Nail in the Coffin?
Dye told the WSJ that the company doesn’t consider AV as “a moneymaker in any way.” Not only that, Dye bemoaned that they simply can’t keep hackers out. In the interview, Dye estimated that AV only catches 45 percent of cyber attacks. Those are pretty damning numbers, and a pretty grim outlook, but other cybersecurity experts just don’t agree. Or rather, they know that saying AV is dead isn’t really true and isn’t news, either.
“Relying solely on antivirus is a dead end—and it has been for at least 8 years now,” said Bogdan Dumitru, Chief Technology Officer at Bitdefender. “But that’s like saying that aspirin is dead because it’s not the cure for cancer, AIDS, and all of humanity’s other illnesses.” Dumitru says that AV is now just a part of security suites that offer more specialized tools to deal with modern, specialized threats.
Just last month, Eugene Kaspersky echoed that sentiment at the Kaspersky Cybersecurity Summit. After being asked if AV was really dead, Kaspersky replied, “Rumors of its death are greatly exaggerated. Antivirus signatures exist, they’re still important, just not the most important. Like the seatbelt in your car; you have to have it, but it’s not the most important part.”
Our own security analyst and SecurityWatch contributor Fahmida Rashid called Dye’s comments “an anthill made into a molehill.” In fact, she said that the statement is well in line with what Symantec has already been doing. “Symantec hasn’t said ‘install Norton and you are set for life’ in years, so it’s not backtracking to say that we need other types of security. We need behavioral analysis, we need real-time execution in the sandbox, we need layered analysis, and so on.”
Everything Old Is New Again
Reading between the lines of the WSJ article, it isn’t that AV is dead, but that Symantec wants you to buy the new products that it is introducing to catch up with the competition. Symantec told the WSJ that it will continue to provide AV software, but will pick up the slack by introducing new enterprise-class products. Dye also said that these new products will assume hackers will make it inside a system, but will help companies respond and control the damage. Walk through the booths at RSAC and you’ll see dozens of companies already offering these services, and more.
As a side note, it’s disappointing for Symantec to say that AV is “dead,” but only introduce advanced protection for enterprise and business customers.
It’s fair to say that traditional AV alone won’t cut the mustard anymore. Attackers are able to iterate their malicious creations too quickly, and have tools that simply didn’t exist when AV was first introduced. It’s also true that if a hacker, a group of hackers, or a government targets you or your company, they’re probably going to get what they want. What AV (and security suites) do is weed out all but the most persistent attackers, and protect you from the bulk of the threats. And yes, there are specialized tools and training to help cover the gap.
What worries me is that there lots of people out there who really, truly believe that malware and identity theft won’t ever really affect them; that they’re invincible. Saying that AV is dead feeds into that belief. Let’s not feed that beast because the honest truth is that you still (and probably always will) need security software on your computer, your laptop, your cell phone, your wearable, and your sub-dermal neural net implant.