Is Antivirus Dead? It Depends on How You Look at It

Every once in a while, someone or some company in the information security industry comes up and says, “antivirus is dead.” This happened again last week, when Symantec’s Brian Dye told the Wall Street Journal that antivirus was dead and that it was no longer a “moneymaker.”

Antivirus is usually declared dead when a company launches some fancy new product that uses sophisticated technologies to detect and mitigate cyber threats. This time is no exception. Symantec has just announced its plans to release new software and services to protect organizations against advanced threats.

So, is antivirus dead? It depends on how you look at it. Traditional antivirus, the one that relies only on malware signatures to detect a threat, is certainly dead. However, most of the major security software companies offer “antivirus” solutions that integrate all sorts of sophisticated mechanisms that can detect threats based on their behavior.

Antivirus can also be legitimately declared dead when it comes to securing the systems and networks of an enterprise. Here’s what experts have to say about the “death of antivirus.”

Bogdan Dumitru, Bitdefender chief technology officer, tells Softpedia:

“The truth is always in the middle ground. Relying solely on antivirus is a dead end – and it has been for at least 8 years now. But that’s like saying that aspirin is dead because it’s not the cure for cancer, AIDS and all of humanity’s other illnesses.

Aspirin still works for a hangover or a mild cold and people still keep it in their medicine chests. Other techniques were developed for other illnesses. The same way, other [smaller] companies have brought new innovative technologies that expanded their spectrum and started defending against several other threats. Antivirus is just one feature within a security suite.”

Catalin Cosoi, Bitdefender chief security strategist, tells us:

“APT is yet another of many buzz word, and everyone will start working (officially) on ATP technologies. On the other hand, there might some truth in that statement if understood correctly. We have proven results that we were ahead of the flag on several other occasions and we are also working on changing the security industry. We have the results and we will launch soon.”

An expert from Malwarebytes, to Softpedia:

“Saying antivirus is dead is quite a bold statement, but as the threat landscape has diversified so much in recent years, it’s not sufficient on its own. Many traditional antivirus approaches have not adapted as fast as the threat environment and as malware has become more advanced, it has outpaced traditional security approaches.

This is why we have always touted a ‘complementary approach’. Having a specialist piece of software such as Malwarebytes working alongside traditional antivirus provides greater security.”

AVAST’s CEO Vincent Steckler notes in a blog post:

“Symantec’s statement seems to relate to the enterprise, and not the consumer and small business. Enterprises have traditionally relied on many layers of defense and antivirus is one of those layers. Antivirus though is a broad-spectrum defense and as such is often complemented by other products, such as those protecting against targeted attacks that enterprises worry about.

In the consumer and SMB space, the situation is quite different: customers typically do not have multiple layers of protection. They have one, their AV product.

These products though are not the simple AV products of past years. The true statement in the story is that consumer security is so much broader than AV. AV is used as a generic name as it is what customers know.

They instead incorporate firewalls, intrusion detection, heuristics, virtualization, sandboxes, and many other layers of protection and not just antivirus. Therefore, we believe AV is not dead in the consumer space. It is far from dead there.”

Costin Raiu, senior security researcher at Kaspersky Lab, writes in a blog post:

“Traditional signature-scan antivirus as the sole method of protection has been dead for many years. It has been replaced by a much more sophisticated bundle of products and technologies, which combine heuristics, sandbox analyzers, cloud reputation and whitelisting technologies to protect the user.

Every major player today has already adapted to these trends. Actually, those who didn’t adapt simply disappeared! Many times new technologies have emerged which were supposed to become ‘magic bullets’ to save the world from malware and make traditional (signature-based) antivirus technology largely obsolete.

However, it always becomes quickly apparent they’re not magic bullets at all, and all that happens is that the new technologies are simply added to IT security companies’ existing protection technologies which in turn bolsters the level of security overall.”

Security expert and investigative journalist Brian Krebs writes:

“In short, as I’ve noted time and again, if you are counting on your antivirus to save you or your co-workers from the latest threats, you may be in for a rude awakening down the road.

Does this mean antivirus software is completely useless? Not at all. Very often, your antivirus product will detect a new variant as something akin to a threat it has seen in the past. Perhaps the bad guys targeting you or your organization in this case didn’t use a crypting service, or maybe that service wasn’t any good to begin with.

In either case, antivirus remains a useful — if somewhat antiquated and ineffective – approach to security. Security is all about layers, and not depending on any one technology or approach to detect or save you from the latest threats.

The most important layer in that security defense? You! Most threats succeed because they take advantage of human weaknesses (laziness, apathy, ignorance, etc.), and less because of their sophistication.”

Avira Security Expert and Product Manager Sorin Mustaca tells us via email:

“This hardly comes as news for anyone in the security industry who’s been in the business for more than a few years. I've written in April 2014 in the Virus Bulletin magazine an article called ‘Is the IT security industry up to the new challenges to come?’ where I describe exactly this situation.

For the past 25 years, the IT security industry has done a great job of protecting users against existing and emerging threats, in the form of files (copied, downloaded or emailed), streams of data (remember Code Red), and recently, even against common vulnerabilities in third-party software. We started with Windows, continued with MacOS and Linux, and lately we have extended the protection to mobile devices running various operating systems.

Saying that the ‘Antivirus is dead’ is incomplete. The classical antivirus, the one that works only with signatures or patterns, might be dead - but dead as in not enough anymore. These days, all antivirus companies that want to make a difference, are doing more than providing signatures.

The detection of malicious software using signatures worked well until late 90' beginning of 2000, because the bad guys were too slow in creating malware. Since then, the bad guys got organized and are much faster.

Now, we are adding cloud detections, sandboxes, heuristics, artificial intelligence and more.

IT security got so complex these days, that it is no longer enough to just install a software to detect malicious programs. An effective security product contains a suite of programs that deal also with web threats, vulnerabilities in 3rd party software, mail threats (spam, phishing) and a firewall.

To conclude, I would like to say that ‘the <classical> antivirus is dead, long live the <modern> antivirus.’ Or perhaps, it would be better to not even call it antivirus at all.”

Panda Security’s Luis Corrons has also published a blog post on the death of the antivirus. He notes the following: