Antivirus software ain't what it used to be. The sneaky, sophisticated security threats your PC faces now have gone far beyond what traditional software can do. The future of protecting your PC will require a multi-pronged approach involving vigilant updates, bug bounties, and artificial intelligence.
Like any software, antivirus is susceptible to bugs. Earlier this summer, Google’s Project Zero discovered serious flaws in enterprise and consumer products from Symantec that allowed malicious actors to take control of a computer. Symantec provided updates for the bugs, but some required manual installation from users, who needed to be in the know.
Symantec isn’t alone. Project Zero regularly publishes findings that reveal security flaws in software made by Kaspersky Lab, McAfee, and FireEye, to name a few. Brian Soldato of NSS Labs, a security product testing organization, says his company has seen “unprecedented numbers” of vulnerabilities that are bypassing security software.
Patch, patch, patch
“Unfortunately, for the average consumer there aren’t steps to take,” said Udi Yavo, CTO of security firm enSilo, which has also been a thorn in the side of AV products through its security research.
It’s up to security vendors to provide updates, but consumers need to make patching a priority, even with AVs. You should raise an eyebrow if your security vendor isn’t providing regular updates.
“One of the biggest problems we find when these threats bypass [the AV] is they’re not patching often enough,” added Soldato. “Most of the time, if they had patched they would never have been infected in the first place.”
Symantec is worth noting for how openly it communicates its patching schedule. But once a particularly nasty bug comes along, these patching practices can be thrown into disarray.
“They’re responding but in my opinion they’re not responding fast enough,” said Soldato. In some cases, vendors are taking weeks to develop complex fixes. “Quite frankly, that’s too long,” he warned, giving bad actors plenty of time to take advantage.
Bug bounties will drive innovation
Security firms are now looking for outside help with bug bounty programs, which motivate the security research community to find vulnerabilities in exchange for money and bragging rights. Kaspersky Lab is the most recent AV maker to implement such a program. A spokesperson for the company said the bug bounty “supplements our overall existing strategy aimed at making our software products more secure.”
By making code available for audit, these companies open their AVs to more criticism. Ultimately, however, greater collaboration on security will lead to a stronger product.
Many AV makers acknowledge the need to innovate. Carbon Black bought “next-generation” AV startup Confer in July, and SparkCognition launched DeepArmor, which meshes “advanced artificial intelligence techniques” into antivirus to prepare for threats around the corner. Machine learning algorithms can differentiate between harmless and malicious binary files, trying to predict their behavior rather than just detecting a bad file that’s already present.
We should expect to see the traditional branding of antivirus fade away, claimed Morey Haber, VP of technology at BeyondTrust, a cyber security consulting firm. He predicts it will be replaced with labels like “endpoint protection platform” and “advanced threat protection.” But flaws will always persist.
“In reality, [security systems] are still written by people, and people make mistakes,” Haber added. “It is just a matter of time before a flaw is found in one of these new systems that will draw us back to the same conversation we are having now.”