To start with the way I look at the answer of the question above: Yes, I think so. Basically, when you talk with people knowing the industry, the classical signature-based approach never even worked. It was able to detect a certain number of viruses, which typically is a just small percentage of what the technology should defend us against. We recently had a minor incident with a virus (called Zeus) and our AV-engine did not even think about detecting this variant.
I think we need a different approach. If we stay in a Windows environment for a moment, there are a few simple things, which would make it much, much harder for malware to infect a machine – and the technology is absolutely free:
- Deploy the Enhanced Mitigation Experience Toolkit (EMET). EMET allows to switch on the key technology in Windows to protect your environment. Basically, this leverages Data Execution Prevention (DEP), Structured Exception Handler Overwrite Protection (SEHOP) and Address Space Layout Randomization (ASLR). Having these technologies deployed would make it harder to exploit vulnerabilities.
- Leverage App Locker in the Application Control Policies of your Security Settings. You can start fairly straightforward: There is really no need for a user to start an application in the user path as well as in a temp directory, nor to install from there (maybe with the exception of the Download path). If you want to invest more time and resources, you could go towards white-listing of your applications but the simplest way forward is to protect those two paths.
- Switch on Bitlocker to protect the boot process of the Operating System.
- Use Windows Defender as your AV-engine.
I am convinced that these five measures would significantly improve the protection of the client. From there on, we need to add protection of the network like Intrusion Detection and other intelligent means to catch attacks.
It seems that other people look at it along similar lines: Time to modernize thinking, technology in fighting malware
How do you look at this? Do you follow similar ideas?
Roger
Related articles
- Alan Solomon thinks Anti-Virus is Dead: Suggests Linux Instead (blogs.techworld.com)
- Symantec admits anti-virus software is no longer effective at stoping virus attacks (dottech.org)
- Virus Blockers are “Dead” Says Norton Maker Symantec (gizmodo.co.uk)
- Symantec And Security Starlets Say Anti-Virus Is Dead (techweekeurope.co.uk)
- Why Anti-Virus Is Not Dead (Again) (techweekeurope.co.uk)
- Symantec: “Anti-virus software is no moneymaker” (itpro.co.uk)
- Anti-virus keeps dying (spgedwards.com)