According to Darren Bilby, a senior security researcher at Google, antivirus software is no longer good enough to protect against Internet threats. Antivirus software still has its place, but the software will not protect organizations against all malware, ransomware, and other Internet threats.
The use of anti-virus products also introduces a false sense of security. People think they are protected because they use antivirus software and set it to update automatically. They also conduct regular scans to ensure nothing has slipped through the net. However, antivirus software cannot detect and protect against all malware. Access to systems can be gained without detection. The software is simply no longer effective enough.
Bilby said antivirus software is worse than a canary in a coal mine. Suggesting it’s like using a canary and then standing around it after it has died saying ‘Thank god it inhaled all the poisonous gas’.
Bilby was also critical of antivirus companies for selling solutions that are ineffective, saying “We are giving people systems that are not safe for the internet and we are blaming the user.” It is no good blaming individuals for responding to a phishing email. Solutions should be employed to prevent phishing attacks from taking place.
Antivirus software has also become a checkbox item to ensure compliance. Organizations must have it even though it is unlikely to provide total protection against increasingly sophisticated threats. Implementing security measures to ensure compliance is one thing. Relying on them to protect against threats is something else entirely. Unfortunately, these and other marginally effective tools are often purchased at the expense of security measures that are much more effective.
Bilby explained to attendees at the Kiwicon Hacking Conference in Wellington New Zealand, that it is important for organizations to start investing in new technology that can offer much better protection, rather than reinvesting in solutions that have been shown to be ineffective.
He suggested that in addition to antivirus software and other technologies such as intrusion detection systems, organizations should invest some time in determining which solutions will be the most effective, suggesting more should be invested in meaningful defenses such as whitelisting applications, hardware security keys, and dynamic access rights.