JMH3143· Microsoft MVP, Microsoft Support Visiting Expert,
Discussion Starter · #1 ·
Schrödinger’s antivirus: The immortality of antivirus software
Schrödinger's antivirus: The immortality of antivirus softwareIntroduction
There are certain subjects that are the equivalent of scraping fingernails across a chalkboard for antimalware researchers, raising their digital hackles and causing grimacing normally associated with phrases like “root canal surgery” and “income tax audit”. In the case of antimalware, it’s being told that “antivirus is dead”.
That’s why I gave a webinar a few days ago titled Is AV Dead? on ESET’s BrightTALK channel, looking not just at the many times I’ve heard this tired canard over the years, but the reasons behind it as well, delving into the many times the “death of AV” has been announced, as well as looking at the new – and old – technologies used to protect against threats.
Please note that a free registration is required to view this presentation, as well as others by myself and my fellow researchers. If you’re not up for that, or don’t have an hour to spare, you can download the slide deck from the White Papers section of We Live Security.
After a fashion, this presentation is the obverse to the webinar I gave at the beginning of the year on Advanced Persistent Threats: Using multi-layered detection to defend against APTs, where I looked at all of the new techniques being used by antimalware companies to protect against espionage by businesses and governments.
The Many Lives and Deaths of AV
The antivirus industry – or as it is now known, the antimalware industry – has a rich and somewhat tiring history of being told that “antivirus is dead”. The first time I heard this was 26 years ago at McAfee Associates in 1989, when the 1260 virus first appeared, targeting computers that ran DOS. Also known as the V2P1 or Chameleon virus, this was the first computer virus that was polymorphic. That is, it varied the order in which its instructions were executed in an attempt to avoid detection. And it did, for about four hours, until one of the programmers developed an algorithm to scan for it.