Microsoft’s decision this week to kill its Windows Live OneCare consumer antimalware suite has led to plenty of ruminations on the future of antivirus software and whether it is finally in its golden years. Industry analysts and security vendors have been proclaiming the death of AV for years, telling anyone who would listen that the time for reactive defenses is past. There’s no denying that AV is a product with severe inherent flaws. By design, it can only recognize and stop threats that it has seen before. Even with advanced heuristics, the best AV software can’t stop all of the new threats it sees. It just can’t. So AV has been taking criticism from all quarters for nearly a decade. When I first started covering security in 2000, every vendor I met with couldn’t wait to tell me that AV was going the way of the Newton, and soon. But, somehow, amid all the changes and chaos in the industry, AV has survived.
Why? There are probably a number of reasons, but one key contributor to this unnaturally long life is the worsening threat landscape. The volume, severity and level of innovation of attacks have shot up exponentially in the last six or seven years, leading to a corresponding spike in the volume (if not so much the innovation level) of security products on the market. Some of those products, such as IPS systems and NBAD systems are fairly efficient at detecting and blocking new threats. But there are so many threats out there these days, that systems like AV that are highly effective at finding and stopping known attacks are needed to keep the level of novel, previously unseen attacks manageable.
This has helped keep antimalware suites a necessary component of virtually all enterprise security programs. But whether this will continue to be enough for much longer is unclear. Consumers likely will always need antimalware software, or at least as long as we have our current computing architecture in place. But in the enterprise world? You tell me. Any enterprises out there going commando, sans anvitvirus? Let me know.