Why Is Antivirus Software Still a Thing? Antivirus has been around for more than 20 years. Do you still need it to protect yourself today? November 14, 2018 https://motherboard.vice.com/en_us/article/59vbzx/do-i-need-antivirus
AVs are obsolete but will always be needed until the masses learn proper safe habits and use more advanced tools.
I still don't understand how you could know if the software you run in a default-deny alone setup is safe or not, without a scanner.
1- manual Hash comparison, no need any scanners 2- In a properly set default-deny strategy, malware usual behaviors would be hampered (blocked sponsors/access/privileges, etc..)
After CCleaner being compromised on vendors end you can't. AFAIK no AV caught modified executable, but after a while I'm sure they've added detection signatures. That's one example where AV could show you that you have a problem. It's true that it would happen after the compromise, but without it you probably wouldn't be aware of it.
When we finally get good AI AVs or the power to run every program in a split second in a sped-up, not-realtime VM for behavior analysis, I guess we're safe.
Are we talking about the old school traditional signatures or today's AV's .... AV's are no more traditional there alot of other things products are using in complement to signatures and signatures aren't that simple either. Signatures are not always written after a malware is released.This is false.Previously written signatures will continue to match upcoming threats.Even if you discount that malware researchers find malware in development in underground areas and will add detection so by the time its delivered into the real world most companies have already profiled a threat. Lets talk about what constitutes a signature.Too generic=false positive.Too specific=not going to detect multiple samples.Signatures are still very useful.But it isnt always about just signatures.Look at the modern technology AV companies are using.Malware Similarity Search,Machine learning etc that are used to automate signatures quickly either store in cloud dynamically or release em as streaming updates.Now don't forget AV's these days have a lot more than just signatures like behaviour rules. When you make a fine blend of good signatures with other components+technology you make a great Security Program.Now you have to imagine if AV's were really as obsolete as they say in some these articles why are big security companies like kaspersky,bitdefender etc are still at the top of their game because they are much more than just the word "antivirus" Being a malware researcher myself I can say there are tons of similarities between threats and most times if you don't detect the binary doesn't mean you dont detect the threat.Just look at the majority of the commodity malware that's out there.Lokibot,Hawkeye,AgentTesla etc they just release tons of binaries via malspam for example regularly and most of them are caught by AV's in the second stage where the binary unpacks itself (they use commodity packers) because the underlying code in memory remains still the same.So if you don't detect the binary it isn't the end... Even malware like Ursnif,Emotet or Trickbot that have sophisticated groups behind them undergo changes like adding a new password stealing module or reading mail addresses from computer's mail inbox to use it to propagate but even then alot of the strings used by AV's to detect them are the same. The way the malware landscape is now today with all the modern tech the good guys have AV's will be ever evolving.
It is a thing and a good business. But besides being a business it is necessary. I would for windows defender atleast. I was a person who didn't believe in antivirus and more than that I didn't believe in windows update but I am a fan of UI so I installed windows 10. When wanna cry hit I was saved I had windows 10 (updates weren't installed) and Kaspersky Internet Security. Wanna Cry hit to all of the network and all the PC which doesn't had antivrius were hit. It was more of a windows backdoor exploit but I think that antivirus would have stopped the encryption program to the hacker to execute
These things work for you. 95% of the people I know and/or work with have no idea what these things even mean.
I was answering the question, in a context of default-deny setup. Obviously if you install such setup (out of reach of average users) you should know how to deal without scanners. Indeed.
people must get smarter. at least for a lot of mail and ads scams. how can you win a lottery in another country when you never were there or inherit money from someone you never heard of... really also default-deny it's safe when you set it for yourself assuming you know what you are doing and works wonders when you set it up for someone who must use only a few programs. for me brain>default-deny>adblocker>firewall>antivirus
They should but many won't for various reasons (no time/desire/capacity to learn, curiosity to open everything, etc...)
I understand that. It's just not going to work for average users. Which is most folks. If your target audience is just advanced Wilders members than sure, it's a good plan.
Whitelisting and default deny are most applicable to corporate IT environments. Whitelisting is effective because the type and use of system and application software is restricted in scope. The scope is determined by various corporate administrators; security, network, application software, etc. based on a predefined corporate IT policy. Default deny policy complements whitelisting in that anything not specifically allowed via it is automatically denied execution. This removes any decision processing action from the corporate end user as to "safety" of the process activity being performed. This policy also works hand-in-hand with software restriction policies that restricts what type of system activities corporate end users can perform on their PCs. Neither are applicable to the average end user that constantly is installing/uninstalling application software and wants full control over application and system OS features offered. Microsoft "for better or worse" created the concept of a User account to limit end user system capability. Of note is if there was any environment that would be abandoning the use of AV software, it would be corporate environments. This is simply so due the economic gain had in not having to purchase the licenses and to maintain the software. There doesn't appear to be any mass exodus among corporations to get rid of their AV software. In fact, just the opposite is the case as evidenced by their interest in the newer technologies in this area such as the Next Gen solutions.
@itman totally agree, the fact that corporations keep using AVs is part due to the CEOs falling to marketing arguments and forcing it to the poor admins. CEOs are not so different than home users. Also some admins have limited security knowledge, and AVs are the easy choice.