Anti-virus software is dead said Brian Dye, a senior executive at one of the world’s premier security companies, Symantec, who made this famous pronouncement during an oft-quoted Wall Street Journal interview in 2014. The comments made by Dye (now of Intel Security) were unexpected and perhaps slightly out of context but it was still bracing for an executive at a giant of security to even hint at the idea that the anti-virus protection that enriched his company might now be yesterday’s technology.
And yet, behold, the anti-virus software industry Dye spoke of still goes form strength to strength with a small clutch of specialist firms based in Eastern Europe now among its most successful global stars. Why Eastern Europe? That is a mystery and probably has something to do with the ability of former Soviet nations – Russia (Kaspersky Lab), the Czech Republic (Avast and AVG), Slovakia (ESET) and Romania (BitDefender)- to turn out first-class software engineers or simply a long-term mentality that has turned out to be better suited to the challenges of the security industry than the US model of following the money. It seems like a hundred other US startups are happy to declare anti-virus dead too although what they replace it with sounds to cynics like a speculative attempt to reinvent the same thing in new clothes.
To this day, only one of the Eastern European brands is not privately owned, AVG, which went public in 2012 and might be regretting that decision.
One name that typifies this long-term outlook on this industry is ESET. Started unofficially in late 1980’s Communist Czechoslovakia when private enterprise was still illegal, the firm finally got its official start in 1992 after that system’s demise. From a handful of programmers in what in early 1993 became the new capital of Slovakia, Bratislava, the company has quietly grown into one of Europe’s largest software security firms with almost 1,100 employees (behind only Kaspersky Lab). Unflashy, engineering-focused and with the trick of still feeling like a small company, doubtless its six core founders could have sold out many times but have, mysteriously, decided not to.
The UK has no security firm that compares with ESET whose headquarters sit in an unassuming tower block near the banks of the Danube in one of the Europe’s smallest capital cities, with barely 500,000 inhabitants, about the size of Edinburgh. Could a UK city of this size create a company of nearly 1,000 or more souls making complex software products? Despite 300 years of Capitalism to Slovakia’s less than 30, the evidence suggests not.
Next: the changed face of anti-virus
Is anti-virus dead? - the changed face of anti-virus
Put the idea that anti-virus is on its last legs to engineers at ESET and they will look at you rather blankly. After spending some time with the company’s engineers, and their bafflement becomes easier to understand. Viruses – replicating malware – went out of vogue well over a decade ago to be replaced by a zoo of newer malware forms, many of which rely on exploiting weaknesses in human understanding, gullibility and fear as much as any technical complexity to achieve their aims.
Anti-virus software isn’t dead, although it has changed, broadened and dramatically diversified. These days, malware protection on Windows PCs, Apple Macs, and mobile devices has been subsumed in a larger and more complex job of endpoint security which turns out to be a Sisyphean endeavour to keep up with. Today, far from being bits of isolated gatekeeper software that sit on PCs or mobile devices, security clients have become nodes on a larger intelligence-gathering system designed to spot, analyse and dissect new threats some times in minutes.
On a recent trip to ESET’s headquarters in Bratislava its engineers seem as busy as ever, perched in front of over screens, documenting ever more ingenious threats. Drop in on the malware analysis facility and it’s like entering the cloister of a religious order. Almost complete silence reigns as the predominantly male workforce disassemble the latest examples of malware from every corner of the globe, reverse engineering examples that are mostly very similar to what they saw the day before or the week before. But every now and then something new pops up and a deeper research trail begins that might last months. From the safe distance of a journalist’s notebook it all looks suspiciously like a job for life.
“Of course anti-virus is dead. We found out 20 years ago,” says ESET’s thoughtful CTO, Pavel Luka.
What changed the course of his industry and ESET was the realisation that spotting rogue programs using static signatures was a tiny part of a problem that was about to explode. Today’s PCs are more menaced by malware exploiting software flaws, by coded man-in-the-middle attacks on banking systems, by botnets and even by the user’s trusting attention span.
Below: ESET's researchers at work
Is anti-virus dead? - ransomware
ESET has turned the unpleasant field of ransomware into one of its specialities, turning up some particularly nasty examples in 2014 and 2015. On Windows, the firm publicised TorrentLocker, even discovering that more than 500 people had paid the ransom demanded by the malware’s authors.
According to ESET’s researchers, however, the real story has been the shift to mobile devices where people still, naively, see themselves as being beyond the reach of this kind of malware. In 2014 came Simplocker, the first mobile ransomware app to experiment with competent encryption, followed more recently by LockerPIN, an example that spread quite rapidly in the US this summer on third-party stores used to push cheap versions of apps. The trick this time was to lock the Android smartphone with a PIN, which is clever because it presented users with the choice of a paying a ransom or executing a factory reset to regain control over the handset.
Prediction: PIN screen ransom harassment could be the next trend.
Next: router malware
Is anti-virus dead? - router malware
Router malware is a fascinating and sometimes obscure trend in which criminals try to winkle specially-written infectors on to the gateways most home and small business users pay almost no attention to. One example, discovered last May, is Moose, a worm which infects Linux-based routers from firms including Zyxel, Netgear and TP-Link in order to commit social network fraud (i.e. like-jacking, posting links, creating bogus accounts).
Moose’s attack simply exploits weak default credentials although exploiting known software flaws in this class of product would have been another option. The motivation was probably to create a botnet of compromised devices that could be sold to third-parties looking to boost their social media presence.
It is this type of attack that is leading both router and anti-virus companies to extend security scanning to gateway devices, normally places where detecting attacks is incredibly difficult.
Prediction: all poorly-configured routers are now fair game.
Below: ESET CEO, Richard Marko
Is anti-virus dead? - Apple iOS attacks
Jailbroken iOS devices are a well-understood risk but what about malware capable of attacking mainstream iPhone users? According to ESET, there is ample evidence on darkwebs that malware criminals are now devoting unprecedented resources to attacking the high-value targets that use the platform. Recent examples include YiSPecter, which exploits private APIs to attacks non-jailbroken devices, a large cache of suspicion apps Apple removed from its App Store in September and a growing list of serious security flaws affecting iOS.
Prediction: a significant Apple mobile malware attack is a matter of time.
Is anti-virus dead? - surveillance software
Surveillance programs used by police and intelligence services around the world are a grey area for some simply because, unlike malware, they are legal for use against certain kinds of target. But no anti-virus product worth its name can’t try to detect them, which has led to some tension. The makers of surveillance software see anti-virus as helping the criminals spot their software which the anti-virus makers see distinctions about legality as irrelevant – it is not the software that is legal but its deployment against specific targets. With no accountability in this sector, the potential for abuse is obvious.
Prediction: this class of software is likely to expand even if the breaking of Hacking Team underlined how easily things can go awry.
Next: tech support scams
Is anti-virus dead? - tech support pop-up scams
Based on a long-established form of social engineering, tech support scams seem to be gathering pace once again. Typically, a user will be fed a pop up claiming to be from a security firm, warning of an imaginary infection and asking them to call a number. Assuming the user falls for the attack and phones the number, financial loss becomes highly likely.
Prediction: a new way for criminals to ensnare Mac users.
Below: Bratislava taken from ESET HQ
Is anti-virus dead? -banking Trojans
After ransomware, Trojans targeting online banking are probably the biggest threat facing the average user, especially on the expanding sector using mobile access. The attacks are getting sophisticated enough to deceive even systems secured with two-factor authentication, depending on the design of the second authentication factor. Simple techniques often work well such as over-the-screen phishing on mobiles.
Prediction: high net worth individuals will be specifically targeted while a growing number will go after virtual currencies such as Bitcoins.
Is anti-virus dead? - clean Software Alliance
A major issue right now is the way legitimate programs are being hosted on what looks like legitimate sites bundled with hidden adware, toolbars and other software crap no user wants on their system. Users should go to the developer’s site but often visit well-known download sites instead and get more than they bargained for. The Clean Software Alliance (CSA) is an attempt to get the advertising-supported software industry to play by some rules so that anti-virus vendors don’t end up (as is the case at present) branding them as malware.
Prediction: ESET seems optimistic but don’t hold your breath.