The future of antivirus software

In its January-February 2009 issue, Infosecurity magazine asks whether traditional antivirus software is on its way out?

The article’s initial reasoning leads us to believe that, at first glance, traditional antivirus technology, based on file analysis, is dead and destined for the ” dustbin of computer history “. He cites figures from Gartner, which in 2007 assessed the enterprise anti-virus software sector as the only one to see its market share decline among all IT sectors, with the purchase of separate anti-virus software being increasingly abandoned in favor of the acquisition of more comprehensive security solutions in which anti-virus is only one component.

Indeed, when data transited mainly via floppy disks or small networks, and a few thousand viruses were in circulation, the use of antivirus software was justified. Nowadays, we’re treated to literally millions of new pieces of malware every day, in a variety of encrypted, polymorphic or obfuscated forms. Signature-based identification has become an insurmountable task, and most antivirus software publishers devote their most important resources to heuristic analysis.

In addition to the sheer quantity of malware, which is already immeasurable, there is also the sheer diversity of malware that users have to contend with. The article notes that viruses in the classic sense – i.e. linked to an executable file, delivering a charge and copying itself each time the file is launched – only account for around 5% of malware in circulation. An antivirus-only product is no longer enough: customers want software that detects and neutralizes viruses, spyware, adware, Trojans and all other forms of attack. More and more manufacturers are offering integrated solutions that include, for example, anti-virus for gateways (the entry point to the corporate system), anti-spam, intrusion detection, firewall, Web filtering and VPN setup. The eSoft company, for example, offers a solution of this kind.

Theoretically, such an infrastructure is sufficient to secure a system without the need to install antivirus software. This is without taking into account the end user, who will carelessly plug an infected USB key into his or her workstation, thereby endangering the system. All it takes is one infected key, one compromised workstation and the whole system is compromised. It is therefore still necessary to protect the user’s workstation, the system’s weakest point. The protection system must therefore also be brought down to the level of the potential threat, in this case the USB key or other mobile device. Conventional antivirus software can provide a solution, although we still come back to the problem of signature-based recognition of constantly mutating malicious code. The ultimate goal is to provide the user with a complete security suite in line with the organization’s security strategy, both online and offline. If the mobile device used (USB, wireless devices, etc.) cannot comply with this strategy, they must be prevented from accessing the network.

Finally, the article concludes by noting that IT security is increasingly standardized and treated as a service. Cloud computing, i.e. the end of companies owning their own hardware infrastructure, is an increasingly popular solution. Companies no longer want to get involved in the complex security management of their e-mail and messaging systems. In 2008, cloud computing accounted for 20% of the sector’s sales, according to a Gartner study, which forecasts a rise to 60% by 2013. IT security then becomes a service available on the Internet: no need to buy anti-virus software, just entrust your security to specialized service providers who can tailor their services to your needs and specifications. Antivirus software won’t disappear altogether, but it will work silently in the background at these outsourced service providers.