Why Is Antivirus Software Still a Thing?

Discussion in 'other anti-virus software' started by mood, Nov 14, 2018.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    13,033
    Why Is Antivirus Software Still a Thing?
    Antivirus has been around for more than 20 years. Do you still need it to protect yourself today?
    November 14, 2018

    https://motherboard.vice.com/en_us/article/59vbzx/do-i-need-antivirus
     
  2. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,564
    Location:
    Europe then Asia
    AVs are obsolete but will always be needed until the masses learn proper safe habits and use more advanced tools.
     
  3. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    917
    So AVs will always be needed.:cool:
     
  4. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    2,058
    they are a thing
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,980
    Location:
    Here
    They will probably be always needed, similar as passwords and emails.
     
  6. bollity

    bollity Registered Member

    Joined:
    May 9, 2009
    Posts:
    186
    Maybe because the bad guys still there?
     
  7. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    589
    Location:
    Germany
    I still don't understand how you could know if the software you run in a default-deny alone setup is safe or not, without a scanner.
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,429
    Location:
    U.S.A.
    The author of the article answers his own question in the last paragraph of the article:
     
  9. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,564
    Location:
    Europe then Asia
    1- manual Hash comparison, no need any scanners
    2- In a properly set default-deny strategy, malware usual behaviors would be hampered (blocked sponsors/access/privileges, etc..)
     
  10. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    962
    Because marketing departments say so.
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,980
    Location:
    Here
    After CCleaner being compromised on vendors end you can't. AFAIK no AV caught modified executable, but after a while I'm sure they've added detection signatures. That's one example where AV could show you that you have a problem. It's true that it would happen after the compromise, but without it you probably wouldn't be aware of it.
     
  12. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    589
    Location:
    Germany
    When we finally get good AI AVs or the power to run every program in a split second in a sped-up, not-realtime VM for behavior analysis, I guess we're safe.
     
  13. mekelek

    mekelek Registered Member

    Joined:
    May 5, 2017
    Posts:
    487
    Location:
    Hungary
    neither of these will yield a 100% success rate, ever
     
  14. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    892
    Location:
    india
    Are we talking about the old school traditional signatures or today's AV's .... AV's are no more traditional there alot of other things products are using in complement to signatures and signatures aren't that simple either.

    Signatures are not always written after a malware is released.This is false.Previously written signatures will continue to match upcoming threats.Even if you discount that malware researchers find malware in development in underground areas and will add detection so by the time its delivered into the real world most companies have already profiled a threat.

    Lets talk about what constitutes a signature.Too generic=false positive.Too specific=not going to detect multiple samples.Signatures are still very useful.But it isnt always about just signatures.Look at the modern technology AV companies are using.Malware Similarity Search,Machine learning etc that are used to automate signatures quickly either store in cloud dynamically or release em as streaming updates.Now don't forget AV's these days have a lot more than just signatures like behaviour rules.

    When you make a fine blend of good signatures with other components+technology you make a great Security Program.Now you have to imagine if AV's were really as obsolete as they say in some these articles why are big security companies like kaspersky,bitdefender etc are still at the top of their game because they are much more than just the word "antivirus"

    Being a malware researcher myself I can say there are tons of similarities between threats and most times if you don't detect the binary doesn't mean you dont detect the threat.Just look at the majority of the commodity malware that's out there.Lokibot,Hawkeye,AgentTesla etc they just release tons of binaries via malspam for example regularly and most of them are caught by AV's in the second stage where the binary unpacks itself (they use commodity packers) because the underlying code in memory remains still the same.So if you don't detect the binary it isn't the end...

    Even malware like Ursnif,Emotet or Trickbot that have sophisticated groups behind them undergo changes like adding a new password stealing module or reading mail addresses from computer's mail inbox to use it to propagate but even then alot of the strings used by AV's to detect them are the same.

    The way the malware landscape is now today with all the modern tech the good guys have AV's will be ever evolving.
     
    Last edited: Nov 16, 2018
  15. boredsecenthusiast

    boredsecenthusiast Registered Member

    Joined:
    Oct 4, 2018
    Posts:
    10
    Location:
    United States
    It is a thing and a good business. But besides being a business it is necessary. I would for windows defender atleast. I was a person who didn't believe in antivirus and more than that I didn't believe in windows update but I am a fan of UI so I installed windows 10. When wanna cry hit I was saved I had windows 10 (updates weren't installed) and Kaspersky Internet Security. Wanna Cry hit to all of the network and all the PC which doesn't had antivrius were hit. It was more of a windows backdoor exploit but I think that antivirus would have stopped the encryption program to the hacker to execute
     
  16. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,072
    Excellent insights, it is very much appreciated.
     
  17. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,013
    Location:
    USA
    These things work for you. 95% of the people I know and/or work with have no idea what these things even mean.
     
  18. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    4,115
    Agreed. Which is why av's are still a thing.
     
  19. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    948
    Yep, my mom doesn't know what any of this is, that's why she still uses an AV.
     
  20. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,564
    Location:
    Europe then Asia
    I was answering the question, in a context of default-deny setup.
    Obviously if you install such setup (out of reach of average users) you should know how to deal without scanners.

    Indeed.
     
  21. OverDivine

    OverDivine Registered Member

    Joined:
    Jan 16, 2009
    Posts:
    24
    people must get smarter. at least for a lot of mail and ads scams. how can you win a lottery in another country when you never were there or inherit money from someone you never heard of... really
    also default-deny it's safe when you set it for yourself assuming you know what you are doing and works wonders when you set it up for someone who must use only a few programs.
    for me brain>default-deny>adblocker>firewall>antivirus
     
  22. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,564
    Location:
    Europe then Asia
    They should but many won't for various reasons (no time/desire/capacity to learn, curiosity to open everything, etc...)
     
  23. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,013
    Location:
    USA
    I understand that. It's just not going to work for average users. Which is most folks. If your target audience is just advanced Wilders members than sure, it's a good plan.
     
  24. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,429
    Location:
    U.S.A.
    Whitelisting and default deny are most applicable to corporate IT environments.

    Whitelisting is effective because the type and use of system and application software is restricted in scope. The scope is determined by various corporate administrators; security, network, application software, etc. based on a predefined corporate IT policy.

    Default deny policy complements whitelisting in that anything not specifically allowed via it is automatically denied execution. This removes any decision processing action from the corporate end user as to "safety" of the process activity being performed. This policy also works hand-in-hand with software restriction policies that restricts what type of system activities corporate end users can perform on their PCs.

    Neither are applicable to the average end user that constantly is installing/uninstalling application software and wants full control over application and system OS features offered. Microsoft "for better or worse" created the concept of a User account to limit end user system capability.

    Of note is if there was any environment that would be abandoning the use of AV software, it would be corporate environments. This is simply so due the economic gain had in not having to purchase the licenses and to maintain the software. There doesn't appear to be any mass exodus among corporations to get rid of their AV software. In fact, just the opposite is the case as evidenced by their interest in the newer technologies in this area such as the Next Gen solutions.
     
  25. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,564
    Location:
    Europe then Asia
    @itman totally agree, the fact that corporations keep using AVs is part due to the CEOs falling to marketing arguments and forcing it to the poor admins. CEOs are not so different than home users.

    Also some admins have limited security knowledge, and AVs are the easy choice.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.