In a blog posted on Thursday, former engineer at Mozilla, Robert O’Callahan, warned users to ditch any legacy antivirus (AV) that isn’t Microsoft’s own Windows Defender.
In his blog, O’Callahan noted there is little evidence that non-Microsoft, legacy AV improves PC security.
“At best, there is negligible evidence that major non-MS AV products give a net improvement in security,” O’Callahan writes. “More likely, they hurt security significantly; for example, see bugs in AV products listed in Google’s Project Zero. These bugs indicate that not only do these products open many attack vectors, but in general their developers do not follow standard security practices. (Microsoft, on the other hand, is generally competent.)”
This is not the first time in recent years that legacy AV has come under fire. In 2014, Brian Dye, senior vice president for Symantec noted that legacy AV solutions are “doomed to failure.” And, a few months ago, Justin Schuh, Google Chrome’s security chief said that antivirus software is “my single biggest impediment to shipping a secure browser.”
Beyond slowing down systems to a halt, one of the biggest reasons why the legacy AV industry is failing is because incumbent vendors are focusing on the wrong problem. For the past 20 years, AV has focused exclusively on stopping static, commodity malware. Even with that focus malware is STILL getting through. 47% of breaches occur because of malware missed by legacy AV. So, it’s trying to solve the wrong problem AND it’s failing to solve it.
Compounding this problem are advanced attackers, who are quickly evolving their attacks to not even use malware. “Non-malware” attacks are capable of gaining control of computers without downloading any files and are using trusted, native operating system tools (such as PowerShell) and exploiting running applications (such as web browsers and Office applications) to conduct malicious behavior. More than half of breaches can be attributed to non-malware attacks.
Some leading attack campaigns in 2016, including PowerWare and the alleged hack against the Democratic National Committee (DNC) leveraged non-malware attack vectors to carry out nefarious actions. According to our data, 97% of organizations were targeted by a non-malware attack in 2016.
Simply put, legacy AV can’t stop “non-malware” attacks. As a result, the market is shifting. Customers from around the world are turning to Next-Generation Antivirus (NGAV), which gives organizations the ability to see and stop advanced cyber attacks – including non-malware attacks – in real time. This next-generation of AV is delivered through the cloud and is extremely lightweight.
If, like Robert O’Callahan, you are tired of legacy AV solutions, click here to learn about some of the major differences between outdated solutions and NGAV.