The Death of AV?

Recently news on the wires suggesting that “AV is dead” and that “whitelisting technologies” are taking over. Henry Ford said “history is more or less bunk”. The purveyors of such stories obviously believe Henry Ford.

Throughout the history of the AV industry there have been prophets of doom saying “AV is dead”. These latter day Sibyl’s have always championed “whitelisting technologies”. The prophets have yet to be proved right mainly because they are wrong.

Whitelisting or ‘Allow List’ technology, on its own, while being relatively easy to implement has several flaws.

  1. Files change.
  2. Files change and
  3. It is so important that I will repeat it – files change.

If you were to take a “snapshot” of a typical computer at 9am and another at 5pm. You will see that the operating system has added, deleted and modified many files as well as changed countless registry entries. What is more, viruses and other malware can behave in the same way as other programs, skill is often required to separate the two.

Scenario 1:

  • User gets a legitimate email with an attached picture.
  • User clicks on picture.
  • The “whitelisting technology” prompts for access to open the file.
  • User contacts IT who authorises it.
  • User sees the picture.

Scenario 2:

  • User gets a malicious email with a malicious picture.
  • User clicks on picture.
  • The “whitelisting technology” prompts for access to open the file.
  • User doesn’t contact IT because there is no difference to “Scenario 1”
  • Malicious picture runs.
  • User gets more errors however it is really important to see the picture of “celebrity drunk/naked/jailed”.

This flaw, the one between the keyboard and chair, has no technological fix.

Another major flaw of “whitelisting technology” is that how do you know that a system is clean to begin with? With an AV product.

“Whitelisting technology” has its place and does form part of modern Security Solutions in conjunction with, not separate from, AV. The technologies used in conjunction complement each other.