Last week NBC ran an article essentially calling antivirus (AV) dead.
Antivirus prevention is still an essential part of cybersecurity. “Viruses are no longer the biggest threats for most users, particularly now that software updates itself automatically and so much personal computing happens over the internet.” This is the subheading that leads into a lengthy piece about a single cybersecurity expert’s revelation that his father was paying for multiple layers of protective software.
The death of “antivirus” has been the chatter around the virtual tech water cooler for a while now. We don’t use the term any longer; not because viruses are obsolete but because there are more sophisticated methods of attack. As the article points out, most OS now uses a form of blacklist antivirus. Phishing and poor password hygiene are way more likely to be the culprit in a hack.
But the blacklist antivirus coupled with shoddy passwords and a misunderstanding around phishing can all lead to a hack. It DOES lead to hacks, as we’ve seen throughout the news, and they aren’t slowing down. A blanket headline stating to stop paying for antivirus can be a dangerous lead in to further poor practices.
Traditional Antivirus Prevention is Based on Blacklist AV
Traditional AV is built on a blacklist, which means it hunts viruses down and blocks them. Collectively we agree that’s the most ineffective way to go. But application whitelisting is underutilized. Even though the consensus is that application whitelisting is the most effective form of protection, some people will hold fast to their antiquated ideas.
In the NBC article, the cybersecurity expert argues that a VPN is great for concealing data. And it is. But if you happen to leave an open RDP port a VPN isn’t going to help you. Two factor authentication could stop someone getting in that port, unless they’ve used an elaborate phishing scheme and gained viable credentials. Now they’re in and they’re installing some nasty stuff on your machines.
That’s where the application whitelisting layer shines. Even with authentic credentials, a bad actor still wouldn’t be able to install something unrecognized on the system. And if the user has a PC Matic product installed, the bad actor wouldn’t be able to delete the application whitelisting defense either. Application whitelisting is the strongest gatekeeper.
This is why prevention is still absolutely necessary in avoiding potentially expensive breaches and hacks. Sure, there are mitigation products on the market that will clean it up once someone’s in, but is that really the approach you want to take? Isn’t it easier (and less expensive) to use a proven prevention product?
So is antivirus dead? Yeah, in the traditional sense. But prevention is still key. My advise to the horrified cybersecurity professional hoping to save his dad some money is to invest in a prevention product. Application whitelisting is it. The security layers in nicely with that VPN and two factor authentication he’s touting.
Photo by Towfiqu barbhuiya on Unsplash