Most of us who have worked with computers for a while remember the glory days of antivirus. Back then, most malware arrived as an attachment and would be immediately stopped by the antivirus program if we tried to open it.
In those days, malware protection was simple.
Unfortunately, the intruders and their new malware threats are vastly more sophisticated. Intruders have the goal of getting past the edge of the network and into the inside where the valuable data exists.
In an effort to protect machines on the edge of the network, administrators have tried limiting administrative rights and hardening the OS. Unfortunately, this can cause an increase in the number of support calls because some desktop applications stop working.
The Equal and Opposite Reaction of New Malware Threats
Most antivirus products use a unique signature (or fingerprint) to identify malware. The antivirus uses a cryptographic hashing process to create a fingerprint and then stores all those fingerprints in a database on the workstation.
When they started this method years ago, they might have had hundreds of fingerprints. As the number of variants have dramatically increased, the size of the database file has increased as a result. As the file size grows, the antivirus is forced to constantly scan files in order to keep up. This can degrade performance.
According to Tech Republic, “anti-virus scanning is based on Newton’s law; for every action there is an equal and opposite reaction. Each time a new virus, or a new viral approach is discovered, anti-virus scanners must be updated. It isn’t hard to see there is a point of diminishing returns, where updating is no longer feasible because testing takes too long. At that point, customers begin to look for other solutions to overcome malicious threats.”
While traditional antivirus might not be dead, it certainly isn’t as effective as it was in the old days. New malware threats have advanced past this level of security. For example, what happens when a polymorphic virus that can change its own code and signature shows up on a workstation (i.e. endpoint)? The answer is that it isn’t recognizable by traditional antivirus.
New Malware Threats: Coming to An Endpoint Near You
An endpoint could be a computer running Windows, Apple, or Linux. Or it could be a tablet, smartphone or some other device on your network. Any of these are potential endpoints where malware can come in. Endpoint security software such as uses behavior-based threat detection to detect threats upon execution that cannot be detected by known detection methods, such as signatures or mathematical algorithms.
By protecting endpoints, you are protecting the biggest attack surface area on your network.
Using advanced detection, modern security software actively finds threats using forensic capture capabilities. This process of watching processes and behaviors is more efficient than having to scan every single file on the machine.
New malware threats will continue to evolve with a greater number of attacks using variants that don’t exist in antivirus databases. By the time it gets added to their extensive list of known malware, it is often too late.