PDA

View Full Version : Is Anti-Virus Dead?


HARLEY
07-31-2008, 04:44 PM
http://isc.sans.org/diary.html?storyid=4808

hogndog
07-31-2008, 05:08 PM
"I can't get infected by malware. I have anti-virus!" The absurdity of that statement needs no explanation at this point. This has led to people considering anti-virus a dead technology because it is always one-step behind attackers. This isn't necessarily untrue, but anti-virus by its very nature is reactive... it will only block against known threats. Additionally, anti-virus signatures are essentially public. Any number of resources exist to scan your malware to see if it detects. In short, you know ahead of time if you have the first ~24 hours of free reign. If you target your attack, you can have far longer because you have a higher potential of floating under the radar and getting your bad bytes captures by the AV guys and/or security researchers like us. AV, like all reactive technologies, suffers from the "First Win problem". It isn't so much that they are "one-step behind"; it is that fundamentally it can never be ahead of the attackers.

:borg: