Don't buy stand-alone antivirus: Trend Micro

Stand-alone antivirus applications were dangerous because they could not adequately protect users and so created a false sense of security, according to the top malware expert at Trend Micro. However, the company continues to sell its stand-alone antivirus app because of "customer demand".

At a press luncheon in Sydney yesterday, Trend Micro's top malware specialist Raimund Genes slammed companies — including his own — for selling stand-alone antivirus applications.

Raimund Genes
Trend Micro malware CTO
(Credit: Trend Micro)

"Normally the [Trend Micro] consumer team kills me for this because I think you shouldn't offer separate antivirus, you only should offer a security suite because just offering an antivirus offers a false sense of security for the user base," he said.

"Just buying an antivirus because it is $10 cheaper lowers [the user's] level of security but they think they are secure ... but the market demands it, the retailers demand it, the distribution channel demands it — this is why we still deliver it even if I hate it," said Genes.

A member of Trend Micro's consumer team who was attending the luncheon agreed with Genes. He said: "It is only because the market demands it. I would rather nobody bought stand-alone antivirus. We are trying to re-educate the market".

The comments directly contradict the descriptions on the Trend Micro website, which describes its antivirus (and anti-spam) application as the "essential security you need to safeguard all your data and files ... you can rest easy knowing you have systematic, ongoing protection against the latest malicious viruses, worms, Trojan horse programs, and spyware."

Gene's comments came after he was questioned about competition from free antivirus applications such as AVG. According to Genes, free antivirus applications were only useful to geeks who knew what they were doing.

"If you know what you are doing, it is not bad. As a security expert, why not AVG, why not something for free? But what you have to consider is that all these extras to the AV are not normally combined ... so if you are a security geek you are able to combine and get a free firewall component, a free AV component and combine them all to protect you. For the average end user that is mission impossible. You need a security suite that combines all the elements — that is what you are not getting for free," Genes told attendees.

Signature-based blacklists are dying
Genes also said that blacklist-based malware protection would be dead within two years.

The executive said Trend Micro discovered 800 new pieces of malware every hour targeting Windows-based systems. The company expects that figure to double next year, which will make the traditional approach to antivirus unworkable.

"Two years from now, you will not be able to store the [signature] files on a computer any more ... you will not have enough memory space," Genes said. "Some people are saying that antivirus is dead, and I have to agree the traditional methods to combat malware have no future."

"By 2010, every file that is opened will need to be scanned against 20,000,000 signatures," he said.

(Credit: Trend Micro)

One possible solution that has been touted by various security experts is whitelisting, where known good applications and files are allowed to execute and unknown files are blocked.

James Turner, a security analyst for IBRS, agreed that blacklists were dying and said whitelists provided a sensible solution.

"Imagine giving the bouncer to a club the phone book ... whitelists make sense — people talk about the range of applications that run in an enterprise, there are a fair few of them, but they're not constantly changing," said Turner.

The whitelist approach was adopted recently by Symantec in order to improve the efficiency of its malware scanners.

However, Genes argued that there were too many "good" applications being produced for effective whitelisting.

"Microsoft is generating 10,000 binaries every week. How do you tag them all as known good?" he asked. "There are so many custom applications in an enterprise environment — there are millions of freeware [releases] out there."

Genes said the rapidly evolving threat landscape required evolving security. "I think it needs to be a combination of different technologies, there is not one silver bullet any more."

• Related stories

• Alerts

Add your opinion

More Marketing Hype Anonymous -- 25/09/08

What a load of dribble, please give him a napkin so he can wipe his chin.

The day security companies make a product that fully protects a windows computer and does not compromise computer performance will be a day that I never see.

A basic anti-virus product and a basic anti-spyware product offers about the same level of protection (or better) than any of the internet security products on the market and does not slow the computer down so it is no longer functional for the user.

In my job as an independant IT support person I remove more viruses from windows computers that have internet security products on them (any of the major brands) than ones that have a basic (sometimes free) anti-virus product and windows defender.

What are they going to be telling us next, maybe the truth would be a nice change!

• Reply to comment
• Reply to story
• Report offensive content

Agree Anonymous -- 25/09/08 (in reply to #320112734)

Anonymous has it right. An AV product that is a good detector, an AS poduct that is a good detector, the router firewall, a sandbox, patience and common sense are all the average user needs.

• Reply to comment
• Report offensive content

re: More Marketing Hype David Milligan -- 07/10/08 (in reply to #320112734)

This is long because I am some ticked today about this issue.
First, "Amen" to the previous poster. The rule of thumb seems to be that the bigger the bundled "suite" of Anti-virus/ spyware/ malware/ firewall/ rogueware and all the other terms coined for stuff that invades your computer, the bigger the chance that it will be ineffective. I won't go into the memory usage of such pigs.(sorry pigs). And just try to uninstall them!
Like the above poster, I am an independant IT person. I used to be IT Director for a Tier 1 GM and Ford supplier, and I think I've seen a pattern in both the corporate world and in the home/ small business setting. The pattern: there is NO comprehensive, one-stop, software package that is going to protect you. Even the little utilities like Spybot, Adaware, Malwarebytes and so on, seem to have a short shelf life. Nothing keeps up with the bad guys. It's always a defensive game we play, and catch-up is always too late.
Here's link to a good example of what's going on today (and what keeps me in business):

http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/

To the point of the original story here, I have Trend Micro's Internet Security (for Dell) running on this machine. Like Norton and McAfee, it looks to have everything covered. Just before writing this comment, I added some sites and e-mail addresses to the program's "blocked list", updated the virus defs and whatnot and proceeded to do a Google search for a snag I found with Trend Micro and Vista (another story). Whammo! I got one of the new variants of XP Antivirus2XXX" (called "MicroVirus, BTW). Now, I have my ISP's firewall, my router's firewall, Trend Micro, Spybot Teatimer, Windows Defender all rattling away in the bg. The bugger got through. So, as a professional, how can one expect the poor person at home who just wants to get something done to cope with this kind of stuff? Put their faith in some software's claim? I wouldn't and I don't.
This will be an on-going hassle - let's accept that and keep adapting to it, not settle for an off-the-shelf solution.
I add the following in case anyone is in trouble right now. This is my "quick fix of the day" to stop the nastier infections that I've seen this week:

1. Don't touch the browser with the offending malware, usually a pop-up.
2. Don't go searching on Google or Yahoo for a solution.
3. Backup data you want to keep (data destruction is not usually a problem with most of these rogue programs, but the inability to boot your computer, or find your data will be).
4.. Look in task manager (XP: CTL-ALT-DEL, VISTA: CTL-SHFT-ESC) and check for weird processes, and end the process.
5. Do an MSCONFIG search for Start Items that have no association with a program or driver that you recognize, and uncheck them.
6. Reboot in Safe Mode and scan with everything you've got.

"Only two industries refer to their customers as 'users'"

- Edward Tufte

• Reply to comment
• Report offensive content

anti virus Anonymous -- 26/09/08

to both anon comments above.im only an average computer user but i agree whole heartedly with both anon comments above,& feel that theyve raised some good,valid talking points,good work fellas

• Reply to comment
• Reply to story
• Report offensive content

Well Anonymous -- 05/10/08

It depends on what your standards are realy especialy when it comes to spyware.
I think if you sat down and tested infected websites you would see how poorly free products fare maybe with the exception of spybot s and d.
I used a range of free and paid products to secure my computer and honestly without the extra feature of is suites i would not have been so lucky.
Scanners are ok but they dont realy offer much in the way of zero day protection or cleverly crafted attacks, so he has a fare point realy.

• Reply to comment
• Reply to story
• Report offensive content

Security risk Anonymous -- 08/10/08

Whats the common denominator? Windows. Don't use it on the internet.

• Reply to comment
• Reply to story
• Report offensive content

Fool Mel Sommersberg -- 08/10/08 (in reply to #320113732)

Every operating system has its downfalls with security. Grow up. I own servers running Windows 2000 Advanced Server and FreeBSD and each server has its own requirements for security and the appropriate precautions are taken. I've never had any problems as a result but if I did I would blame myself before blaming my operating systems or even the people sending the malicious software.

The common denominator therefore is the Internet

• Reply to comment
• Report offensive content

The Blob Mel Sommersberg -- 08/10/08

There isn't a single security suite on offer anywhere that doesn't bog a computer down and reduce its performance to about 25% capacity.

I still use eTrust/Vet after having it for so many years but it is a stand-alone anti-virus programme. I also use a seperate scanner for dangerous cookies/adware and the like.

To be honest though, these rarely pick anything up these days because over time I have become more aware of the types of websites and other Internet resources proliferating dangerous downloads and I avoid them at any cost. When I have mentioned this in the past I've been ridiculed for sheltering myself from parts of the Internet but I can't understand the attitude - why jump out of a plane without a parachute simply because you can?

That said I believe that it is definitely possible to live without a hardcore security suite if you follow certain precautions and use some common sense. Mr Genes' big speech is just a sales pitch to get more people to spend money on things they may well not need or require.

• Reply to comment
• Reply to story
• Report offensive content

Has anyone seen a standalaone antivirus solution lately? Anonymous -- 14/10/08

Interesting that Raimund Genes thinks Trend Micro should go against the common practice in almost every marketplace, of every industry worldwide, and only offer one solution. People make choices as to the level of protection they'll install and the price they are prepared to pay for it. They do the same with almost every item they purchase. We'd be delighted to see Trend Micro adopt a single product solution approach and loose even more market share. At AVG we might consider doing it sometime after Ford, Honda, Sony, Toshiba, Noikia, Apple, Dell etc. reduce their product ranges down to a single model.

Not everyone can afford top-level protection. For economic reasons they choose to have less protection. At AVG we provide a free solution and it's used by millions of people around the world. Indeed in the Australian marketplace a survey earlier in 2008 showed that 30% of households were using an AVG solution. These people aren't the "geeks" referred to by Genes - they're typical home users who are better off with some anti-virus and anti-spyware protection, rather than none.

We go to great lengths to explain to people that AVG Anti-Virus Free Edition provides only a base level of protection - better than nothing at all, but not the level of protection we'd prefer people use. We strongly recommend people buy and install our fully integrated, total security suite solution, AVG Internet Security, and many do.

At AVG, more and more we're seeing our top level, full suite Internet security solutions dominating software sales. But there is still a significant number of people who choose to pay for less protection, or use our free solution. It may well be that some people are combining a number of security solutions to craft the tailored protection level they desire, as suggested by Genes, but they would be in the minority. In practise we find the vast majority are simply using the free or entry-level commercial product by itself, because it's a bit cheaper. They choose to have less protection, just as they choose to have a Ford compact instead of a Rolls Royce.

Personally, I wouldn't go onto the Internet without effective two-way firewall protection in place. Yet most people are prepared to simply run the inferior one-way protection built into some operating systems. Indeed, there are still millions of people running older operating systems without any firewall protection in place at all.

And just what does Genes mean by "standalone antivirus"? Most commercial Anti-Virus solutions on the market today don't just provide anti-virus protection. Most also provide protection against spyware, adware, worms, Trojans, rootkits etc. So the entry-level commercial products of today are way more effective than the simple "standalone antivirus" solutions of old. Someone needs to get out more.

At AVG, our Research Lab is processing 25-40 thousand unique files per day and adding them to our protection regime. We can not only cope with it, but we can still deliver to our customers a protection solution that is fast, yet light on system resources.

Of course, we're also working on new approaches. A fine example is our LinkScanner technology, which delivers real-time protection against web threats. Yet the new safe search and surf solutions being implemented by our competitors are almost all purely blacklist based. So James Turner is wrong when he says blacklists are dying. Our competitors are turning to them more and more.

Whitelists can be used effectively in some cases, but like blacklists, they are simply not much help against transient web threats. When the threat is so transient that it's only active for days, no blacklist or whitelist based solution is ever going to be up-to-date enough. Only real-time checking of web threats, as provided by the AVG LinkScanner safe surf technology included in all commercial AVG products, truly protects. AVG LinkScanner checks the web page for threats at the time it really matters - when th

• Reply to comment
• Reply to story
• Report offensive content

FREE AVG/ZA COMBO best... or Linux Graeme Harrison (prof at-symbol post.harvard.edu) -- 28/11/08 (in reply to #320114178)

I agree with much of the AVG person's post. The Trend Micro person was plain WRONG in saying that to have a basic anti-virus and a basic firewall was too hard for average users, and only suitable for geeks.
I have 25+ years IT experience and for about a decade I've used ONLY the free AVG stand-alone anti-virus software (http://free.grisoft.com) AND the free ZoneAlarm stand-alone firewall (www.zonealarm.com). To this one ought add the optional AVG browser toolbar (tick option at install time) and an Ad-aware or similar pop-up blocker, but that bit is not as essential. The ONLY problem for non-experienced users is finding where on www.grisoft.com (or www.avg.com) and www.zonealarm.com you can get JUST the free download. Both companies have made an art of trying to bury this option deep within many web-pages that ask if you are REALLY sure you want to go without the added benefits of their commercial offerings. However, you just have to avoid the 'baited hooks'... which assumes a friend told you to 'stay the course' and go for just the free one... as that IS sufficient.
I've found that the greatest exposure to viruses for users of commercial (non-free) products is when the licence expires. With AVG FREE, you get permanent protection with near-automatic updates to latest program and definition files, without any 'licence-expired' exposure.
I've set-up people in their 80s with the AVG/ZA 'FREE COMBO' and they've not had problems.

Personally, I shifted about six months ago from dual-boot XP/Ubuntu to retaining dual-boot capability, but doing almost all computer work in Linux, using Ubuntu/Firefox/Thunderbird/OpenOffice combo for almost everything... And I've personally pleaded with Irfan of www.irfanview.com to port his best-ever image editor to Linux, but he insists I need to run it under WINE emulator for Linux (which is a bit slower).

• Reply to comment
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials