Last in a weekend interview with The Wall Street Journal, Brian Dye, Symantec’s senior vice president for information security claimed antivirus is dead and that antivirus is no longer a moneymaker in anyway. Symantec is a multi-billion dollar company, who have being selling antivirus software, under the Norton brand for nearly 25 years.
Brian claims that antivirus software only catches 45% of malware attacks because hackers increasingly use unique methods and bugs in the software of computers to perform attacks, resulting in about 55% cyberattacks going unnoticed by commercial antivirus software. He also stated that Symantec is now moving its business into the detect and respond sector, because of it’s failure to detect issues. The detect and respond sector is where you detect and respond to attacks rather than just try to protect against them.
Malware has become very complex since Stuxnet was discovered in 2010. Stuxnet was a computer worm used to attack Iran’s nuclear facilities. Computer viruses can be used for relatively simple criminal attacks, where data like credit card information is targeted or they can set out to corrupt data on a computer. They can also be espionage programs that spy on users, steal passwords and other data via key logging software. In the past few years we have seen the rise of blackmail malware like the Garda Virus and complicated malware like Stuxnet.
The Garda Virus was very simple and devious in how it operated. If your computer got infected, it would load a screen with a photograph of you taken with your webcam, state that you have been caught downloading illegal material and that you will be reported to the Garda (the Irish police).You were then given the option to pay them €100 via a credit or debit card if you wanted to regain use of your computer. In reality what you were doing was giving the creators of this Malware Virus your credit/debit card details.
Sophisticated Malware like Stuxnet is designed to attack only one computer or server. If you happened to download it, there is nothing to worry about as you are not the intended target. They work like Tomahawk Cruise missiles, which are programed to only attack its designated target and nothing else.
If someone wanted to bring down the power grid in a certain country, they would only have to go onto the darknet (a file sharing network where files are shared that you won’t find on the Internet that everyone uses), and download the Malware which they can then adapt to attack only the power grid.
When companies like Symantec start moving over to detect and respond, they are looking to track data leaks, hacking, and other intrusions whilst also preventing further repercussions from stolen data. This results in users having to change passwords and businesses stopping access to accounts and services that have been compromised. Businesses will also track the source of the intrusion and beef up their defences.
Last week Eircom the largest telecommunications provider in Ireland detected an attack happening, and they responded by stopping access to accounts and services that may have been compromised. Users were also told to change their passwords in case they had been compromised. In the past year attacks like this have become more common place worldwide, and another example is Target in the United States who was attacked last year.
As long as the average computer user stores a lot of personal information, which can vary from documents through to credit card details and photograph’s on their computer, then antivirus will not die. Antivirus may not be what it once was but there will still be a place for it in our cyber society even if that place is reduced.