Antivirus is Dead!

So declared Brian Dye, Symantec’s senior vice president for information security. “We don’t think of antivirus as a moneymaker in any way.”  Mr. Dye went on to say “antivirus now catches just 45% of cyberattacks.”

So because they cannot make money, this segment of the software industry is dead?  Maybe they are not any good at it!  Or maybe it is the wrong solution to the problem.  Or maybe it is too narrow of a solution.

I believe that this problem can only be dealt with effectively at the operating system level.  But the stage was set by Microsoft years ago when they allowed third party companies to deal with the problem of poor security on Microsoft Windows.  But that is just like plugging holes in a leaking boat, it just slows down the problem.

Microsoft has made feeble attempts to increase security on Windows® with equally feeble results.  A code-signing mechanism was introduced in Windows called Authenticode, but even Microsoft does not use this technology to protect the integrity of all of its software.  Microsoft finally added a firewall application, in a usable form, to the Windows operating system in 2004.

The problem of malicious access and modification of computer systems needs to be dealt with at the lowest levels and with a variety of methods.  Intrusion prevention and intrusion detection software are both needed to prevent system attacks.  Many intrusion prevention solutions exist in the form of stand-alone systems like routers and applications that can be installed on end-user systems.  For Linux systems numerous intrusion detection applications can be found such as AIDE and Tripwire.  There is even an cross-platform, open-source application called OSSEC that runs on Windows based systems.

Some of these solutions are not the “next big thing” required by most “for profit” companies.  So many solutions will come from the open-source community.