Why Is Antivirus Software Still a Thing?

Antivirus has been around for more than 20 years. Do you still need it to protect yourself today?

|
Nov 14 2018, 1:30pm

Image: Cathryn Virginia/Motherbaord

The Weakest Link is Motherboard's third, annual theme week dedicated to the future of hacking and cybersecurity. Follow along here.

Listen to Motherboard’s new hacking podcast, CYBER, here.


For more than 20 years, ever since a college student inadvertently unleashed the first computer worm on the internet, using an antivirus has been a constant and recurring recommendation for users, especially those using PCs.

But with the rise of security minded operating systems such as iOS and even Windows 10, there’s a growing chorus of experts who think that, perhaps, the best days of antivirus software are behind us. People might not need it so much anymore, and in some edge cases, it could pose some risks for users. So, in 2018, do you still need an antivirus?

The answer, of course, is: it depends.

In general, you probably do. But there are caveats. If you are worried about your iPhone, there’s actually no real antivirus software for it, and iOS is engineered to make it extremely difficult for hackers to attack users, especially at scale. In the case of Apple’s computers, which run MacOS, there are fewer antiviruses, but given that the threat of malware on Mac is increasing ever so slightly, it can’t hurt to run an AV on it. If you have an Android phone, on the other hand, an antivirus does not hurt—especially because there have been several cases of malicious apps available on the Google Play Store. So, on Android, an antivirus will help you, according to Martijn Grooten, the editor of trade magazine Virus Bulletin.

When it comes to computers running Windows, Grooten still thinks you should use an AV.

“What antivirus is especially good at is making decisions for you,” Grooten told Motherboard, arguing that if you open attachments, click on links, and perhaps you’re not too technically savvy, it’s good to have an antivirus that can prevent the mistakes you may make in those situations.

For Grooten and Simon Edwards, the founder of SE Labs, a company that tests and ranks antivirus software, despite the fact that Windows’ own antivirus—called Defender—is a good alternative, it’s still worth getting a third-party one.

“Even if [Defender] wasn't the best and it isn't the best, it’s is still a lot better than having nothing,” Edwards told Motherboard. Yet, “we do see a benefit in having paid for AV product.”

Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzo@motherboard.tv

Even Joxean Koret, a well-known security researcher who has studied and found several bugs and vulnerabilities in antivirus engines and software, thinks average users—as in people who are unlikely to be targeted by nation-state hackers—should use antivirus.

“For a regular home user I do think they should,” Koret said in a phone call.

If you are on Windows 10 and don’t want to rely just on Defender, trade magazines and websites suggest McAfee, Bitdefender, and Kaspersky Labs.

But when it comes to corporations or government agencies, it gets a bit more iffy, according to him. That’s because, perhaps ironically, antivirus software can be a liability. Antiviruses usually run with the highest privileges on a computer. In other words, they run as admin or root users, which gives them the ability to monitor, access data on, and shut down other processes. That’s a good thing, but it also means that if someone can compromise the antivirus itself, they will have unfettered access to the rest of the operating system.

That’s why Windows Defender now runs inside a sandbox, an isolated environment that—in theory—makes it harder for hackers to jump from a compromised antiviruses to another application.

CYBER is Motherboard’s new podcast about cybersecurity. Subscribe on Apple Podcasts or any podcast app.

Still, real world attacks exploiting antivirus have been extremely rare, and usually the domain of sophisticated hackers like those at the NSA, which has reportedly targeted antiviruses for years, and allegedly broke into the servers of Russian firm Kaspersky Lab by exploiting its internal antivirus software; or Russian government ones, who reportedly hacked and stole highly sensitive documents from an NSA contractor who was running a Kaspersky Lab antivirus on his computer.

Perhaps the golden era of antivirus is coming to an end, but, especially if you use a Windows machine, it’s still better to use it.

Get six of our favorite Motherboard stories every day by signing up for our newsletter.