How Antivirus Companies Are Hacking the Truth -- and Making Us All More Vulnerable Many companies tout detection rates north of 99 percent. They aren't just over-confident, they're deceitful.
By Steve Subar
Opinions expressed by Entrepreneur contributors are their own.
Each day, tech researchers encounter and catalogue more than 350,000 new instances of malware -- the malicious software that's designed to damage computers or steal personal information. Consumers and businesses alike believe their antivirus systems are vigilant enough to ward off these mounting threats. But they're wrong.
Related: Ex-Employees Say Antivirus Giant Faked Malware to Damage Rivals
The fact is, today's approach to fighting malware is hopelessly ineffective, and antivirus vendors conceal this reality. Fortunately, the threat posed by increasingly sophisticated malware is surmountable. But, in order to succeed, antivirus companies must start working on technology that actually keeps users safe.
The reason is that it's no secret that the dangers malware poses are changing and intensifying at lightning speed. Even at tech-savvy organizations -- Equifax, Yahoo and Uber, to name a few -- system breaches have become common, enabled, most commonly, by malware.
Somehow, the antivirus industry still remains confident. Leading firms continue to market their pricey software by promising "total protection" and "tried and tested threat prevention." Many tout virus detection rates north of 99 percent.
Related: 7 Surprising Places Hackers Hide
These claims aren't just over-confident; they're deceitful.
Why "99 percent" isn't as good as it sounds
Consider the sky-high detection rates so proudly advertised. While "99 percent" sounds impressive, a failure rate of just 1 percent equates to admitting to over 1.3 million potentially disastrous viruses infecting endpoints and networks in the course of a year; any one of these could destroy a business or compromise millions of identities.
What's more, claims of high detection rates -- even if they're valid -- don't reflect an antivirus vendor's competence in identifying malware, but rather how well that vendor fares in identifying malware already flagged by Google's VirusTotal (a crowdsourced service aggregating antivirus engines from more than 70 companies).
Antivirus firms subscribe to VirusTotal, agreeing to lend their wares to the collective effort for scanning files submitted by users. But many subscribers abuse their access, relying almost exclusively on VirusTotal for malware detection, thus concealing their own products' weakness.
That's no different from using Google search to answer difficult questions and then trying to monetize your borrowed expertise.
Even more egregious is the industry's refusal to admit that its current approach is irreparably flawed. Today, most antivirus software is based on a two-stage approach that starts with detection and ends with remediation, accomplished through isolation and removal.
Detection-remediation, though, is actually a losing strategy. Antivirus scanning can detect only known viruses. Yet more than 350,000 unknown pieces of malware -- including malware leveraging "zero-day" exploits -- are unleashed daily. Even with the latest artificial-intelligence tools, antivirus programs regularly fail to identify zero-day viruses and issue scan reports rife with false positives.
In other words, hackers already have the upper hand on antivirus makers. And that advantage will only grow more formidable as zero-day viruses proliferate.
What's an entrepreneur to do?
Antivirus companies recognize the hopelessness of detection-remediation, of course. But they'd rather feign confidence and hide behind their "99-percent detection" rates than admit that they're incapable of keeping their customers safe.
So, what are the takeaways for entrepreneurs looking to protect their businesses? There are three:
- Don't fly by the seat of your pants. Have a security policy to guide you so you can benefit from your cybersecurity investments in software, services, and personnel.
- Understand the extent of your corporate presence and where your critical assets live -- on your LAN, across the web and in the cloud.
- Ask yourself: Are you more interested in detection or actual protection?
There are a variety of ways to defend your perimeter -- and not just with firewall and router configurations or network traffic monitoring. Most breaches are not brute-force attacks on the perimeter but are facilitated from within. How black hats, malicious hackers, really attack is by getting malware onto your network and endpoints with phishing emails or downloads from infected websites.
So, fight back: Consider solutions that couple "default-deny" with "auto-containment" to achieve maximum security while preserving productivity.
Auto-containment allows users to open unknown files and run unknown scripts in a lightweight virtualized environment. This approach dramatically reduces risk of infection and exploitation, as, even if a file is malicious, its attempts to modify critical system resources will only impact a "shadow system." Plus, auto-containment lets users remain productive during the "verdicting process," by which cloud-based systems, assisted by artificial intelligence and supplemented by human analysts, determine whether an unknown file is genuine malware or not.
The much maligned "default-deny" security posture is another technique that can protect against unknown threats. Default-deny has long been favored by cyber experts, as it blocks all unknown files from opening or executing, thus preventing malware from penetrating a network or taking residence on a computer. Historically, default-deny hindered usability. However, when auto-containment is combined with default-deny and rapid verdicting, users' work is unimpeded -- and systems remain safe.
Related: Why We Need to Worry More Than Ever About Getting Hacked
IT users typically look to antivirus industry vendors. But these vendors, with their detection-centric strategies, are clearly losing the fight against malware, whatever the provenance.
When will antivirus companies finally admit that detection is not protection, and rethink their approach to fighting malware?