Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Could you elaborate on why you think it's a dead technology?


There are many articles describing why but really it comes down to this: malware authors can pump out so many copies of their software at once that signature-based detections in which the AV industry relies on are no longer reliable or effective.

We're at a point now where what may have worked as a defence against stuff being found on floppy drives just isn't able to scale for today's modern infrastructure.

AV is really a last-line of defence against being forgetful, and nothing more.


I'm not sure what should I not forget when I visit a hacked web forum which sends me to an exploit kit, that knows an unpatched, possible zero day, vulnerability from my browser?

You're oversimplifying modern AV by acting like it's just a signature based file scanner. That's just a one defence of many in a good AV product.


You're mixing apples and oranges here.

What the problem described in the story is that files are being picked up by an overzealous AV scanner doing disk-based scanning. It's reading non-executable data as executable and throwing alerts or performing whatever actions are dictated as per policy.

AV is not there to stop zero-day attacks--if it were, I would not be having this conversation today.

What you're describing is web filtering and this can be achieved using methods either internal or external--an external example would be a solution from OpenDNS and an internal can be whatever appliance makes you happy. AV vendors have thrown in web filtering as a part of their suite, but it still relies on your system being up to date and not already infected. An external solution to your endpoint is a far better solution really.

I am not oversimplifying things when I say that AV is ineffective at stopping CryptoLocker because file-based detections are useless when there are thousands of copies of the malware generated every day.

AV is dead because there is not enough manpower and coverage to stop things like CryptoLocker. It is better to spend those resources trying to prevent the spread of malware using other methods.


Because a kid can write a working trojan that escapes AV detection? (Two very young studends I know did, POC took less than 50 loc in AHK. That included a plausible "installer" as well as auto update feature).


The idea of having a program that is allowed to scan and check every single files/ memory blocks seems to be, at the very least inefficient and against the principle of isolation to me.

May be because I'm just biased because the damn thing used to start running every time my gaming session is heating up ...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: