An article this morning stated that anti-virus scanners are passé. I remember that Marnix Dekker of ENISA stated this in a meeting in The Netherlands circa one year ago. To my surprise this provocative claim did not send much more than a ripple through the audience. It was a bold statement, against everything the public at large was, if not instructed, at least seriously encouraged to use and regularly update at home and work. And now this. So, should we discard our anti-virus software?
There is truth and untruth in the statement. Yes, individual attacks on individuals within organisations, so called “spearphishing”, is used more and more to illegally enter an organisation digitally. There’s no anti-virus scanner that can avoid hacks of this kind (as far as I know). For all large scale attacks however, anti-virus software is still the best known practice for protection today. Next to disconnect and throw all devices out of the window that is.
Compare it to a contracted sniper attack versus a shot of hail. With spearphishing one person is singled out as a target and duped into opening a personalised e-mail that subsequently gives entrance to a network, where spammed e-mail with an infected link/attachment or a drive by download on an infected website is aimed at basically anyone unfortunate enough to click and thus cause a huge infection rate. Anti-virus software still helps detecting these forms of attack and neutralise its effects. The good ones are said to have a detection rate of 40% of the malware.
Two questions that I repeat, after debating it at the ECP workshop on mobile security of December 2011, is why is the mobile world so slow in picking up security? And why haven’t new forms of Internet access like HD TVs, picked up on security straight away? The problems have already been detected, as the criminals have the knowledge to dive into these new opportunities straight away. Opportunities offered by the high tech device industry and though the opened front door. Missed chances to be leading in cyber security all around!
So despite the news today, don’t throw away your anti-virus software just yet. Not as a private person, especially not I’d say, but also not as a company. It’s the second layer of your protection after the installed and activated firewall.
Another is behaviour. Don’t just click on anything that is sent through or is presented to you on the Internet. Anything that is not completely personal or slightly vague, e.g. “look at this picture I took”, is suspect. But sometimes a person simply has bad luck.
Wout de Natris, De Natris Consult
28 December 2012, Leiderdorp