| The Reference in Independent Anti-Malware Advice and Information
Subscribe | Log in

The lack of basic security and good consultancy in a world dominated by an economical crisis

Why basic antivirus is not failing.

 A lot has been written and said about antivirus products seemingly failing these days to protect users against advanced persistent threats or specific targeted attacks. The anti-virus industry seems not to be able to detect threats like Stuxnet, Duqu, Flame or even recently Dorifel in time. Media and press called some of those attacks acts of cyberwarfare. Richard A. Clarke, an internationally-recognized expert on security, defines cyberwarfare as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.” But there are loads of other definitions. However, it is clear that cyberwarfare consists of many different threats ranging from sabotage to espionage and national security breaches to attacks related to the critical infrastructure of a region or country. The malware used is most likely developed at least by an organization with a lot of money and is related to the first signs of what could be called cyberwarfare.

So, several companies and the general public were claiming that we all were too late in stopping these threats. Looking at the case of Flame the AV industry found out that we already had some samples of it when the news became public, but we were not aware of it. The samples have never been verified as being malicious before. Also Stuxnet went undetected for over a year after it was found.

So, the question might be the following: Is the anti-virus industry ready for the next battle? Can we all, with our tight consumer antivirus industry related budgets, be up against targeted malware or APT’s created by organizations with a lot of money?

Bruce Schneier has his own ideas about it: He claims: “It isn’t just the military that tests its malware against commercial defense products; criminals do it, too” and “this is the never-ending arms race between attacker and defender, and it’s been going on for decades. Probably the people who wrote Flame had a larger budget than a large-scale criminal organization, but their evasive techniques weren’t magically better.”

It’s not about budgets? Well actually it is, we think. But we also think the problem is not always related to basic security or the anti-virus products. I’m pretty sure that if the organizations or companies which were attacked in the past by threats, like Stuxnet, Duqu or Flame, had more layers of security in place, the problem would have been completely different. What if the AV products were implemented in a different and optimized way? AV-products are usually designed for widely spread broadband attacks. It can give comprehensive baseline protection. We’ve seen optimized multi-layered security approaches but it’s not as common as we all think. Why spend money on highly skilled security professionals that can tune the basic antivirus products and other security layers and measures? The lack of the necessary good consultants that can optimize security in a lot of occasions seems the basic reason why basic antivirus sometimes fails, at least in companies or organizations. AV-products are often poorly configured and we are not alone with this opinion as a study from Opswat confirms.
The combination of tuned basic antivirus products, separate secured networks, VPN’s, IPS, hardened systems, encryption, multi-factor authentication, a good security policy, improved and skilled consultancy and above all security awareness amongst everybody is a basic necessity these days.

It’s not always the problem of the AV industry or the AV products failing – we are improving and do have new technologies on board (eg. BankGuard which can block Man-in-the-Browser attacks) built with our tight budgets, but it’s all about what the companies and organizations do with them! Use your security in a good way. Use our products in an optimized way. The only problem we fear is that the economical crisis could become a bad actor in this whole process. If this crisis continues will companies and organizations still have the money to invest in this?

This article was originally posted at the G Data SecurityBlog.

Comments are closed.