Anti-virus or Anti-malware is not dead; it is one of the defense mechanism in a defense-in-depth strategy.
“Anti-virus is dead” is what you generally hear these days from the ‘over-the-top’ campaign makers. And what is the alternative, if so? There has never been a suitable response. Anti-virus or anti-malware products do their job quiet well, what they were meant for. You generally get asked, “Which AV is better?” There are testing companies, there are surveys available etc. to prove one against the other. Majority of these AV products do much of the same job. And each of them is as effective as the other.
So, is Anti-virus enough to safeguard your systems? Anti-virus is like going to a doctor after you are infected. Doctors will suspect some kind of an infection and may suggest some cure. And you get repeatedly attacked by different variants and you keep visiting your Doctor. There are anti-body identification mechanisms built into the human immune system, which identifies foreign bodies and fights with them. So, there are computer firewalls, signature based malware detection, malware heuristics and behavioral analysis methods which try their best to emulate human system but they are nowhere closer to the sophistication of human defensive mechanism.
It is reported that about 67% of malware are undetected and about 90% of the malware make use of a vulnerability or misconfiguration in your system. Attackers today have methods to automate the creation of malware, be polymorphic and stay undetected. Attackers have the automated environment to test the detection rate of AV products and fine tune their malware.
Anti-virus alone is not enough; the need is multi-level defenses in order to effectively safeguard your system, be it a home computer or a business computer. As an industry, we went wrong with relying only on ‘detect-and-cure’ method.
1. Strengthen the system by fixing vulnerabilities or loopholes and misconfigurations: Stay healthy, stay secure. Majority of the malware today are making use of loopholes, default or misconfigurations in the system to get into the system.
2. A firewall to filter out the unwanted traffic: Open the door to the traffic of your interest.
3. Anti-malware: Product that works based on software reputation or white labeling of all the executables and performs behavioral analysis of each event that take place in the system.
4. Know what is running in your system and monitor regularly.
Building immunity is the first line of defense. Keep your software updated and configure them appropriately.