Are You Still Using Antivirus | 2Secure Corp

Table of Contents

YouTube video

Are you still using antivirus or anti-malware?

This Cybersecurity Insider episode, hosted by Yigal Behar, features this critical topic: the current state of antivirus and anti-malware solutions.

Yigal also examines their effectiveness against modern threats, and whether they are still a necessity for both individuals and businesses.

False Sense of Security

Yigal goes through the history of antivirus solutions, tracing their origins back to the discovery of the first computer virus in 1971.

Yigal notes the subsequent rise of antivirus companies and the introduction of anti-malware solutions in response to zero-day exploits.

Yigal recounts a recent discussion with a client who had experienced a security incident despite having an antivirus solution in place. The client questioned the effectiveness of the antivirus, leading Yigal to emphasize the importance of understanding how such solutions work and their limitations.

According to Yigal, they had a “false sense of security,” where users believe they are protected due to a green status on their antivirus console, while in reality, a threat may be lurking undetected.

He avoids naming specific antivirus companies but asserts that the key is to understand what these tools can and cannot do and to take appropriate measures to ensure comprehensive security. “What’s really important is to understand how anti-virus solutions work [sic], and from there, to understand what we need to do next in order to get things correctly.”

No Threats

Yigal continues that the common misconception of equating a green status on an antivirus console with complete security is a dangerous one.

He reveals that in his experience, 99% of the environments he encounters are compromised in some way, regardless of their antivirus status.

He affirms that clean networks are a rarity these days, and it’s best to move beyond the illusion of security that a green light can create. He promises to look deeper into this issue and explore ways to improve cybersecurity beyond relying solely on antivirus solutions.

How It Works

Yigal then shifts gears to explain the inner workings of antivirus solutions. He claims that the name of the specific antivirus software is irrelevant, as the underlying mechanism remains consistent.

Upon discovering a new virus, antivirus companies develop a corresponding signature, which is an identifier for the malicious code. He says, “This signature is being sent to the computer where the antivirus solution is installed, and once a threat is detected that matches this signature, then you have a detection. Then you say, ‘Oh, I have a positive detection,’ and therefore it terminates that process or whatever threat that this signature was made for.”

However, Yigal hints that this traditional approach is not foolproof, especially with the rapidly rising cyber threats.

The Spread of Viruses

Yigal reflects on the evolution of virus transmission, noting that in the “old days” of floppy disks, the spread was slow and cumbersome. With the rise of the internet and faster technologies, the proliferation of viruses has accelerated exponentially.

This rapid pace of virus propagation presents a challenge for antivirus companies. They struggle to develop antidotes or signatures quickly enough to keep up with the ever-evolving threat landscape. This delay between a virus’s emergence and the creation of a corresponding signature is known as the “gap detection” problem.

Even after developing a signature, antivirus companies need to update all their systems, which takes additional time. While updates typically occur every 15 minutes or so, there is still a window of vulnerability during which systems may be unprotected.

Yigal explains that these updates are often incremental, involving only the changes or “deltas” to the signatures, rather than sending the entire file, which speeds up the process.

Zero-Day

Yigal then introduces the concept of zero-day threats. These are vulnerabilities in software or hardware that are discovered by hackers before the developers become aware of them.

This allows attackers to quickly exploit these vulnerabilities through various means by compromising the security of your emails, websites, and web applications. Yigal points out that traditional antivirus solutions are often unable to detect zero-day threats because they don’t yet have a signature for them.

To address this issue, the concept of anti-malware was developed. Anti-malware solutions go beyond signature-based detection and use more advanced techniques to identify malicious activity. They scan computers for suspicious files and behaviors, such as attempting to connect to the internet or performing port scanning.

Yigal explains that port scanning is like trying to open doors in a corridor to see what’s inside. Each door represents a port, and if it can be opened, it means the port is open and potentially vulnerable to exploitation.

Legitimate services also run on open ports, such as when you visit a website. However, Zero-Day threats can exploit vulnerabilities in these services or open ports that are not properly secured.

Limitations of Antivirus & The Need for a New Approach

Yigal contends that zero-day threats pose a huge challenge due to their ability to evade detection by traditional antivirus software. Their “fileless” nature and lack of signatures make them particularly difficult to identify.

He clarifies that antivirus solutions still have value in protecting against older, known threats “that are still out there that are still looking for vulnerabilities or weak points or entry points in your computer or network in order to propagate or go to jump from computer to another computer \.”

He also adds that while antivirus software is necessary, it’s no longer sufficient on its own. The focus should shift to monitoring the behavior of threats—what they do, where they go, and how they interact with the system. This requires tools and solutions that can provide visibility into various activities, such as file access, network connections, and website visits.

Yigal recounts advising a client against simply replacing their existing antivirus solution with a different one. He explains that this would not solve the underlying problem of lacking visibility into the threats present on their network.

Instead, he advocates for a more comprehensive approach that involves understanding the specific threats and vulnerabilities present in their environment and implementing targeted solutions to address them.

Yigal maintains that threat identification and mitigation is an ongoing process involving alert analysis, distinguishing true from false positives, and using security measures to combat ever-changing threats.

Join The Cybersecurity Insider podcast for breaking news, expert insights, and workable strategies to protect yourself and your business in cyberspace. Catch us on your favorite platforms: YouTube, Apple, and Spotify.

The Antivirus question always comes up in conversations that we have with clients and prospects. Maybe we should replace our Antivirus solution with another brand name.

This is interesting, trying to get different results using the same method… Don’t you think?

Share this article with a friend

Related Posts

5 Common Causes Of WordPress Site Crashes & How To Prevent It

5 Common Causes Of WordPress Site Crashes & How To Prevent It

If you’re a small business owner, you probably have a website powered by WordPress, which is used by 43.5% of…
What Is DIY Malware

What Is DIY Malware

Malware-based threats surged by 30% in the first half of 2024 compared to the same period in 2023, according to…
Why Ransomware Attacks Target Businesses During “Off-Hours”

Why Ransomware Attacks Target Businesses During “Off-Hours”

According to reports, organizations around the world detected 317.59 million ransomware attempts in 2023.1  What’s interesting is that Malwarebytes’ 2024…

Create an account to access this functionality.
Discover the advantages