For a business whose demise has been predicted prematurely for years, the antivirus industry remains remarkably...
SearchSecurity has raised the question of what the future holds for the antivirus industry several times over the years, yet despite all the negativity the antivirus industry continues to roll on.
Although research from as early as 1999 showed antivirus software itself can be a source of exploitable vulnerabilities, the industry continues to survive if not always to prosper -- even as security researchers continue to find critical security flaws in well-known and widely-used antivirus products.
The SearchSecurity team at RSA Conference 2017 asked experts and insiders what they thought about the prospects for the antivirus industry: Is the signature-based antivirus detection software industry effectively dead? Will machine learning or artificial intelligence breathe new life into threat detection and displace traditional antivirus software?
"The antivirus industry is like a monster in a Hollywood movie. It will never die. It will keep coming back over and over again as long as the plot calls for it," Paul Vixie, CEO of Farsight Security, told SearchSecurity.
Experts suggested that for antivirus vendors to survive, they will have to rethink their approach to the problem of detecting malicious code. "Antivirus is not dead, but legacy AV solutions will be replaced by next gen machine learning and behavioral-based approaches," said Dmitri Alperovitch, co-founder and CTO of CrowdStrike.
The legacy antivirus industry's Achilles' heel has long been its reliance on signatures of known malware examples, through which antivirus software can flag malware -- as long as the malware remains stable. However, it did not take malware developers long to discover a host of ways to mutate their code to avoid being caught by signature-based antivirus software, and some believe it will ultimately doom the antivirus industry.
"Antivirus will be completely dead," said Khirodra Mishra, managing director of security services at NTT Data, due to its reliance on signatures despite malware developers' ability to disrupt signature-based detection. Mishra suggested "most advanced countries and most advanced industries will face challenges in terms of new threats which are not signature-based threats, and that's where you have machine learning-based and artificial intelligence-based protection services which are coming into play."
"My friends ask me this all the time: 'What antivirus [should I use]?' And I've standardized on [my response]: 'Patching is the new AV,'" said Jason Kent, vice president of web application security at Qualys. "I think that too many of us focus on how can I prevent something that I don't know is going to happen with a tool, and we just don't instrument ourselves to use the tools we already have. Keep yourself patched, you'll be fine."
Malware continues to plague computer users, but Scott Crowder, senior vice president and CIO at BMC Software Inc., felt antivirus software still served a function, albeit a smaller one, alongside the use of whitelists and blacklists.
"You're still going to need [antivirus software] for legacy types of threats, but zero-day is really the big problem," Crowder said. "The thing that's really coming about is whitelisting and blacklisting on the endpoint which is something that [will be] really helpful in today's world."
So does antivirus software still serve a purpose? "In terms of whether any good has come of it in the last 10 years, I would say most people don't believe that any good has come of it except that a lot of people didn't get fired because they had antivirus. And so, for the purpose of getting a lot of people to not be fired, it's doing some good," Vixie said.
"For the purpose of actually stopping anything anywhere, I don't think so."
Find out more about the impact on the enterprise of antivirus software vulnerabilities
Learn about how mobile antivirus software works
Read about how Carbon Black is betting on next-gen antivirus technology