Is Antivirus Dead? Meet The Next-Gen Anti-Hacking Tools
They say antivirus is dead. But is it really so? Or it simply just can’t keep up anymore with all online threats?
A malware research analysis from Lastline Labs, which took into account hundreds of pieces of malware over a 365 days period — from May 2013 to May 2014 — provided a few troublesome conclusions.
According to their analysis, the following conclusions have been drawn:
- in the first day only 51% of antivirus products detected the new samples.
- it took about 2 weeks to notice an important rise in detection rate for all antivirus vendors.
- after a year, there are still samples that 10% of antivirus products don’t detect.
So, we can say that antivirus is dead, right?
Not really. At the same time we notice statistics that indicate for the following years an increasing spending in information technology security products.
It is difficult to predict now if the money spent on information security will go to traditional antivirus products or they will go to alternative solutions that complete online security.
How do hackers evade traditional detection?
Though we don’t want to emphasize the idea that traditional antivirus is dead, we would like to point out to a few simple techniques that are used by anyone who creates a malicious piece of code:
- they install the best antivirus products and see if they detect the piece of code as being malicious
- they just upload the piece of code on Virus Total and see if any antivirus product in the list detects it
- they use a packer or obfuscation capabilities, which due to their polymorphic abilities evade normal antivirus detection
- antivirus vendors are slow in updating the malware signatures. The same issue we have observed in releasing patches for browser vulnerabilities, but also in applications, where Internet exploits are used to deliver malicious attacks.
So, how do we stay safe from most online threats, if not all?
1. Use a reliable antivirus product
We know, it sounds funny, but the traditional antivirus product is not dead. Or just not yet. You still need a good antivirus to catch most malware, block phishing threats and check web reputation of popular online domains.
Though it is not an easy task to find the best antivirus product from the market, it is still a very useful tool to block most malware threats.
To quote Brian Krebs and his take on this topic:
Does this mean antivirus software is completely useless? Not at all. Very often, your antivirus product will detect a new variant as something akin to a threat it has seen in the past.
2. Stick with your old firewall solution
Though the firewall has been placed lately on that list of ineffective security tools that we can forget about, there are still voices that consider the time when we still need firewalls is not yet over.
Though we admit there are limitations to its blocking capabilities, the firewall is still a good tool that you can use to filter your Internet traffic, block communication from an infected machine or online location.
In this case, we find quite a similarity between the antivirus and the firewall. They are both covering some areas of Internet security, but just not all of them.
3. Use anti-spyware solutions to protect your system
Spyware is software that monitors your Internet traffic and uses your personal information against you.
In cases where multiple issues appear, like system slow-down, pop-ups when you navigate, new toolbars and random error messages, all these indicate a possible spyware infection.
Or, to prevent this type of infection, follow a few steps:
- don’t click suspicious links in e-mails from unknown people
- don’t click unexpected pop-ups, even from legitimate websites
- don’t disclose personal information to strangers on social media platforms
- pay attention to drive-by downloads that could bring spyware on your system
A Spam and Phishing Statistics Report from 2014 reveals that malicious attachments remain a popular option for spreading malicious programs that are designed to steal financial information and personal details.
4. Use automatic update tools for your vulnerable applications
Are you using Adobe Flash, Reader or Java on your operating system? Are you using at least one popular web browser like Google Chrome or Mozilla Firefox?
99% of users respond positive to these questions and most online attacks take place by using vulnerabilities unpatched from these software programs.
By using security holes in unpatched applications, cybercriminals manage to spread exploits that deliver financial and data stealing malware on the affected systems.
For this reason, we always need to know we have the latest security patches available and this can only be done by using a free solution that does this automatically for you.
5. Use a password manager for your credentials
We subscribe to a great number of online accounts and websites and we tend to forget what passwords we have set. To avoid this issue, most people simply choose using only one or two passwords all the time.
But, this is exactly what hackers count on!
That’s because not all these online accounts incorporate high security standards to protect our password. And if they break just one account and find out your password, they can simply use it on all the other online locations.
To avoid all the issues above, simply use a good password manager like LastPass.
Finally, don’t forget to use different passwords for every account or you can use a password generator to have long and complicated credentials. And don’t forget to log off after every online session.
6. Back-up your system and sensitive information
We asked IT security experts their best advices and one piece of information that appeared again and again is the need to use a back-up solution for the system and the sensitive information.
So, even if your system is blocked by ransomware that stops you from accessing it, you can format the system and use your backup to be back on track.
7. Maximize your data and financial protection
These security products are designed to detect online threats that normal antivirus products can’t remove.
We talk about “zero-day” attacks that a traditional signature based antivirus is not able to block from infecting your system.
Most of the time, these solutions target financial information from the system, like credit card and pin numbers or personal data that we employ on online banking accounts.
In order to get protection against data stealing malware, the solution you need should:
- include a real-time Internet traffic scanner that scans all incoming network data for potential malware threats
- provide malware detection and removal of malicious code from a system
- contain online scanning capabilities that detect malicious software from online pages and legitimate websites
To assure financial security for banking operations and protection against zero day malware, you need an advanced scanning technology that can protect you from the latest threats.
8. Encrypt your important files
By encrypting your personal information you make sure cybercriminals can’t access your confidential data, even if they gain access to your operating system.
You can choose to encrypt files on your local disk or you can choose an online location, which makes things more difficult for any hacker.
Since this is a long topic, we recommend that you think about encryption as an important part of your online security strategy.
For example, you can use an encryption program for your files, but how useful can it be if your password for the program is not that strong?
A fast and easy solution to encrypt your files is to use Microsoft’s BitLocker software, which is now installed on most Windows systems.
To protect only the sensitive files from your system, you can use a light and easy to use program like 7Zip, which is useful also in case you want to send a file by e-mail. Just make sure you don’t include the password in the same e-mail.
9. Protect your online traffic by using multiple tools
How do we keep our system safe from online threats? It is the same question we started this article with, but are we closer to the answer?
To improve our online protection, we cannot rely on a single solution, but we rather need to understand that multiple means and guidelines need to be followed:
- let’s start with the browser. Are you using the latest version that contains all the available security patches?
- did you know that you can improve your good old browser?
- how much are you travelling and need to use public networks and computers? In case you do, don’t forget to use a private browsing session to go online or at least use a free proxy server to hide your IP address from surveillance mechanisms.
- are you serious about online security and privacy? Then you need to best tools available out there. To encrypt your online connection, use a VPN solution. Choose the Tor browser to hide your Internet activity by sending your communication through the Tor network of computers.
10. Listen and learn from the best
Though you may rely on one or more security solutions to do the job for you, a set of security solutions and online safety guidelines should be followed.
That’s why learning from the best in the IT industry is an important step in improving your online safety.
And this is something we do every day, right here at Heimdal Security and we don’t mind admitting and sharing this with you.
At the same time, learning is a process and in today’s security landscape, staying up-to-date is vital, that’s why we have recommended a long list of security blogs you need to follow to find out about the latest threats in the online.
A year ago, one of Symantec’s executives declared that Antivirus is dead.
How should we understand such a statement from one of the leading names in IT security?
Brian Dye, Symantec’s senior vice president that said those words indicated that traditional antivirus software manages to block only 45% of computer systems attacks.
At the same time, he also mentioned that we need to concentrate on tracking intrusions and hackers’ advanced pieces of code that provide tools to retrieve sensitive information.
If we break it down, it doesn’t mean that antivirus is dead and we should all just give up antivirus products, but rather adopt new tools to protect against phishing attempts, spam campaigns, malicious web pages and cybercriminal attacks.
What do you think about all this? Do you consider antivirus is dead? Are you using a single security solution or more to keep your system safe?
Originally published at heimdalsecurity.com on April 16, 2015.