Is anti-virus dead? - the changed face of anti-virus

Put the idea that anti-virus is on its last legs to engineers at ESET and they will look at you rather blankly. After spending some time with the company’s engineers, and their bafflement becomes easier to understand. Viruses – replicating malware – went out of vogue well over a decade ago to be replaced by a zoo of newer malware forms, many of which rely on exploiting weaknesses in human understanding, gullibility and fear as much as any technical complexity to achieve their aims.

Anti-virus software isn’t dead, although it has changed, broadened and dramatically diversified. These days, malware protection on Windows PCs, Apple Macs, and mobile devices has been subsumed in a larger and more complex job of endpoint security which turns out to be a Sisyphean endeavour to keep up with. Today, far from being bits of isolated gatekeeper software that sit on PCs or mobile devices, security clients have become nodes on a larger intelligence-gathering system designed to spot, analyse and dissect new threats some times in minutes.

On a recent trip to ESET’s headquarters in Bratislava its engineers seem as busy as ever, perched in front of over screens, documenting ever more ingenious threats. Drop in on the malware analysis facility and it’s like entering the cloister of a religious order. Almost complete silence reigns as the predominantly male workforce disassemble the latest examples of malware from every corner of the globe, reverse engineering examples that are mostly very similar to what they saw the day before or the week before. But every now and then something new pops up and a deeper research trail begins that might last months. From the safe distance of a journalist’s notebook it all looks suspiciously like a job for life.

“Of course anti-virus is dead. We found out 20 years ago,” says ESET’s thoughtful CTO, Pavel Luka.

What changed the course of his industry and ESET was the realisation that spotting rogue programs using static signatures was a tiny part of a problem that was about to explode. Today’s PCs are more menaced by malware exploiting software flaws, by coded man-in-the-middle attacks on banking systems, by botnets and even by the user’s trusting attention span.

Below: ESET's researchers at work

ESET's researchers at work

Is anti-virus dead? - ransomware

ESET has turned the unpleasant field of ransomware into one of its specialities, turning up some particularly nasty examples in 2014 and 2015. On Windows, the firm publicised TorrentLocker, even discovering that more than 500 people had paid the ransom demanded by the malware’s authors.

According to ESET’s researchers, however, the real story has been the shift to mobile devices where people still, naively, see themselves as being beyond the reach of this kind of malware. In 2014 came Simplocker, the first mobile ransomware app to experiment with competent encryption, followed more recently by LockerPIN, an example that spread quite rapidly in the US this summer on third-party stores used to push cheap versions of apps. The trick this time was to lock the Android smartphone with a PIN, which is clever because it presented users with the choice of a paying a ransom or executing a factory reset to regain control over the handset.

Prediction: PIN screen ransom harassment could be the next trend.

Next: router malware