Wired spoke to several security experts at last week’s RSA Conference in San Francisco. “If you asked the average security expert whether they use antivirus or not, a significant proportion of them do not,” says the report quoting Grossman, CTO at Whitehat Security. Dan Guido, the CEO of security startup Trail of Bits also doesn’t use AV, saying that if it weren’t required to for other reasons, “almost nobody in the security industry would run it.” Paul Carugati, a security architect with Motorola Solutions, noted: “Today... it has certainly lost its effectiveness.”
The criticism against anti-virus software is that it is very easy to get passed the first level of defense, signature recognition, by automatically and almost daily altering the malware’s signature. “There’s even a free website called Virus Total that lets you see whether any of the most popular malware scanning engines will spot your Trojan program or virus,” notes Wired. An alternative noted by the report comes from Andy Ellis, chief security officer with Akamai: “Do your own log analysis,” he said, “because that is what’s going to catch the problems.”
But the danger in such comments is that the man or business in the street might start thinking that anti-virus, as one of the layers within a layered security defense, is no longer necessary or useful. ESET senior research fellow David Harley told Infosecurity that the man in the street “should be aware that most individuals and many companies don’t know the technology well enough or simply don’t have time to use the sort of complex tools that security experts do.” And while he admits that anti-virus cannot catch everything, it’s simply “not true to say that AV detects only known malware... AV still detects a substantial amount of malware (and other unwanted code) proactively.”
Harley believes that no single security defense can provide the complete solution. The reader, he suggests, “should bear in mind that some of the security experts who are denigrating AV en masse right now have their own commercial agendas to push, in favor of other technologies that are not the 100% Solution.” This last point is not lost to Panda Security. Marketing manager Neil Martin commented, “From my point of view the comments on [Wired] seem to reflect that a larger proportion of security spend should be on the services their businesses provide,” adding that the security professionals he knows “use antivirus in additional to their personal skills (in the same way stuntmen still use crash helmets).”