So, several companies and the general public were claiming that we all were too late in stopping these threats. Looking at the case of Flame the AV industry found out that we already had some samples of it when the news became public, but we were not aware of it. The samples have never been verified as being malicious before. Also Stuxnet went undetected for over a year after it was found.

So, the question might be the following: Is the anti-virus industry ready for the next battle? Can we all, with our tight consumer antivirus industry related budgets, be up against targeted malware or APT’s created by organizations with a lot of money?

Bruce Schneier has his own ideas about it: He claims: “It isn’t just the military that tests its malware against commercial defense products; criminals do it, too” and “this is the never-ending arms race between attacker and defender, and it’s been going on for decades. Probably the people who wrote Flame had a larger budget than a large-scale criminal organization, but their evasive techniques weren’t magically better.”

It’s not about budgets? Well actually it is, we think. But we also think the problem is not always related to basic security or the anti-virus products. I’m pretty sure that if the organizations or companies which were attacked in the past by threats, like Stuxnet, Duqu or Flame, had more layers of security in place, the problem would have been completely different. What if the AV products were implemented in a different and optimized way? AV-products are usually designed for widely spread broadband attacks. It can give comprehensive baseline protection. We’ve seen optimized multi-layered security approaches but it’s not as common as we all think. Why spend money on highly skilled security professionals that can tune the basic antivirus products and other security layers and measures? The lack of the necessary good consultants that can optimize security in a lot of occasions seems the basic reason why basic antivirus sometimes fails, at least in companies or organizations. AV-products are often poorly configured and we are not alone with this opinion as a study from Opswat confirms.
The combination of tuned basic antivirus products, separate secured networks, VPN’s, IPS, hardened systems, encryption, multi-factor authentication, a good security policy, improved and skilled consultancy and above all security awareness amongst everybody is a basic necessity these days.

It’s not always the problem of the AV industry or the AV products failing – we are improving and do have new technologies on board (eg. BankGuard which can block Man-in-the-Browser attacks) built with our tight budgets, but it’s all about what the companies and organizations do with them! Use your security in a good way. Use our products in an optimized way. The only problem we fear is that the economical crisis could become a bad actor in this whole process. If this crisis continues will companies and organizations still have the money to invest in this?

This article was originally posted at the G Data SecurityBlog.