Anti-virus simply isn’t effective anymore at providing desktop security. We have posted on this topic quite a bit recently, but it seems to have an endless supply of new information and postings that support the growing trend away from reactive, signature dependent anti-virus.
Consider the recent post from long-time industry expert, Robin Bloor, titled The Beginning of the End For AntiVirus. Robin has been a long time advocate of moving away from a clearly broken anti-virus technology and moving toward a more proactive solution that can solve the problem of zero day threats and root kits. He had this to say about the growth of whitelisting and the fall of AV in his article:
“Eventually, however, the whitelisting success stories began to emerge and in the mean time, AV products continued to fail. There were two particular areas of concern for security conscious organizations:
- Zero day threats
- Root kits
AV technology has a terrible record against zero day threats for the laughingly obvious reason that the bad guys buy the AV software and test their malware against it, before they let it loose on the unprepared. AV technology was always about slamming the stable door after the horse had bolted, and zero day threats proved it time and again. When we began to witness the emergence of root kits, then IT security folk who understood the nature of the threat started to become very nervous.”
Next, let’s look at another recent article pointing to the potential for the first major worm effecting Windows Vista titled “The stage is set for a Vista worm, as Microsoft scrambles to ready SMB2 patch.” Microsoft has issued a heightened security advisory on this vulnerability, but what is happening today?
What is happening is what always happens on important security advisories. Sophisticated IT shops are trying to implement work around fixes while they wait for a patch. Once the patch is out they will try to distribute to all their systems to ensure they are protected. As for blacklist AV software, they need to wait for the exploit before they can be protected. Comforting isn’t it? Is it any wonder that self propagating threats like Conficker still make their impact felt?
Opinions vary on whether this latest exploit will lead to a Vista worm, but consensus is building toward endpoint security solutions, like whitelisting, that provide a viable alternative to anti-virus. Need more evidence of the trend away from blacklist anti-virus? Check out our latest research report that shows that 52% of IT professionals are continuing discontinuing anti-virus.
[...] Anti-virus’ days are numbered [...]