Stand-alone antivirus applications were dangerous because they could not adequately protect users and so created a false sense of security, according to the top malware expert at Trend Micro. However, the company continues to sell its stand-alone antivirus app because of "customer demand".
At a press luncheon in Sydney yesterday, Trend Micro's top malware specialist Raimund Genes slammed companies — including his own — for selling stand-alone antivirus applications.
Raimund Genes
Trend Micro malware CTO
(Credit: Trend Micro)
"Normally the [Trend Micro] consumer team kills me for this because I think you shouldn't offer separate antivirus, you only should offer a security suite because just offering an antivirus offers a false sense of security for the user base," he said.
"Just buying an antivirus because it is $10 cheaper lowers [the user's] level of security but they think they are secure ... but the market demands it, the retailers demand it, the distribution channel demands it — this is why we still deliver it even if I hate it," said Genes.
A member of Trend Micro's consumer team who was attending the luncheon agreed with Genes. He said: "It is only because the market demands it. I would rather nobody bought stand-alone antivirus. We are trying to re-educate the market".
The comments directly contradict the descriptions on the Trend Micro website, which describes its antivirus (and anti-spam) application as the "essential security you need to safeguard all your data and files ... you can rest easy knowing you have systematic, ongoing protection against the latest malicious viruses, worms, Trojan horse programs, and spyware."
Gene's comments came after he was questioned about competition from free antivirus applications such as AVG. According to Genes, free antivirus applications were only useful to geeks who knew what they were doing.
"If you know what you are doing, it is not bad. As a security expert, why not AVG, why not something for free? But what you have to consider is that all these extras to the AV are not normally combined ... so if you are a security geek you are able to combine and get a free firewall component, a free AV component and combine them all to protect you. For the average end user that is mission impossible. You need a security suite that combines all the elements — that is what you are not getting for free," Genes told attendees.
Signature-based blacklists are dying
Genes also said that blacklist-based malware protection would be dead within two years.
The executive said Trend Micro discovered 800 new pieces of malware every hour targeting Windows-based systems. The company expects that figure to double next year, which will make the traditional approach to antivirus unworkable.
"Two years from now, you will not be able to store the [signature] files on a computer any more ... you will not have enough memory space," Genes said. "Some people are saying that antivirus is dead, and I have to agree the traditional methods to combat malware have no future."
You might be interested in:
"By 2010, every file that is opened will need to be scanned against 20,000,000 signatures," he said.
(Credit: Trend Micro)
One possible solution that has been touted by various security experts is whitelisting, where known good applications and files are allowed to execute and unknown files are blocked.
James Turner, a security analyst for IBRS, agreed that blacklists were dying and said whitelists provided a sensible solution.
"Imagine giving the bouncer to a club the phone book ... whitelists make sense — people talk about the range of applications that run in an enterprise, there are a fair few of them, but they're not constantly changing," said Turner.
The whitelist approach was adopted recently by Symantec in order to improve the efficiency of its malware scanners.
However, Genes argued that there were too many "good" applications being produced for effective whitelisting.
"Microsoft is generating 10,000 binaries every week. How do you tag them all as known good?" he asked. "There are so many custom applications in an enterprise environment — there are millions of freeware [releases] out there."
Genes said the rapidly evolving threat landscape required evolving security. "I think it needs to be a combination of different technologies, there is not one silver bullet any more."
Linkedin 
RSS Feeds 
Newsletters 
Alerts
Has anyone seen a standalaone antivirus solution lately?
Interesting that Raimund Genes thinks Trend Micro should go against the common practice in almost every marketplace, of every industry worldwide, and only offer one solution. People make choices as to the level of protection they'll install and the price they are prepared to pay for it. They do the same with almost every item they purchase. We'd be delighted to see Trend Micro adopt a single product solution approach and loose even more market share. At AVG we might consider doing it sometime after Ford, Honda, Sony, Toshiba, Noikia, Apple, Dell etc. reduce their product ranges down to a single model.
Not everyone can afford top-level protection. For economic reasons they choose to have less protection. At AVG we provide a free solution and it's used by millions of people around the world. Indeed in the Australian marketplace a survey earlier in 2008 showed that 30% of households were using an AVG solution. These people aren't the "geeks" referred to by Genes - they're typical home users who are better off with some anti-virus and anti-spyware protection, rather than none.
We go to great lengths to explain to people that AVG Anti-Virus Free Edition provides only a base level of protection - better than nothing at all, but not the level of protection we'd prefer people use. We strongly recommend people buy and install our fully integrated, total security suite solution, AVG Internet Security, and many do.
At AVG, more and more we're seeing our top level, full suite Internet security solutions dominating software sales. But there is still a significant number of people who choose to pay for less protection, or use our free solution. It may well be that some people are combining a number of security solutions to craft the tailored protection level they desire, as suggested by Genes, but they would be in the minority. In practise we find the vast majority are simply using the free or entry-level commercial product by itself, because it's a bit cheaper. They choose to have less protection, just as they choose to have a Ford compact instead of a Rolls Royce.
Personally, I wouldn't go onto the Internet without effective two-way firewall protection in place. Yet most people are prepared to simply run the inferior one-way protection built into some operating systems. Indeed, there are still millions of people running older operating systems without any firewall protection in place at all.
And just what does Genes mean by "standalone antivirus"? Most commercial Anti-Virus solutions on the market today don't just provide anti-virus protection. Most also provide protection against spyware, adware, worms, Trojans, rootkits etc. So the entry-level commercial products of today are way more effective than the simple "standalone antivirus" solutions of old. Someone needs to get out more.
At AVG, our Research Lab is processing 25-40 thousand unique files per day and adding them to our protection regime. We can not only cope with it, but we can still deliver to our customers a protection solution that is fast, yet light on system resources.
Of course, we're also working on new approaches. A fine example is our LinkScanner technology, which delivers real-time protection against web threats. Yet the new safe search and surf solutions being implemented by our competitors are almost all purely blacklist based. So James Turner is wrong when he says blacklists are dying. Our competitors are turning to them more and more.
Whitelists can be used effectively in some cases, but like blacklists, they are simply not much help against transient web threats. When the threat is so transient that it's only active for days, no blacklist or whitelist based solution is ever going to be up-to-date enough. Only real-time checking of web threats, as provided by the AVG LinkScanner safe surf technology included in all commercial AVG products, truly protects. AVG LinkScanner checks the web page for threats at the time it really matters - when th
FREE AVG/ZA COMBO best... or Linux
I agree with much of the AVG person's post. The Trend Micro person was plain WRONG in saying that to have a basic anti-virus and a basic firewall was too hard for average users, and only suitable for geeks.
I have 25+ years IT experience and for about a decade I've used ONLY the free AVG stand-alone anti-virus software (http://free.grisoft.com) AND the free ZoneAlarm stand-alone firewall (www.zonealarm.com). To this one ought add the optional AVG browser toolbar (tick option at install time) and an Ad-aware or similar pop-up blocker, but that bit is not as essential. The ONLY problem for non-experienced users is finding where on www.grisoft.com (or www.avg.com) and www.zonealarm.com you can get JUST the free download. Both companies have made an art of trying to bury this option deep within many web-pages that ask if you are REALLY sure you want to go without the added benefits of their commercial offerings. However, you just have to avoid the 'baited hooks'... which assumes a friend told you to 'stay the course' and go for just the free one... as that IS sufficient.
I've found that the greatest exposure to viruses for users of commercial (non-free) products is when the licence expires. With AVG FREE, you get permanent protection with near-automatic updates to latest program and definition files, without any 'licence-expired' exposure.
I've set-up people in their 80s with the AVG/ZA 'FREE COMBO' and they've not had problems.
Personally, I shifted about six months ago from dual-boot XP/Ubuntu to retaining dual-boot capability, but doing almost all computer work in Linux, using Ubuntu/Firefox/Thunderbird/OpenOffice combo for almost everything... And I've personally pleaded with Irfan of www.irfanview.com to port his best-ever image editor to Linux, but he insists I need to run it under WINE emulator for Linux (which is a bit slower).