Symantec Admits Antivirus Is Dead


Finally one the big AV players admits what we have known for awhile.
(AV Industry’s Dirty Little Secret)–PC Pitstop

Symantec Admits Antivirus Is Dead

By Stu Sjouwerman, for KnowBe4.com Security Awareness Training

An article in the Wall Street Journal of May 5, 2014 summarized what I have been talking about these last few years. 25 years ago, Symantec was one of the first IT security companies to develop commercial antivirus software to protect computers from hackers. Now the company says that’s no longer working. Antivirus “is dead,” says Brian Dye, Symantec’s senior vice president for information security. “We don’t think of antivirus as a moneymaker in any way.” Mr. Dye estimates antivirus now catches just 45% of cyberattacks.

Antivirus products try to keep the bad guys out of a computer. But hackers often get in anyway, using 0-day threats, social engineering and other tactics. So Brian Dye is reinventing Symantec; instead of protecting against the bad guys, he is now focusing on detection and response, following FireEye which recently paid $1 billion for Mandiant who act like hackbusters after a data breach.

Article continued here

This excerpt appears with permission from knowbe4.com.

176 total views, 2 views today

(Visited 42 times, 1 visits today)

33 thoughts on “Symantec Admits Antivirus Is Dead

  1. use avg since 1999 and it has always had as well as the other av programs the constant watching part of the program to catch anything starting with out your permission.
    so do the free firewalls.

    i use ie, i use xp pro sp3. but i have several other security programs i wont mention here i also use, but just put them all on timers and run them at different times that way you can keep your system fairly clean, and alway update the av and malware programs.

  2. Ari Berman I agree with everything you said except the words "bad guy." Most hackers are bad guys, most anti-virus companies are not. They are the guys on the dunk tank seat with the hackers throwing trojans/root kits/viruses/DOS attacks/zombies and other balls at their target.

  3. Generally no, but for somewhat different reasons. Claims by a vendor that are criminally false are an offense against society (hence a crime). As a result, the punishment is meted out society through its agent, the courts. If however, as a result of a false claim, a person was induced to buy something and that something resulted in quantifiable damage, compensation could be sought by the individual (a difficult and expensive process that favors the bad guy and in particular wealthy ones). So, in the case of Symantec, unless an individual can attribute specific losses and bring a successful suit against them (at which you would likely need prove you always had the latest security updates working), there is no compensation to be had.

  4. Living in S.E. Asia has taught me a few things about viruses. My sister in law is a typical example. She plays Farcebook and chat programs until her comp is near dead then has some comp company wipe the drive and reload the OS. Her AV prog is never updated and the infestation of viruses is absolutely unreal. Getting a photo image from her comp via a thumb drive, numerous scans from several AV progs turned up 10 different viruses. At a guess, most computer ‘victim’ users are just like her and they are legion!

    There is no perfect Av prog. Get over it. You have a complete back up of your new OS off on a different drive. You discon from the net and you run several AV progs at least twice with the comp booted to bare bones then run a full back up to that drive on a regular basis. You run several AV progs regularly (and have them scan that back up just for the heck of it) and you wait for a virus to slip in anyway.

    Don’t expect to be safe. Expect to drop to that back up and be happy joy joy each day you don’t need to. Take sensible precautions like never have autorun or autoplay on any drive or media, avoid suspicious web sites, and don’t hesitate to report even your own sister in law and a spammer-virus spreader.

  5. If I used Symantec, I’d also think AV was worthless. I guess it’s better than McAfee, but so is getting kicked in the junk.

  6. Use a program called Hostman from http://www.abelhadigital.com The program basically allows you to use windows week spot the hostfile to block from people (like mvps) that have compiled list of websights they deem "not good". The program also blocks Adds that are generated from google, and other pages, as well as people that are trying to link you to bad sights. In order to check out a add google wants you to look at you can just instead go directly to the companies websight, by doing a google search. I currently have about 529,370 host (websight links) blocked, after I added all seven host list souces. So far I've found it works rather well at helping me, or if you have a family, or roommates from getting on some shady websights. This program is pretty much a free way of whitelisting, or blocking websights.

  7. I'll follow up on this as both an IT and a Tech agent. I'm not kind with words. I'll use the terms coined in the comments before me as the analogy.

    Your blacksmith for the sword, in this case, Symantec; told you that your sword would help defend you against attacks and allow you to wield it strongly. In comes the virus, IE, an arrow. Your sword, being mighty and whatnot, has the chance to deflect this sword against the skill of the archer. But, the better the archer, the truer his arrow will fly.

    To think that your sword would deflect all arrows would be downright foolish of you as a warrior, so why would you as a consumer, allow yourself to believe a program would keep you 100% safe? Not even condoms are 100% effective.

  8. Chuck Clausen Thanks! Someone else said it is nice. In the business world, nice is always a side effect 🙂

  9. But Eddie, it matters little whether it's "nice" or not. The important thing is, what you said is true.

  10. Brian F. Stephenson It depends. Most reputable anti-virus people warn you that they can't protect against all viruses. Heck, when you get a flu shot, you know you can still get sick.

  11. Brian F. Stephenson – It's because VIRUSES are not static and unchanging. They are polymorphic and sentient because sentient beings (humans) who are very smart people are thinking up new ways to beat the system daily. At some point a AV company is going to hit 'critical mass' and is willing to admit it unlike drug-addict criminal CEO's from McAfee.

    Symantec is taking a bold next step and is doing a 'sea-change'. That means they are 'throwing out the baby with the bath water' and will be attacking this problem a DIFFERENT way. A way the hackers are probably not prepared for and will have to think up new defenses for.

    I'm pretty sure it will involve an unholy alliance with certain entities that are more effective at impacting these cretins lives on a physical level. I just hope that it does not involve hiring 'certain people' our US government hires to handle such difficult things. That would be like deploying a nuclear bomb to take out an annoying fire-ant hill. They could do it but it would be over-kill and would dry up the AV profit margin. Like what would morticians do for a living if people stopped dying? So it's unlikely they will stop hackers all together. Just force them into an uneasy (another unholy) alliance (secret partnership?) with the AV companies – arguably like the good old days?

  12. Arizona Coleman – There's a reason why Google Chrome is worthless (and one of the worst offenders). Look up the early beginnings of Google and who helped them come into being (i.e. InQTel?). Then look up the history of a certain US intelligence agency and the prerequisite built-in Trojans into certain programs and OS imported overseas. The NSA says they will never use them on domestic Americans. Hmmmm… So I guess hackers will never discover and exploit them? Yea right!

  13. Brian F. Stephenson – No, in this case Symantec's made you a "sword" with no actual guarantees of 100% success (if so please cite them here). Then your opponent discovers a new technology called body-armor. The sword-maker admits that body-armor is too much for it and decides to change the sword into something else so as to get around the body-armor… like germ warfare (i.e. sea-change?)? It's not false advertising. It's that the opponents are getting to be too smart for ALL sword-makers. Why? Because some of the opponents are disgruntled ex-sword-makers. Case in point: What ever happened to that old AV company staffed mainly by Russian and Bulgarian programmers? Doctor something or other? MAYBE they took on a sea-change too and decided it was more profitable to be virus-makers rather than virus-fighters.

  14. I got the conduit trojan, it was horrible to get rid of, just about wiped my system out, I work on computers so I know when to call it quits and reformat the drive and start over…I have had to do that so many times with peoples computers, literally ate up with trojans….you spend hours getting the stuff off then it collapses into chaos…then the format and reinstall..but most people will not run a basic antivirus…Kaspersky is good but drags the system down unless its a quad or later core system. I use Avast plus Malwarebytes to run scans with both.

  15. No, in this case it would be like suing a sword maker, because he said BEFORE YOU BOUGHT THE SWORD that the sword would kill your opponent, and when the time came, it turns out the sword is made of toilet paper. FALSE ADVERTISING.

  16. Many of us are not 100% computer savvy. For example, I read some blogs with their nice ‘posts’ and still am confused about most of it. In the case of “anti-virus”, as this article does explain, where does this leave us? Should we still use an AV, along with an antimalware program? Or is there anything us nerds – in simple terms – can do? At 73, retired and living on S.S. – I love to exchange email and play a couple of games. But is this even safe anymore? Any [real] answers that honestly help will be greatly appreciated. Thank you. Sonny

    • @Sonny Shipley:

      Hopefully I can help.

      The problem isn’t that antiviruses don’t work, but they are never 100 percent perfect, with a chance of missing stuff or classing a non viruses as a virus. However, you should still have an antivirus as it is far more risky using a computer/internet without one.

      Another thing to note is most infections are usually due to the user e.g. opening an attachment in an email from an unknown sender, clicking a link in an email from an unknown sender. The problem is a lot of people don’t realise that their antivirus isn’t perfect so they take risks they probably wouldn’t take. The biggest danger to an antivirus is it’s users really.

  17. great. I want my money back for the McAfee I spent on my new laptop that crashed not 6 months later due to a virus that was supposed to be protected against. It seems to happened to me frequently no matter what anti-virus program I use. I also want McAfee to pay for the repairs to my laptop.

  18. I disagree with JR Namida that this situation is analogous to the release of Office or IE. Neither claimed to be software designed to protect a computer from virus or cyberattack, they were applications with different purposes. The fact that those programs (and their operating systems) could be cyberattacked is one of the reasons that antivirus programs existed in the first place The issue is Symantec, McAfee, etc. have been selling a product that they claim would protect us from cyberattacks, and now Symantec "admits" that this is no longer possible in a practical sense. My question is, when did antivirus software stop being reasonably effective, and did the software sellers still advertise and sell their products after knowing their relative uselessness? That is false advertising and a defective product.

  19. chrome is worthless too! i had an i.t. tech tell me that the conduit trojan i was infected with is bundled into both the chrome and torch browser [installer]. [2: i also use firefox and nowt else.]

  20. Claude St. Romain Jr. – If this was the situation Microsoft would owe trillions as their both Windows and Office products are always released as defective or with the open door policy to hackers. Internet Explorer has always been a malware magnet, that will never be fixed. Most aware Consumers already know to use another web browser to stay under the malware radar instead of using I.E.

    • @JR Namida:

      Microsoft wouldn’t owe anyone any more than any other software and OS provider. IE and Office act as magnets because they have a huge share of users and are the big names, so hacks target them. If someone else were the big name, than the hacks would go after them. The hacks simply go after the biggest target, that they know will have the most users.

      The only way to “fix” IE being a malware magnet would be for some other browser to become the most widespread… and that wouldn’t fix anything, it would only change the target scriptkiddies go after.

      That hardly qualifies as “releasing defective products.”

      *Disclosure: I personally use Firefox and OpenOffice.*

    • Several days after the announcement by Brian Dye, it was admitted that the comment was a publicity stunt – albeit a rather stupid publicity stunt. The article can be found on the Engadget website explaining this in detail. The recommendation is that although there is no antivirus that will give it’s user complete safety – it is better to have some protection than none. Most critics pan the comment by Mr. Dye as being completely irresponsible!

      • @Chet Lynch: So Brian Dye is the Donald Sterling of Antivirus manufacturers??? Just a mouth out of control, or is he really showing us what the industry thinks of the products it is advertising to people? “Some protection is better than none” is no resounding advice, I suspect in a thunderstorm that being covered in paper towels is probably better than just standing in the rain naked, but is it really “better protection” than none? It comes down to, how much protection does the product I buy from Symantec really give me, as compared to what they advertise. It sounds like there is a significant difference between the two.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.