Traditional antivirus software is useless against military malware

August 6, 2012, 7:13 AM PDT

Takeaway: Antivirus programs are obsolete. In that case, what are we supposed to do? Learn what the security community has to say.

Do not go on the Internet unprotected. If you do, you’ll regret it. Advice like that is common everyday fare. What follows is not:

“What this means is that all of us had missed detecting this malware for two years, or more. That’s a spectacular failure for our company, and for the antivirus industry in general.”

That’s from “Why antivirus companies like mine failed to catch Flame and Stuxnet,” a recent post by Mikko Hypponen, Founder and Chief Research Officer of F-Secure — a significant player when it comes to protecting digital equipment.

Statements like that aren’t normal for Mikko (his TED talk); the well-regarded computer-security guru is typically upbeat about things digital. I contacted Mikko asking if he had any further thoughts:

“Regular antivirus works fine for the regular malware out there. It doesn’t work well against government-funded super-malware. How likely is it you may be targeted by super-malware? I guess it depends on what you’re doing.

Bullet-proof vests and helmets work fine against a street robber who is out to get anyone he can find. They don’t work well against a government assassin who is out to get you and only you. How likely is it that are you may be targeted by a government assassin? I guess that also depends on what you’re doing.”

Mikko is referring to the new family of stealthy malware (military malware and super-malware are names I’ve found) that include Stuxnet, DuQu, and Flame. In gathering facts for this article, I found this was not the first time people questioned traditional antivirus programs.

I’d like to introduce Paul Schmehl, Senior Information Security Analyst at the University of Texas-Dallas. Paul, a fine writer, penned “Past its Prime: Is Antivirus Scanning Obsolete?” for SecurityFocus. The lead paragraph:

“The title and topic of this article is clearly controversial. It is guaranteed to get a strong reaction from the antivirus industry, which is firmly convinced it sees clear sailing ahead. So, is antivirus scanning obsolete? In a word, yes, but don’t throw out your scanner.”

It seems Mikko is not alone and not the first. Paul wrote that 10 years ago.

The final person I’d like to introduce is Bruce Schneier. Bruce is highly regarded when it comes to any kind of security. To see what I mean, check out Bruce’s new book, Liars and Outliers. In 2009, Information Security Magazine carried “Is Antivirus Dead?“, a point/counterpoint discussion between Bruce and Marcus Ranum. Bruce had this to say:

“Yes, antivirus programs have been getting less effective as new viruses are more frequent and existing viruses mutate faster. Yes, antivirus companies are forever playing catch-up, trying to create signatures for new viruses. Yes, signature-based antivirus software won’t protect you when a virus is new, before the signature is added to the detection program. Antivirus is by no means a panacea.”

To be fair, all three feel antivirus applications have their place, but the methodology signature-based antivirus programs subscribe to appears less than adequate.

Playing catch-up

Read More...
http://www.techrepublic.com/blog/security/traditional-antivirus-software-is-useless-against-military-malware/8203?tag=nl.e036

Well... I'm not going to make a silly little snide remark here. Like, Go Linux or Go Home. Because... the kind of Code that they are talking about here. I'm sure, could be and has been written to Penetrate any Operating System...:(

Don