Security expert: antivirus not up to scratch
By Stewart Mitchell
Posted on 20 Jun 2012 at 08:47
Commercial antivirus software is not up to the job of protecting users against online criminals, according to a leading security expert.
The claim comes from Bruce Schneier, chief security technology officer of BT, in the wake of a hands-up article from F-Secure’s Mikko Hypponen in which he admitted antivirus software could not match military malware writers.
“The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well-resourced nation-states with bulging budgets,” Hypponen had written in a Wired article explaining why the security industry had failed to spot the Flame malware despite examples having been “in the wild”.
But according to Schneier, cyber criminals are equally adept at spreading bad code.
“I don't buy this,” Schneier said on a blog post. “It isn't just the military that tests their malware against commercial defence products; criminals do it, too. Virus and worm writers do it. Spam writers do it.
It isn't just the military that tests their malware against commercial defence products; criminals do it, too
“Probably the people who wrote Flame had a larger budget than a large-scale criminal organisation, but their evasive techniques weren't magically better.”
Schneier also took aim at the way antivirus companies react to problems, claiming they ignored issues if they were not seen as urgent.
“I think the difference has more to do with the ways in which these military malware programs spread. That is, slowly and stealthily,” he said. "It was never a priority to understand - and then write signatures to detect - the Flame samples because they were never considered a problem. Maybe they were classified as a one-off. Or as an anomaly. I don't know.”
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software