Cybersecurity

SPOTLIGHT ON SECURITY

Netflix Move Prompts Premature Antivirus Software Obit

Netflix reportedly is in the process of dumping its antivirus software and placing all its faith in an alternative solution to protect its more than 60 million subscribers from online nastiness, a move that prompted one pundit to pronounce the death of antivirus software yet again.

By dropping its service, Netflix was hammering the last nail in antivirus software’s coffin, suggested a Forbes article last month.

However, such dire pronouncements about antivirus software have been made for years, and they’re likely to be made for many years to come.

“Antivirus persists, so I think calling it dead is not prudent,” said Jason Brvenik, the principal engineer in Cisco’s Security Business Group.

“Pronouncing AV dead is perhaps looking myopically at one portion of the role AV plays in the ecosystem for organizations,” he told TechNewsWorld.

“The death of antivirus makes an impactful headline — and yet the reality is that such headlines are hardly new, nor accurate,” noted Raj Samani, vice president and CTO of Intel Security.

AV-Only Era Over

Antivirus software still has a role in protecting organizations against cyberattacks, Samani told TechNewsWorld. Antivirus works with other measures — such as blacklisting, whitelisting, behavioral analysis, threat intelligence analysis and threat detection — to create a more efficient approach to mitigating malware threats.

“The era of AV-only is over,” said Piero DePaoli, Symantec Enterprise Security’s senior director for global product marketing.

“AV is a baseline capability required for any endpoint protection product,” he told TechNewsWorld, “but is just one piece of a broader arsenal of advanced protection technologies required to protect against the evolving threat landscape.”

Where antivirus software falls down — and why its critics have rushed over the years to dig its grave — is in its ability to deal with sophisticated attacks.

“It won’t handle a motivated attacker, but it will handle the mundane, and that’s significant,” Cisco’s Brvenik said.

As imperfect as antivirus software is, it still performs a valuable service at the endpoints in any network.

“Here at Kaspersky Lab we record over 325,000 new malware samples every day,” said North America Managing Director Chris Doggett.

“Without AV software as part of a security solution,” he told TechNewsWorld, “we’d be giving up the idea of protecting endpoints and mobile devices, leaving millions of people at the mercy of cybercriminals.”

Death Knock

While new technologies may run circles around antivirus software in identifying threats, AV programs do more than identify threats, which is why they continue to remain viable.

“As these [antivirus] products stand right now, they are the best solution we have today,” said Vikram Phatak, CEO of NSS Labs.

“There are a bunch of new endpoint products, but none of them are equivalent to what an antivirus product does from a number of different angles — everything from remediation to quarantine,” he told TechNewsWorld.

“Is death knocking on the door of antivirus? Yes. Is it dead yet? No,” Phatak said. “The new products that are claiming to subsume antivirus just aren’t there yet.”

However, antivirus software is dead in a way, as it has evolved to become quite different from the original iterations. Those programs used software signatures to fight viruses. Much of today’s antivirus software has more than signatures in its arsenal and doesn’t do much virus fighting.

Noise Reduction

Viruses — self-propagating pieces of code that reproduce for their own benefit — have become rare, Cisco’s Brvenik noted. “We don’t even see a ton of worms anymore. Everything now is malicious pieces of software to achieve some gain.”

Software signatures are less important to antivirus programs. Signatures have been either supplemented or replaced with tools that identify threats by how they behave, rather than what they appear to be.

AV testing has shown that antivirus programs are missing about 4 percent of the threats in the wild, Tom Kellermann, chief cybersecurity officer at Trend Micro, pointed out.

“Four percent may not sound like much, but it’s a lot when you consider there’s a new threat being created every two seconds,” he told TechNewsWorld.

Nevertheless, “I don’t think antivirus, if modernized, is dead, because you still need to eliminate 90 percent of the noise out there, and focus your attention on how you construct your defense in depth against targeted attacks,” Kellermann explained. “Everyone should use antivirus, as long as it’s not solely signature-based.”

Breach Diary

  • Aug. 30. Palo Alto Network’s Unit 42 estimates KeyRaider malware has compromised 225,000 Apple accounts by infecting jailbroken iOS devices.
  • Aug. 31. Avid Life Media, operator of the infidelity website Ashley Madison, announces “hundreds of thousands” of new users have signed up for the Ashley Madison platform since widely publicized data breach that exposed online intimate information on 33 million account holders.
  • Aug. 31. Minnesota Department of Public Safety reports driver’s license information for 18 people is at risk after a password-protected portal was accidentally opened on the Internet.
  • Sept. 1. Microsoft, Google and Mozilla announce phaseout of RC4 encryption support. RC4, in use since 1987, primarily secures data-in-transit on the Internet. Recent attacks have shown the encryption scheme can be cracked in hours or days.
  • Sept. 1. U.S. Office of Personnel Management and Department of Defense jointly announce award of US$133 million contract to ID Experts to provide identity theft services to 21.5 million people affected by data breach at OPM.
  • Sept. 1. UCLA Health notifies 1,242 people that their personal and healthcare information is at risk after laptop of a faculty member was stolen July 3.
  • Sept. 2. UK publisher WHSmith reveals private data of people filling out a “contact us” form online was being emailed to the company’s subscribers instead of the company due to a configuration error at its website.
  • Sept. 2. Cancer Care Group of Indiana pays $750,000 to U.S. Office for Civil Rights to settle violations of federal law related to data breach caused by theft of an employee’s computer.
  • Sept. 2. Conservative think tank The Heritage Foundation reports personal information of an undisclosed number of donors is at risk due to a data breach of an external server containing six-year-old documents.
  • Sept. 2. Filing in federal district court in Los Angeles announces settlement in lawsuit filed by Sony Pictures Entertainment employees whose personal information was posted online after data breach at the company. Terms of settlement or the number of employees involved were not included in the filing.
  • Sept. 3. Brunswick Hotel and Tavern in Maine discloses that personal information of some 2600 guests is at risk from malware infection found on its front desk computer. It adds that 30-40 guests have reported fraudulent charges on their credit cards related to the data breach.
  • Sept. 3. A California court dismisses $1.25 million lawsuit against UCLA Health for failing to adequately protect a woman’s medical record that was improperly released to a romantic rival.
  • Sept. 4. Kronenberger Rosenfeld files lawsuit against GoDaddy, Amazon Web Services and multiple anonymous defendants for obtaining and repurposing stolen data from Ashley Madison to make it easily accessible and searchable by the media and curious Internet users, and actively distributing it for their own gain.

Upcoming Security Events

  • Sept. 12. B-Sides Augusta. GRU Harrison Education Commons Building, 1301 R.A. Dent Blvd., Augusta, Georgia. Free.
  • Sept. 12-21. SANS Network Security 2015. Caesars Palace, Las Vegas, Nevada. Long Courses: $3,145 – $6,295. Short Courses: $1,150 – $2,100.
  • Sept. 16. Secure Networks Mean Secure Revenue. 11 a.m. ET. Webinar sponsored by Arbor Networks. Free with registration.
  • Sept. 16. George Washington University Cyber Academy Open House. George Washington University, Virginia Science and Technology Campus, Enterprise Hall, 44983 Knoll Square, Ashburn, Virginia. Free with registration.
  • Sept. 16. ISMG Data Breach Prevention and Response Summit. The Westin San Francisco Airport, 1 Old Bayshore Highway, Millbrae, California. Registration: $695.
  • Sept. 16-17. SecureWorld Detroit. Ford Motor Conference & Event Center, Detroit. Registration: open sessions pass, $25; conference pass, $175; SecureWorld plus training, $545.
  • Sept. 17. 6th Annual Billington Cybersecurity Summit. Ronald Reagan Building and International Trade Center, 1300 Pennsylvania Avenue Northwest, Washington, D.C. Registration: corporate rate, $595; academic, $145; military and government, free.
  • Sept. 18. B-Sides Cape Breton. The Verschuren Centre, Cape Breton University, Sydney, Nova Scotia, Canada. Free.
  • Sept. 22-23. SecureWorld St. Louis. America’s Center Convention Complex, St. Louis. Registration: open sessions pass, $25; conference pass, $175; SecureWorld plus training, $545.
  • Sept. 28-Oct. 1. ASIS 2015. Anaheim Convention Center, Anaheim, California. Through May 31 — member, $895; nonmember, $1,150; government, $945; student, $300. From June 1 through Aug. 31 — member, $995; nonmember, $1,250; government, $1,045; student, $350. From Sept. 1 through Oct. 1 — member, $1,095; nonmember, $1,350; government, $1,145; student, $400.
  • Sept. 30-Oct. 1. Privacy. Security. Risk. 2015. Conference sponsored by IAPP Privacy Academy and CSA Congress. Bellagio hotel, Las Vegas. Registration: Before Aug. 29 — member, $1,195; nonmember, $1,395; government, $1,045; academic, $495. After Aug. 28 — member, $1,395; nonmember, $1,595; government, $1,145; academic, $495.
  • Oct. 2-3. B-Sides Ottawa. RA Centre, 2451 Riverside Dr., Ottawa, Canada. Free with registration.
  • Oct. 6. SecureWorld Cincinnati. Sharonville Convention Center, 11355 Chester Rd., Sharonville, Ohio. Registration: open sessions pass, $25; conference pass, $175; SecureWorld plus training, $545.
  • Oct. 6. UK Cyber View Summit 2015. 6 a.m. ET. Warwick Business School, 17th Floor, The Shard, 32 London Bridge, London, UK. Registration: 550 euros plus VAT.
  • Oct. 9-11. B-Sides Warsaw. Pastwomiasto, Anders 29, Warsaw, Poland. Free with registration.
  • Oct. 12-14. FireEye Cyber Defense Summit. Washington Hilton, 1919 Connecticut Ave. NW, Washington, D.C. Registration: before Sept. 19, $1,125; after Sept. 18, $1,500.
  • Oct. 15. SecureWorld Denver. The Cable Center, 2000 Buchtel Blvd., Denver, Colorado. Registration: open sessions pass, $25; conference pass, $175; SecureWorld plus training, $545.
  • Oct. 19-21. CSX Cybersecurity Nexus Conference. Marriott Wardman Park, 2660 Woodley Rd. NW, Washington, D.C. Registration: before Aug. 26 — member, $1,395; nonmember, $1,595.
  • Before Oct. 14 — member, $1,595; nonmenber, $1,795. After Oct. 14 — member, $1,795; nonmember, $1,995.
  • Oct. 28. The Cyber-Centric Enterprise. 8:15 a.m. ET. Virtual conference. Free with registration.
  • Oct. 28-29. SecureWorld Dallas. Plano Centre, 2000 East Spring Creek Parkway, Plano, Texas. Registration: open sessions pass, $25; conference pass, $175; SecureWorld plus training, $545.
  • Oct. 28-29. Securing New Ground. Conference sponsored by Security Industry Association. Millennium Broadway Hotel, New York City. Registration: Before Sept. 8 — member, $895; nonmember, $1,395; CISO, CSO, CIO, $300. After Sept. 7 — member, $1,095; nonmember, $1,495; CISO, CSO, CIO, $300.
  • Nov. 4. Bay Area SecureWorld. San Jose Marriott, 301 South Market St., San Jose, California. Registration: open sessions pass, $25; conference pass, $175; SecureWorld plus training, $545.
  • Nov. 10. FedCyber 2015 Annual Summit. Tyson’s Corner Marriott, 8028 Leesburg Pike, Tyson’s Corner, Virginia. Registration: $395; academic, $145; government and military, free.
  • Nov. 11-12. Seattle SecureWorld. Meydenbauer Center, 11100 NE 6th St., Bellevue, Washington. Registration: open sessions pass, $25; conference pass, $175; SecureWorld plus training, $545.
  • Nov. 24-25. Cyber Impact Gateway Conference. ILEC Conference Centre and Ibis London Earls Court, London, UK. Registration: end users–pounds 1699 plus VAT (before Sept. 18), pounds 1799 plus VAT (before Oct. 9), pounds 1899 plus VAT (before Oct. 30), pounds 1999 plus VAT (standard); solution providers–pounds 2699 plus VAT (before Sept. 18), pounds 2799 plus VAT (before Oct. 9), pounds 2899 plus VAT (before Oct. 30), pounds 2999 plus VAT (standard).
  • Dec. 12. Threats and Defenses on the Internet. Noon ET. Northeastern University, Burlington Campus, 145 South Bedford St., Burlington, Massachusetts. Registration: $6.

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

1 Comment

  • I’m a gamer, a gamer that used to run game servers, and the security of gaming environments has always been of interest to me. Specifically, how do you stop cheaters and exploiters from ruining everyone’s game play experience? The problem is very similar in a way to the problem of dealing with all kinds of malware, only a little more specialized and specific.

    Many gamers will tell you that software based automated detection of cheat applications is worthless, as there are so many ways around that detection. But the truth is software based automated cheat detection plays the same role as antivirus software does these days, it provides baseline protection. It stops the 90% of cheaters who cheat because cheating is easy.

    Antivirus won’t stop a determined, skilled hacker. Automated software based cheat detection won’t stop a determined, skill hacker either. But both will stop the casual attackers dead in their tracks, and allow those responsible for securing whatever environment is their domain to focus on the determined and skilled attackers, and on what can be done to offer protection from their attacks. It reduces the background noise and makes the truly destructive attackers easier to identify.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Cybersecurity

Technewsworld Channels