For more than eight years, pundits have claimed “Antivirus is dead.” Are horseless carriages dead? What was once called a horseless carriage has evolved into a vehicle that remains horseless but is called a car. There are no new cars in production with oil burning headlights, such as were used in the 1880’s, or the headlight style of the 1915 Guide Lamp Co. that required the driver to get out of the car to dim them. No, horseless carriages are not dead; they are now cars that include crumple zones, air bags, drum brakes, hydraulic drum brakes, disk brakes, antilock brakes, and even sensing systems that brake automatically when there is an obstruction ahead or behind the vehicle. These have all been a part of the evolution of cars. Reports of antivirus’s death are greatly exaggerated. Antivirus (AV) is not dead but has evolved into the modern endpoint protection (EPP) product of today.
We cannot ask if AV works without establishing that the reports of its death are indeed greatly exaggerated. The term “antivirus” is ubiquitously used to describe modern EPP products despite the fact that AV has for decades provided far more than exclusively signature-based technology, and has detected far more than viruses. Having added several diverse technologies, AV is now the horseless carriage of EPP.
If we rephrase the question to “Do EPP products work?”, we must first define “work.” If “work” means one hundred percent, then no, EPP products do not work, but neither do any other products since nothing is perfect. Please use a reasonable definition of “work.” Do flu shots work? Did you answer “yes”? People sometimes catch the flu even after they get the shot, and flu shots are not effective against the targeted introduction of pathogens. Does automotive safety equipment work? How many deaths and injuries are caused by car accidents each year, even with safety equipment in use and even when the car is functioning as designed? The safety equipment is also ineffective against a bazooka attack (targeted). Does education work? Some people drop out of college or simply can’t pass the required tests. Does batting in a baseball game work? With few exceptions, batters hit successfully one third of the time at best. Does weather forecasting work? OK, you’ve got me on that one.
If we use a reasonable definition of “work,” then yes, EPP works as designed, successfully deflecting millions of threats daily by using signatures, heuristics, application reputation, and many more defensive technologies. The problem is the serious damage caused by the threats that get past the EPP and all of the other layers of defense. Like a soldier in the desert, vulnerable and attempting to defend against an unseen and heavily armed drone, all security software is subject to secretly planned and expertly deployed attacks that can inflict incredible damage.
When all of the safety equipment in a car fails and serious injury occurs, we turn to the emergency room (ER) to prevent further harm from infections and injuries, and even to prevent death. From Brain to Flame, Myths, Facts, and the Future is the first in a two-part series that traces the important developments in the evolution of EPP. This brief is foundational to the second brief in the series, which explains why EPP products increasingly are becoming the ERs of security.
Follow me on Twitter @randyab to keep informed as new research is released.
Follow us on Twitter (@NSSLabs) to keep informed as new research is released.