What’s Happened to Anti-Virus Software? Can Patch Management Save the Day?

Greg Edwards

 Anti-virus software has stopped doing its job, that’s what’s happened and patch management is the way forward in malware prevention. That is a bold statement that should strike fear in the heart of any business owner. Malware (including viruses and Trojans) are on the increase. Companies like Symantec and AV Test are continuously monitoring the security landscape.

Malware increase since monetization AV-TEST.com Stats

The latest findings by IT Security Specialist consultants AV Test have found that in 2014 there were almost 400 million malware programs out there. The security firm Symantec concurs with this finding, stating that more than 317 million new malware threats appeared in 2014, up 26% from the previous year. It is highly likely most of those affected were in fact using anti-virus software, as 76% of computers have anti-virus software installed. The fact is though, that anti-virus software is now an outmoded way of coping with clever hackers who are always ahead of the game.

You can think of computer virus attacks in much the same way as you think of the flu bug. Every year a new flu bug comes out. The Center for Disease Control and Prevention, more commonly known as the CDC, researches the most likely three or four flu virus candidates that may affect the American population in that year. They then create a vaccination based on their research. However, viruses mutate and evolve, and the vaccination is a retrospective attempt at control. Invariably a new strain appears and we have a flu epidemic on our hands, even if you have been vaccinated. Computer viruses, the hackers who develop them and anti-virus software work in similar ways. The anti-virus software will have ‘definitions’ that will prevent known malware infections, these are analogous to the flu vaccination and often based on known or researched infection types. However, the hackers are always evolving new techniques of infection, new viruses if you will, in much the same way that nature will evolve a new strain of the flu. Just like the flu vaccination, anti-virus software is retrospective, always trying to keep up with changes. This has left us with a situation whereby we can no longer rely on anti-virus software to protect our computers.

Ghost Hunting

Recent research by several organizations, including Imperva and FireEye, has shown that anti-virus software is ineffective. Imperva looked at 40 anti-virus products and found that 75% of them took up to a month or longer to update their definitions. In fact, Imperva found that initial detection of a new piece of malware was less than 5%. FireEye found some very striking facts about malware itself which impacts the true effectiveness of anti-virus software at all. FireEye found that malware has a very short lifetime, 82% of malware disappearing after only one hour. They described anti-virus software as being “akin to ghost hunting”. These are striking findings and show that the need for anti-virus software needs to be addressed and new methods of malware detection and prevention need to be used instead.

If you are one of the many who get infected by malware you will be subject to the whims of the malware program, which includes loss of intellectual property, sensitive data, loss of customer data and even financial details. One of the biggest pains of malware infection is system downtime. Malware is notoriously difficult to remove, once you’ve been infected. In fact many system administrators, rather than spend the time trying to remove the malware, simply wipe the machine and re-image it. This takes time; it ends up with lost data and is very disruptive.

So what can be done if we can’t rely on our trusty anti-virus software anymore? Malware threats are increasing year over year - what can we do to protect our business? Many security experts now accept that prevention is better than cure and advocate the use of preventative measures such as patch management. Malware is so prolific because of software vulnerabilities; hackers exploit software that has open doors that malware uses to enter your computer. Those doors need to be closed by patching, i.e. installing software updates. Installing updates greatly decreases your chance of having viruses or Trojans attack your system. Being proactive will prevent your business from being infected by malware.

Patch Guardian

WatchPoint data acts as your Patch guardian. Patching software can be a complicated and time-consuming practice. Coupled with this, prompt deployment is critical in the fight against malware. Patch management experts, PatchManagement.org state that installing updates, “in a timely manner is critical, these updates must be made in a controlled and predictable fashion”. They go on to say that, “without an organized and controlled patch application process, system state will tend to drift rather quickly from the norm and compliance with mandated patch and update levels will diminish”. WatchPoint Data performs this process in a watchful manner. Our Cloud Panel gives you the insight you need to patch promptly and prevent malware infections.

Share this: