Paper: Hype heuristics, signatures and the death of AV (again)

Posted by   Virus Bulletin on   Aug 7, 2015

David Harley responds to anti-malware's many criticasters.

Anti-virus is dead. After all, in the current threat landscape, who would use a system that relies on signatures of previously seen malware?

At least, that's what many security experts claim. ESET Senior Research Fellow David Harley has a long history in the security industry — so long that he might even remember the days when anti-virus was indeed purely signature-based — and he has heard it all before.

In an opinion piece published by VB today, David responds to many of the criticisms of the anti-virus industry (or, as it has long been called, the anti-malware industry), pointing out that the assumptions the critics make about how anti-malware products work and what they aim to do, tend to be wrong. He also urges marketers, both inside and outside the anti-malware industry, to make it clear to users that they shouldn't rely solely on anti-malware solutions to protect them against infection.

You can read David's piece here in HTML format or download it here as a PDF.

Posted on 07 August 2015 by Martijn Grooten



Latest posts:

Throwback Thursday: Giving the EICAR test file some teeth

The 68-byte EICAR test file plays as important a role today as it did 19 years ago. In this week's Throwback Thursday we look back at a VB99 conference paper in which Randy Abrams described how this 'miracle tool' worked and how it could be used.

XMRig used in new macOS cryptominer

A new piece of cryptocurrency-mining malware on macOS has been found to use the popular XMRig miner.

Tendency for DDoS attacks to become less volumetric fits in a wider trend

CDN provider Cloudflare reports an increase in DDoS attacks targeting layer 7 and focusing on exhausting server resources rather than sending large volumes of data. This fits in a wider trend.

Turkish Twitter users targeted with mobile FinFisher spyware

Through fake social media accounts, users were tricked into installing an Android application that was actually a mobile version of the FinFisher spyware.

Hide'n'Seek IoT botnet adds persistence

The Hide'n'Seek IoT botnet has received an update to make its infection persist on infected devices beyond a restart.