The anti-virus industry has a dirty little secret: Its products are often not very good at stopping viruses.
SAN FRANCISCO: The anti-virus industry has a dirty little secret: Its products are often not very good at stopping viruses.
Consumers and businesses spend billions of dollars every year on anti-virus
software. But these programs rarely, if ever, block freshly minted
computer viruses, experts say, because the virus creators move too
quickly. That is prompting startups and other companies to get creative
about new approaches to computer security.
"The bad guys are always trying to be a step ahead," said Matthew D. Howard, a venture capitalist at Norwest Venture Partners who previously set up the security strategy at Cisco Systems. "And it doesn't take a lot to be a step ahead."
Computer viruses
used to be the domain of digital mischief-makers. But in the mid-2000s,
when criminals discovered that malicious software could be profitable,
the number of new viruses began to grow exponentially.
In 2000,
there were fewer than 1 million new strains of malware, most of them
the work of amateurs. By 2010, there were 49 million new strains,
according to AV-Test, a German research institute that tests anti-virus
products.
The anti-virus industry has grown as well, but
experts say it is falling behind. By the time its products are able to
block new viruses, it is often too late. The bad guys have had their
fun, siphoning out a company's trade secrets, erasing data or emptying a
consumer's bank account.
A new study by
Imperva, a data security firm in Redwood City,
Calif., and students from the Technion-Israel Institute of Technology
is the latest confirmation of this. Researchers collected and analyzed
82
new computer viruses and put them up against more than 40 anti-virus products, made by
top companies like
Microsoft, Symantec, McAfee and Kaspersky Lab. They found that the initial detection rate was less than 5 per cent.
On average, it took almost a month for anti-virus products to update
their detection mechanisms and spot the new viruses. And two of the
products with the best detection rates - Avast and Emsisoft - are
available free; users are encouraged to pay for additional features.
This despite the fact that consumers and businesses spent a combined
$7.4 billion on anti-virus software last year - nearly half of the $17.7
billion spent on security software in 2011, according to Gartner.
"Existing methodologies we've been protecting ourselves with have lost
their efficacy," said Ted Schlein, a security-focused investment partner
at
Kleiner Perkins Caufield
& Byers. "This study is just another indicator of that. But the
whole concept of detecting what is bad is a broken concept."
Part of the problem is that anti-virus products are inherently reactive.
Just as medical researchers have to study a virus before they can
create a vaccine, anti-virus makers must capture a computer virus, take
it apart and identify its "signature" - unique signs in its code -
before they can write a program that removes it.
That process
can take as little as a few hours or as long as several years. In May,
researchers at Kaspersky Lab discovered Flame, a complex piece of
malware that had been stealing data from computers for an estimated five
years.
Mikko H. Hypponen, chief researcher at F-Secure, called
Flame "a spectacular failure" for the anti-virus industry. "We really
should have been able to do better," he wrote in an essay for Wired.com
after Flame's discovery. "But we didn't. We were out of our league in
our own game."
Symantec
and McAfee, which built their businesses on anti-virus products, have
begun to acknowledge their limitations and to try new approaches. The
word "anti-virus" does not appear once on their home pages.
Symantec rebranded its popular anti-virus packages: Its consumer product is now called Norton Internet Security, and its corporate offering is now Symantec Endpoint Protection.
"Nobody is saying anti-virus is enough," said Kevin Haley, Symantec's director of security response.
Haley said Symantec's anti-virus products included a handful of new
technologies, like behavior-based blocking, which looks at some 30
characteristics of a file, including when it was created and where else
it has been installed, before allowing it to run. "In over two-thirds of
cases, malware is detected by one of these other technologies," he
said.
Imperva, which sponsored the anti-virus study, has a
horse in this race. Its Web application and data security software are
part of a wave of products that look at security in a new way. Instead
of simply blocking what is bad, as anti-virus programs and perimeter
firewalls are designed to do, Imperva monitors access to servers,
databases and files for suspicious activity.
The day companies
unplug their anti-virus software is still far off, but entrepreneurs and
investors are betting that the old tools will become relics.
"The game has changed from the attacker's standpoint," said Phil
Hochmuth, a Web security analyst at the research firm International Data
Corp. "The traditional signature-based method of detecting malware is
not keeping up."
Investors are backing a new crop of startups
that turn the whole notion of security on its head. If it is no longer
possible to block everything that is bad, the thinking goes, then the
security companies of the future will be the ones whose software can
spot unusual behavior and clean up systems once they have been breached.
The hottest security startups today are companies like Bit9, Bromium,
FireEye and Seculert that monitor Internet traffic, and companies like
Mandiant and CrowdStrike that have expertise in cleaning up after an
attack.
Bit9, which received more than $70 million in financing
from top venture firms like Kleiner Perkins and Sequoia Capital, uses
an approach known as whitelisting, allowing only traffic that the system
knows is innocuous.
McAfee acquired Solidcore, a whitelisting
startup, in 2009, and Symantec's products now include its Insight
technology, which is similar in that it does not let any unknown files
run on a machine.
McAfee's former chief executive, David G.
DeWalt, was rumored to be a contender for the top job at Intel, which
acquired McAfee in 2010. Instead, he joined FireEye, a startup with a
system that isolates a company's applications in virtual containers,
then looks for suspicious activity in a sort of digital petri dish
before deciding whether to let traffic through.
The company has
received more than $35 million in financing from Norwest, Sequoia
Capital and In-Q-Tel, the venture arm of the Central Intelligence Agency, among others.
Seculert, an Israeli startup, approaches the problem somewhat
differently. It looks at where threats are coming from - the command and
control centers used to coordinate attacks - to give governments and
businesses an early warning system.
As the number of prominent
online attacks rises, analysts and venture capitalists are betting that
corporate spending patterns will change.
"Technologies that
once were only used by very sensitive industries like finance are moving
into the mainstream," Hochmuth said. "Very soon, if you are not running
these technologies and you're a security professional, your colleagues
and counterparts will start to look at you funny."
Companies
have started working from the assumption that they will be hacked,
Hochmuth said, and that when they are, they will need top-notch cleanup
crews.
Mandiant, which specializes in data forensics and
responding to breaches, has received $70 million from Kleiner Perkins
and One Equity Partners, JPMorgan Chase's private investment arm.
Two McAfee executives, George Kurtz and Dmitri Alperovitch, left to
start CrowdStrike, a startup that offers a similar forensics service.
Less than a year later, they have raised $26 million from Warburg Pincus.
If and when anti-virus makers are able to fortify desktop computers,
chances are the criminals will have moved on to smartphones. In October,
the FBI warned that a number of malicious apps were compromising Android devices. And in July, Kaspersky Lab discovered the first malicious app in Apple's app store.
The Defense Department has called for companies and universities to
find ways to protect mobile devices from malware. McAfee, Symantec and
others are working on solutions, and Lookout, a 5-year-old startup whose
products scan apps for malware and viruses, recently raised funding that valued it at $1 billion.
"The bad guys are getting worse," Howard of Norwest said. "Anti-virus
helps filter down the problem, but the next big security company will be
the one that offers a comprehensive solution."
07:42
Unknown
iPhone
5: For the first time since its introduction in 2007, iPhone underwent a
major change. It got a 4-inch screen compared to 3.5-inch earlier
models had. Fastest and tallest iPhone yet, it broke several smartphone
sales record.
Nexus 7: Google entered the tablet race in 2012 taking on 
Raspberry Pi: Pocketable and with a price tag of just $35, this computer is powerful enough to run Linux
operating software. Though primarily made for schools in the UK, the
gadget has found a fan following among geeks and hackers, who use it to
power innovative homebrew solutions.
Microsoft Surface: Microsoft entered the tablet market with Surface and 
Galaxy S III: Was the only phone that stood up to iPhone 5's might and held its ground. Much bigger and packing in lot more features, Galaxy S III won rave reviews and accolades across the world.
iPad Mini: With more and more people eyeing tablets like 
MakerBot Replicator 2:
This gadget may one day find a place in technology's hall of fame.
Reason: it can print objects based on the design fed to it through a
computer.
Galaxy Camera: A camera that allows you to upload too and check email without 
MacBook Pro with Retina display: Laptops have incredibly poor screens, especially compared to what tablets pack in. 
LG Ultra HD3D TV:
Everything that you need in a TV, LG's 84-inch 84LM9600 has it. It's
smart, looks gorgeous, and best of all, packs in a resolution of 3840 x
2160 pixels, nearly four times more than what FullHD TVs have.
