The Last Throes of Traditional Anti-Virus Software

It should come as no surprise to anyone that given the vast numbers of malicious software anti-virus companies are claiming to detect, the number of viruses out there is practically limitless.

Claudiu Popa

With the introduction of polymorphic viruses more than a decade ago, and the current practice of injecting specialized Trojans into known vulnerabilities, the combinations of shapes and sizes are now infinite. It’s clear that anti-virus software has been relying on its ability to detect known or anticipated signatures for too long, and this lack of innovation has finally caught up with it.

Patterns are where it’s at. Viruses don’t look the same anymore. In fact, they almost never do.

 In a report published last month, Symantec mentioned over 36,000 distinct strains of one attack. Just as it claims to intercept 1.5 million malicious emails per day, that number could well be a billion or more. At some point, this no longer scales, so it really is more about pattern recognition than file names and embedded signatures. Just ask McAfee, after last month’s debacle left the company scrambling for an excuse when its flagship product mis-identified and quarantined a legitimate Windows file and crippled millions of computers around the world.

But all this talk of obsolescent technology and process failure pales in comparison to the recent claim of security researchers from Matousec, who recently announced that their new method for attacking Windows PCs bypasses most – but likely all – current anti-virus software. By reaching deep into the operating system and neutralizing the common anti-virus method of using Windows ‘hooks’, their KHOBE (Kernel HOok Bypassing Engine) tool effectively kills installed anti-malware and surrenders the PC to its attackers.

As if to firmly drive the very last nail into the coffin of anti-virus software, this method also works on computers with limited privilege accounts. While most home users operate their computers with administrative rights, corporate users and companies are generally shielded from software threats and unauthorized programs. According to the company however, KHOBE even works in situations where restricted user accounts lack administrative privileges. This indicates that mature, layered security approaches and an entirely new anti-malware strategy is imminently required for businesses and home users alike. Perhaps this is the catalyst has needed for a long time, to get out of the stone ages and adopt innovative new approaches to malware detection.

About the author:
Claudiu Popa, CISSP, PMP, CISA, CIPP, CRMP is an information security consultant and CEO of Informatica Corporation ( Claudiu helps enterprises to understand and mitigate security risks, anticipate and respond to threats, and implement proper security governance. He is the author of the Canadian Privacy and Data Security Toolkit for SME, published by the CICA. Write to [email protected] simply contribute your comments to this blog. Follow him on or connect with him on
Claudiu Popa
Claudiu Popa
Claudiu Popa is a security and privacy advisor to Canadian enterprises, associations and agencies. He is an author, speaker and lecturer. Connect with him on Twitter @datarisk, Facebook, G+ or LinkedIn.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Blogger Spotlight

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.