just rely on pattern matching any more after the 90's with polymorphic and encrypted or other wise obfuscated payloads. Heuristics became more important, and better. It was improved. User awareness is a very important part of a defence strategy also. I believe that most security problems are caused by users, and unawareness. And that is where this falls into play.

1) A good fire wall.

2) Proxy (to detect and block communications to blacklisted IPs/domains which indicates a host on your network is infected)

3) IDS/IPS (signatures to detect malware communications)

4) Antivirus

5) SIEM - continuous monitoring of firewall logs, events, etc. to detect what 1-3 may have missed (this is your fail-safe).

 

I found a bot on friends computer running a windows operating system many years ago. Before there was much information on the internet about what a bot is. I didn’t know what it was. But connected the system to a network that had my linux system on it. And observed it trying to communicate with a server. I removed the viruses and malware from the computer.

It looked like the system was being used to infect other systems.

I installed zone alarm,which I liked because you could monitor what was trying to connect with it, and control the connections. I brought it back to my friend had to call his ISP,because they had disconnected him. For the system spreading the programs. They told me they wouldn’t allow him to reconnect until the system was looked at by a Technician. I had to tell them a number of times that I was a technician. They let it back online. There were a number of attempts to connect and reinfect the system. We observed that while I instructed the owner how to use the zone alarm and what the connection attempts meant. What I didn’t mention is that before I utilized the Linux network and snort. Is that I formatted and reinstalled his OS and software. Twice and got reinfected when I brought it online.

So yes anti-virus software is very important. But with out snort I would have not been able to figure out what was going on. And without a firewall I wouldn’t have been able to block the reinfection. These days a anti-virus is only a part of what is needed. That is my opinion.

Edited by atiustira
  • Like 1
Link to comment
Share on other sites

Hello,

 

That sounds like a good set of technologies to use. However, I think user education and periodically performing a manual review of log files need to be in there.

 

A lot of IT folks don't care for user education, they feel it doesn't work, is too hard to reinforce, that users don't pay attention, etc., and I don't think security companies like to emphasize it, either, for their own reasons (unable to monetize, fear that customer will think product is ineffective, etc.) but I think it is equally important (if not more so) than the other five pillars you mentioned. Anti-malware software¹, for example, isn't a magical forcefield which protects your computers from threats. Rather, it is a tool that allows you to manage risk, and in the event that a threat makes it through, that you've got some professional support available to help you begin triaging things. Anyone who tells you differently is... probably a sales or marketing person.

 

The other thing I mentioned is periodically looking at log files. Yes, SIEM is great when you've got more PCs to managing than you can count comfortably using your fingers, but a random look at original logs may reveal events that went undetected or unreported for some reason. Generally speaking, it's a time-consuming, boring and unpleasant task, but, as with user education, it's also important and underrated.

 

Regards,

 

Aryeh Goretsky

 

¹Which I'm just picking on because it's the one I'm most familiar with.

  • Like 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...