Anti-Virus is dead! Seriously?

34
Patrick Devlin, Regional Director, Australia and New Zealand
WatchGuard Technologies, Inc.


[Sponsored Content]

Symantec, one of the world’s largest makers of Anti-Virus software recently declared publicly that Anti-Virus is dead. When I read this sensational headline recently I wondered if I could finally start ignoring the yearly invoice for all my office computers. Think of all the other things I could do with my savings. It was a great headline, it got a lot of attention, but does it really mean we can throw away our expensive yearly subscriptions? Don’t be fooled because the answer is most certainly not.

It is definitely not getting any safer to be online. If anything, Cyber crooks are learning new and innovative ways to reach into our digital wallets. So why would anyone say that Anti-Virus is dead?

One constant in technology is change. The rate of technology change seems to increase every year. You probably held on to your first computer for 3-4 years, now there’s a new model every 6 months. The way in which malware is written is also changing fast. In years past, the aim was to infect as many systems as possible in the shortest possible time. Today’s Anti-Virus technology is very good at containing this kind of outbreak but like the rest of the tech world, malware is evolving to keep up.

There’s a new breed of Virus and it is much better at avoiding detection because that’s exactly what it has been designed to do. Security is an industry in constant catch-up mode. As soon as we contain one method of attack, perpetrators must quickly find another. Viruses that spread wildly are easy to find but targeted, stealthy programs are much harder.

What’s changed?

Writers of malware have mostly thrown out the idea of getting all the people all the time. Now they zoom in on very small groups and target them directly. WHY? By targeting a very small group, it becomes much harder for big security companies to get a sample of the infection to analyse and without a sample traditional anti-virus can’t do much, hence the bold statement above.

Most users in the industry are fairly certain they can spot a potential infection. Are you sure? Have a look at this example that fooled quite a few users.

How do they find me?

Ever read about a high profile data breach but wonder what anyone could really do with that data? Let’s say my local council was attacked and details of several local organisations breached. Names, addresses and phone numbers are lost. A criminal can use these several ways to target small groups. Last year Dell lost data containing contact details of customers and serial numbers of their PCs. I received an email this year from “Dell Support” following up a service call on my PC. They invited me to install new software. The serial number was correct, everything looked in order, but I was able to trace the email sender to Nigeria where I’m sure Dell Australia support is NOT located. It’s a simple leap, but not one every user could have identified.

It’s not what you know, it’s WHO you know…

This couldn’t be more true. Think you have nothing worth stealing? Chain of trust attacks look for organisations who think exactly that. Your department might not think their data is secret but odds are they connect to someone who does. The RSA breach that made headlines last year was widely believed to be targeting the US Department of Defence jumping from system to system across connected networks.

Stop asking “What does it look like?” and start asking “What does it do?”

If we accept the fact that newer malware can avoid anti-virus software then maybe the headline is correct? That’s not entirely true. If new malware is built to order for a small group of users then certainly the old means of waiting for a wild sample analyse is not going to catch it in time. Instead of searching for what the infection looks like, we need to shift to searching for what it does.

The bad news is if you wait for this new breed of malware to get to your desktop then it is probably too late. Modern malware is targeted, stealthy and persistent. It knows who you are, sneaks in quietly and sticks around for a while to see if you have anything worthwhile.
OK I see your point. Desktop Anti-Virus is not enough

The simplest way to find this breed of virus is to look at what is DOES. How? By intercepting files that try to DO things and letting them get busy doing them. Not on your precious computer but in a safe virtual environment sometimes referred to as a sandbox. Forget what it looks like, if a program tries to dial home to a known bad server, if it starts encrypting files for no reason or makes dubious registry changes then it’s probably worth blocking. You’ll be much safer finding all that out before it ever gets inside your network.

Advanced Persistent Threat Blockers are now widely available. There are many to choose from and it’s worth doing some research on which looks best for your environment. You won’t be throwing away your desktop anti-virus just yet but you might want to think about stopping this stuff before it even gets that far.

Want more information?
http://www.wtausnz.com.au/apt-blocker-in-action-targeting-australian-customers/
http://www.wtausnz.com.au/robs-technical-column-heartbleed-deep-web-and-apt-blocker/
http://www.wtausnz.com.au/13-things-watchguard-can-do-for-your-network/
http://watchguard.com/products/xtm-software/apt-blocker.asp

Patrick Devlin is Regional Director, Australia and New Zealand, for
WatchGuard Technologies, Inc.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.  

Sign up to the Government News newsletter

3 thoughts on “Anti-Virus is dead! Seriously?

  1. So this Advanced Persistent Threat Blocker is something else I have to pay a subscription for?

Leave a comment:

Your email address will not be published. All fields are required