Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Yes, you still need endpoint malware protection

Andy Patrizio | May 19, 2017
While operating systems and apps are more secure, the need for endpoint security remains.

malware

There has been a steady stream of reports and claims lately that many of us no longer need endpoint security, that antivirus (AV) programs on our PCs are worthless.

Gizmodo flat out said that you really don't need an antivirus app anymore, arguing that Windows 10 and the browsers have tightened up security to the point that they adequately protect end users. Windows Central asked the same question, but determined that more protection is better than less.

Tom's Guide was a little less sweeping, arguing that free antivirus programs are as effective as those charging an annual subscription of $50 per user or more. And security firm KnowBe4 said that most AV programs are useless against ransomware because it's such a different animal.

So can you ditch the AV program? Nonsense, say security experts.

"Would you tell your mom to remove the antivirus from her computer? No? Ok then," says Randy Abrams, an independent security consultant who previously worked for NSS Labs and ESET, the maker of the NOD32 antivirus program.

He acknowledged that antivirus is far from perfect, but said it still protects against most threats. "They've been saying since early 2000s that antivirus is dead, it's not effective. The truth is it's effective against the vast majority of threats but not so much the brand new stuff," says Abrams.

Abrams says that most malware is old, and a recent report from security firm WatchGuard confirms this. The company found that 30 percent of malware attacks in the fourth quarter of 2016 were zero-day exploits that couldn't readily be caught by antivirus programs. But that means 70 percent of malware attacks were not zero-days, and often these attacks were from virus strains that have been around for months if not years, which an AV program can catch.

David Perry, an independent consultant who has worked for Symantec, McAfee, F-Secure, and Trend Micro, said has heard the 'AV is dead' refrain many times and it's never true. "Pretty much every year someone says antivirus is dead. With endpoint protection, we need to do everything. As good as your gateway protection might be, they still needed to clean up an infection on the desktop," he said.

"Who has an alternative to sell that started the rumor this year?" he continues. "There are people in those industries who consider antimalware superfluous, but ask someone at a big bank or Boeing, they will agree that they need some way to clean malware off those desktops. They don’t want to have to flash them every day."

Perry thinks we are headed to a future where client PCs will all use virtual desktops, so if you get an infection you simply reimage the PC. "That's what people on my level do but that's not an option for a law firm," he said, although eventually it will be. Abrams also felt ransomware can be handled without a malware product by keeping proper backups, so if a computer is hit with ransomware it can just be wiped and restored.

 

1  2  Next Page 

Sign up for MIS Asia eNewsletters.