Thinking About Antivirus (Computer Vaccine) Are They Useless?

Recently, I saw a noticeable article on security. It was an article that mentioned the uselessness of antivirus called computer vaccine. Since I have been working in the security industry for almost 90% of my social life. I could not resist myself from writing a blog about it.

It is true that antivirus is called a vaccine. Of course, my company uses Kaspersky, and Microsoft's default Windows Defender as an antivirus. Overseas, many companies like Symantec's NAV (Norton Anti-Virus) and avast are also used. There are many antivirus products out there, and it's true that they are available for free and for a fee.

Antivirus has evolved significantly since its early days. In the past, the scan rate was slow and the update of the virus database was slow. Recently released products, which have been steadily gaining popularity, are fast and also update the virus database regularly. Of course, it is true that overseas anti-virus products receive higher evaluations than domestic anti-virus products, but domestic products have strengths in speed and overseas products have advantages inaccuracy. And nowadays there are a lot of products called next-generation antivirus.


Limitations of Traditional Anti-Virus Solutions with Signature Matching
But the limitations of antivirus are clear. Anti-virus methods are traditionally pattern matching through signatures. It makes a signature of malware and compares the signature with the file and catches the same or more than a few percents. Therefore, the condition can be detected only when the malware signature is present. In other words, unknown/ new malicious code has a disadvantage in that preemptive response is impossible unless someone infects or reports and analyzes a pattern and extracts a signature. This is an enduring problem with current anti-virus solutions with signature matching, and a common problem with all signature matching solutions.

Nowadays, many virus signatures make it easier to analyze similar types of modified malware. They write virtualization techniques and analyzes them through machine learning, so it's certainly faster than ever. However, there is a disadvantage that it is difficult to preemptively respond without someone's report. Of course, if you do not update, the database is useless. And while signature database updates are faster, new malware is growing faster than that. Since new malicious code growth is faster than the signature DB update rate, real-time response is difficult, so vaccine use theory keeps coming out.

Next-Generation False Positives And Performance Limitations
And I talked about traditional methods earlier, but nowadays, it's hard to talk about them because antivirus solutions come from a mix of next-generation and traditional methods. Traditional methods typically only detect if the signature is 100% or 98% or more matched. As a result, there is a chance to get a false positive out. Our next-generation antivirus method seems to use the signature matching method as well. Since similar signatures are automatically generated and matched, a similar signature is often a normal pattern, and thus there are many false positives. The next-generation method uses an algorithm that catches modifications of existing malicious codes as well. However, it is a method to compare the signatures that are expected to be modified by internally rotating the algorithm based on the registered signatures rather than the signatures registered in advance. False positives often occur because the variant signature may not be a malware signature. The same is true of behavior-based antivirus solutions that rely on virtualization to recognize and discover behavior. Since it is found through a defined action route, it is not much different from signature matching. False positives are a bit less but the solution is relatively slow. Of course, the performance of PCs is getting better these days.

For this reason, it's true that antivirus solutions make a lot of sense. So is antivirus useless? No, without it, more troublesome things can happen. First of all, still there is a lot of malware on the Internet that we think. However, current anti-viruses can take care of all existing malware, so they still in the picture. If you don't use an anti-virus solution, your devices can be infected by malware that infected many devices a decade ago. If you are infected with (C) Brain or Dark Avengers, the representatives of the first generation of malware that you now think are gone. How absurd would you be? The various hacking incidents that have occurred in the last few years suggest that anti-virus solutions are important if you think you've been hit by old malware instead of new ones.

Also, no matter how well a user defends and cares about using a PC, it is difficult to control even malicious code executed through an automatic script on a web page. Many ransomware infects the users this way, it is not a user problem but a web service server problem and an administrator problem. If you don't have real-time antivirus protection, you're just going to face it. For this reason, antivirus might be a mere presence.

Vaccine Uselessness Theory is Nonsense
I think we should think about how to respond based on the above. It is true that traditional signature matching antivirus solutions cannot cope with future malware. However, the old malware is still lurking around and can be infect the device without the user's will, so it's anxious without a missing antivirus. The next-generation antivirus solutions have many false positives, but to some extent, they can respond to new malware. Nowadays, it is a good idea to use a combination of the next generation and the traditional method, so that even if you don't talk about it, you can use it together. In other words, antivirus uselessness is ridiculous. I'm always careful about new malware and constantly update my signature database against existing malware, so I think it's best to keep it up to date.

Comments

Popular

5 Steps To Protecting Your Digital Home

Document Security System To Prevent Confidential Leakage

Safe Mobile Payments And Banking Tips Hackers Hope You Don't Know