Antivirus software is going through a transition. After years of being a mainstay on PCs and other endpoints, it has become somewhat marginalized on mobile operating systems, most of which do not allow security solutions and/or bundle first-party tools. Even Android, long notorious for its porous security and vulnerability to a wide range of malware, has been supplemented with security mechanisms that automatically scan for and block suspicious activity.
The broad shift from desktop to mobile computing, especially among consumers, has accordingly reduced the role of antivirus software. However, this change hardly means that cybersecurity is a solved issue and that all devices are now secure out of the box.
Viruses are just one threat type among many
For security experts and vendors, the meteoric rise of tightly integrated mobile software and hardware may be disguising another significant shift: Viruses are no longer the foremost threat to most assets. It’s not so much that antivirus software has failed to keep up, but rather that it no longer has as many targets to neutralize.
“We haven’t been fighting computer viruses in forever,” F-Secure security advisor Sean Sullivan told ZDNet. “[But] because people don’t know the difference between a virus, a worm, or a Trojan, everything gets called a computer virus. The bulk of it is exploits which get hackers in the door and Trojans which people are tricked to install.”
A traditional virus is a malicious program designed to infect an endpoint and then replicate itself and spread to other machines, hence the name. But many of today’s most pressing concerns that do not fit this technical profile are instead built to steal and relay sensitive data through any means possible.
In this context, one prominent vendor announced this year that it would redouble its efforts on mitigating the impact of data breaches, while focusing less on antivirus. Recent incidents and threats certainly reveal a cybersecurity landscape that has changed a lot just in the past few months:
- The late 2013 breach of North American retailer Target was sparked by malware that compromised the organization’s point-of-sale systems. Rather that delivering the payload via spam or Internet download, the attackers exploited the information systems of an HVAC company contracted by Target.
- A newly discovered Trojan called Zberp combines the most advanced features of Zeus and Carberp into one comprehensive package. It can do everything from stealing IP addresses and taking screenshots to hijacking browser sessions and initiating unwanted remote desktop connections.
- AndroRAT, a remote access Trojan developed as a proof-of-concept, can inject malicious code into legitimate apps. Although not widely disseminated, AndroRAT demonstrates that sophisticated threats – and not just viruses – now go after a wide range of devices.
- A zero-day flaw in Microsoft Internet Explorer has gone unpatched since October 2013. It puts users at risk from code on compromised websites.
Moreover, enterprises are now more concerned than ever about preventing the financial and reputational damage that follows data breaches, many of which are triggered by threats likes the ones above or by behaviors (employee misconduct, unauthorized devices) beyond the purview of antivirus. A study from the Ponemon Institute and Experian Data Breach Resolution found that these incidents have as much impact on brand reputation as environmental disasters or poor customer service, so there’s strong incentive to cast a wide net in terms of securing IT assets.
Antivirus as one piece of the cybersecurity puzzle
That said, antivirus still has a role in securing today’s networks and endpoints, although it can no longer serve as a catch-all solution. Writing for the Trend Micro TrendLabs blog, Carolyn Guevarra outlined the traditional strengths of antivirus software while also noting that new age attacks – zero-day exploits, Trojans, advanced persistent threats, rootkits et al – have evolved to bypass it.
“Protecting your computer with antivirus software helps in blocking known malicious files, but what about lower-profile attacks that slip under the radar?,” wrote Guevarra. “These types of attacks may be attributed to ‘risky’ employee behavior, some of which involve falling for social engineering tactics in the form of phishing scams and shortened or disguised URLs. Without more sophisticated and complete solutions that go beyond simple antivirus, users are at risk from these threats.”
A good antivirus solution should cover the bases but shouldn’t be expected to keep everything safe on its own. The Trend Micro report “Why Free Antivirus Is Not Enough” advised buyers to look for antivirus features such as:
- Web content filtering for blocking risky websites
- Anti-spam and email virus scan for weeding out problematic email
- Network protection to prevent unauthorized access to Wi-Fi and Ethernet
- Link detection to catch possible misdirection to compromised websites
- Data protection to counteract phishing
Beyond that, the new security environment necessitates additional practices and tools that can deal with advanced threats. For example, continuous monitoring has become a fixture of cybersecurity in recent years as organizations seek to comb through tons of network activity data in order to spot possible issues. Since APTs often furtively make their ways into systems via low-level rootkits, much attention has been devoted to their discovery. Although a “detection gap” still remains, underscoring how cybersecurity is an ongoing process rather than an end result is essential.
The future of antivirus as cloud, BYOD and Internet of Things take center stage
The role of antivirus is likely to evolve as more assets become security concerns. While it used to be enough to attend to desktops and on-premises IT systems, enterprises may soon have to devote more attention to employee-supplied devices (via bring your own device initiatives) and an ever-widening Internet of Things that will encompass newly networked appliances and embedded sensors.
Illustrating these changes, CloudTweaks contributor Daniel Price admitted that antivirus software remains an important part of modern IT architectures, while pondering its future as more applications migrate from local to remote hosting. Cloud-based antivirus has real benefits such as automatic updating and relatively low consumption of system resources, although the requirement of an always-on IP connection could limit its efficacy.
Ultimately, whether on-site or in the cloud, antivirus software still has a place in modern cybersecurity. At the same time, enterprises will need to explore new solutions that address sophisticated threats, as well as the unique risks that accompany recent phenomena such as BYOD.
“Since small businesses are experiencing a surge in BYOD, Trend Micro is committed to providing solutions with dynamic, yet affordable, security capabilities that deliver greater functionality and ease-of-use across their operation,” stated Trend Micro vice president Eric Skinner.