Why basic antivirus is not failing.
A lot has been written and said about antivirus products seemingly failing these days to protect users against advanced persistent threats or specific targeted attacks. The anti-virus industry seems not to be able to detect threats like Stuxnet, Duqu, Flame or even recently Dorifel in time. Media and press called some of those attacks acts of cyberwarfare. Richard A. Clarke, an internationally-recognized expert on security, defines cyberwarfare as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.” But there are loads of other definitions. However, it is clear that cyberwarfare consists of many different threats ranging from sabotage to espionage and national security breaches to attacks related to the critical infrastructure of a region or country. The malware used is most likely developed at least by an organization with a lot of money and is related to the first signs of what could be called cyberwarfare.
So, several companies and the general public were claiming that we all were too late in stopping these threats. Looking at the case of Flame the AV industry found out that we already had some samples of it when the news became public, but we were not aware of it. The samples have never been verified as being malicious before. Also Stuxnet went undetected for over a year after it was found.
So, the question might be the following: Is the anti-virus industry ready for the next battle? Can we all, with our tight consumer antivirus industry related budgets, be up against targeted malware or APT’s created by organizations with a lot of money?