The shortcomings of antivirus software are well known in the security industry, where the programs are typically considered an eminently fallible last line of defense.
“AV, which is part of the cost of defense, is not causing a commensurate increase in cost for attackers,” says Brian Foster, chief technology officers of Damballa and a former executive with antivirus firm McAfee. “The attackers just build a new version, run it by VirusTotal, and as soon as they get it past all 43 vendors there, they know they are golden–at least for the next 24 hours.”
Just the same, information security managers looking to free up budget for other–possibly more efficient–measures will have a hard time justifying replacing antivirus with other technologies, security experts say. No one interviewed for this article recommended that companies completely ditch antivirus or anti-malware software in favor of another solution. Compliance mandates, for example, can require that companies in certain industries must maintain antivirus software. Instead, additional technologies should be called up to bolster the endpoint’s ability to prevent malware from running on a system.
While there is some contention about who actually made the first overtly harmful computer virus, it is fairly well accepted (though sometimes challenged) that Bernd Fix developed the first anti-virus software in 1987. Fix, a German astrophysicist and amateur computer programmer (at the time), developed software to combat the first computer virus “in the wild,” which means that the virus had escaped the confines of the lab or network in which it was created (which was only done via floppy disk at that time).
A year later, Fred Cohen (who was the first to author a paper years earlier about computer viruses) began to develop anti-virus software that was picked up by developers. At the same time, there was a mailing list on the BITNET/EARN network (a precursor to the Internet) that dealt with the possibilities of computer viruses and how to combat them. Eugene Kaspersky (creator of Kaspersky Anti-Virus) and John McAfee (who later went onto create McAfee Anti-Virus) were both members of this mailing list.
Reducing reliance upon Anti-Virus Software:
- Find an alternative for AV software. Perhaps having a stronger perimeter defense rather than having to install AV software on every desktop of the organization.
- Beef up the blacklist
- Use isolation tactics
- Add other layers of security