( Originally reposted from 2009, by Jerry Caruso.)
“Antivirus software is dead”
There, I said it. I officially pronounce all attempts to prevent PC viral infection by host-based software to be futile. The exact date and time of death is unclear, as the antivirus industry has engaged in jactitation for some time now. But the tests are in and they are clear – no EKG, EEG is flat-lined, no pulse, can’t fog the mirror,expired. In the cat and mouse game between antivirus and the virus, the mice have won and although the timing of the victory is nebulous the causation is definitely discernible. The industry of producing malware, that genre of software which includes pop-up ads, spyware, webpage hijackers and the ubiquitous catchall phrase, “virus”, is no longer cottage in nature. Indeed, producing antivirus-avoiding, PC-controlling code is the stuff of Madison Ave. Identity thieves and (increasingly more prevalent) our enemies abroad. An army of miscreants against a handful of over-matched, reactionary antivirus manufacturers who should just tap out of this cage fight.
A Brief History of Malware:
How we got here is a tale of the best and worst of the internet. In the beginning viruses served no purpose other than producing notoriety for the writer. They were mostly written by sociopaths with an eye towards creating havoc and a name for themselves, like having a star named after them. Their vectors (delivery mechanism for infecting machines) were infected programs on disks that were passed from PC to PC and email attachments. We survived this phase partly because these types of viruses were self- eliminating since they usually took down their hosts and had little or no self-replicating mechanism.
Then came the worm. The sole purpose of these devices was the spread code from machine to machine. Bragging rights were measured in total computers infected. Although most of these worms were insidious in nature they were significantly less lethal, as the purpose was to infect as many PCs as possible while minimizing detection.
The next critical stage to virus development was the ability to raise the virus’s level of authority to that of an administrator.
With self-replication and self-promotion in place the only remaining element missing was a raison d’etre. Without a reason to exist, viruses were detectable and controlled by antivirus software. With the explosion of the internet and internet advertising, virus code developed into a profit motivated, highly adaptable industry capable of sidestepping antivirus efforts with relative ease. First came the pop-ups – “buy a Ford” “save at Citibank”, etc. It was no accident that these first nuisances were for fortune 500 companies. They were the ones producing the code! (or at least their ad agencies were responsible). How were these pop-up “programs” distributed? Well, how about a smiley face for your email or a nice screen saver? These methods are still a popular method for getting the code out.
Interestingly enough the antivirus industry deftly sidestepped the notion these programs were indeed viruses choosing instead to re-label the term “PC virus” to NOT include pop-up software then blame the problem on the browser. Then came the spyware (records browsing habits for marketing) and homepage hijacking (come surf our sites). Each time a new method of PC misery was discovered the antivirus industry calculated a new way to describe the malady as something other than a virus. And though they have made futile attempts to wrangle in the growing caldron of caustic code, they have basically painted themselves out of the PC maintenance business. This has given rise to the spyware management business as a supplement to antivirus. But with the estimated 20 million versions of malware on the market these tools are not likely to stem the tide. The growing popularity of “rootkits”, which are sophisticated programs capable of controlling the entire boot process of the PC before any AntiAnything can be loaded, clearly indicate that the host-based AntiAnything is a waste of money and effort.
Finally, if you think migrating to a mac is the panacea then you are sadly mistaken. Macs are just as susceptible to rootkits as PCs, and an unprotected mac can be infected just like a PC. The only difference at this point seems to be the market penetration of the Mac vs. the PC. You won’t find SuperBowl commercials showing on you local access cable channel!
What now?
We have not thrown in the towel on protecting PCs from intrusion, we just need to change our tack. We must begin to examine the vectors that cause our machines to become infected and react accordingly. You have often heard me discuss the importance of good internet “hygiene” and there are still way too many who “inadvertently” click on that link that they know could “get them” but they clicked anyway. The internet/hosting industry has made significant strides in identifying worm, spambot and other suspicious activity and shutting it down. Sophisticated routers with built-in protection against virus and other malware were once only available in high-end equipment. This protection has made its way to the Small Business and eventually will reach the Home Office and residential customer. Stopping the spread of disease programs has migrated from host back to internet where they were born.
As for the AntiVirus software manufacturers,
can we have a moment of silence please….
In the meantime, Networks Plus has developed a method of removing ALL malware from an infected PC, including rootkits, without destroying your data or your programs. If applied early it has a 99% success rate and is 100% guaranteed! If you suspect that you have fallen victim to the increasingly sophisticated malware, please give us a call today.