Is Antivirus Becoming Obsolete?

By Ken Presti
October 03, 2012 7:32 PM ET

Page 2 of 3

Carbon Black's Viscuso estimates that virus traffic is growing at a rate of 783,000 new samples each day. Therefore, whatever signatures are missed on any given day will have to compete with all the new ones coming online tomorrow and the next day. Viscuso added that even if you could somehow keep up with the growth, the resulting performance hit on the individual machines would be far worse than the market would bear.

"That leads us to believe that customers should leverage the signature databases of multiple AV packages, as opposed to just one," said Viscuso. "In many cases, the AV products don't allow you to run more than one on a single machine. So, channel partners and customers should use a service that can scan all those binaries so that even if your particular antivirus isn't catching it, maybe the other one will."

Henry, from Lumension, argues that many machines are not adequately protected because we are relying on failed technologies that are erroneously considered to be a best practice.

"Firewalls are another example," he said. "For the last 20 years, we've used things like port-centric firewalls. If they wanted to block somebody from going to the Internet, we would block port 80. So, that just means the bad guys need to reconfigure their software to use port 79 because they left port 79 open."

Henry suggests that enterprises move towards a positive model for security in which they identify what is allowed to run, as opposed to a negative model for security in which they identify what is not allowed to run -- as is the case with antivirus.

"In a white-listing environment you have to approve a given piece of software, or even a script, to run in this environment," he said. "Beyond that, you also have to validate that nothing is changed with that piece of software. In other words, the signature for that software needs to be trusted. If it's not trusted, then it's not allowed to run. It's more work to deploy software in an environment like this. The administrative burden is a lot higher than just turning on antivirus. But, the level of security is much improved."

Henry added that, despite his point of view, the market for antivirus products will remain strong because AV technology is typically required by standards bodies. "If they went out and just did white listing, they would be non-compliant," he said.

"I'm not saying throw away antivirus," Henry added. "I'm saying complement antivirus with white listing. It's simply a smarter way to go."

NEXT: Antivirus Not An IT Security Panacea, But Can’t Hurt

<< Previous | 1 | 2 | 3 | Next >>

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

	10 Security Companies That Have Scored CIA Funding CIA-funded venture firm invests millions in technology startups, mostly security firms. Find out which security companies won In-Q-Tel funding.
	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	More Slide Shows