“Antivirus software is so universally ineffective that it’s just a waste of money.”
The cybersecurity industry has a dirty little secret that hackers don’t want you to know. What’s the secret? Cybersecurity no longer protects you like it used to. Instead of the industry getting better at fending off hackers, it actually lost the battle awhile ago. In fact, antivirus can actually make you less secure than not having antivirus at all.
- 1991: Norton Antivirus began using file signatures to successfully eradicate viruses.
- 2012: Hackers wrote software to generate unlimited variations of their viruses, each with a unique signature. 500,000 new, unique virus variants were released per day, rendering file signature technology useless. (CBS News)
- 2016: The technology that replaced file signatures literally weakens computer security rather than strengthening it. (PCWorld)
Concordia University recently tested 14 popular internet-security products. The result?
“We found that all the analyzed products in some way weaken TLS security on their host.” — Xavier de Carné de Carnavalet and Mohammad Mannan, Concordia Institute for Information Systems Engineering; Concordia University
Every product tested literally weakened internet security — opening a door for hackers which is normally closed off by the browser itself.
Even Malwarebytes was publicly shamed for opening a door for hackers. (Digital Trends)
The cybersecurity industry went from effective, to useless, to literally helping hackers (CBC News). Consumers now spend $billions on products that actually make them less secure than not having any security at all:
“’By installing their software you’re actually making yourself less secure. There’s an irony in that,’ said Jack Daniel, a computer security expert in Massachusetts.”— CNN: Symantec – the popular computer protector – may actually help hackers, feds warn
As reported by PCWorld:
“Since June, researchers have found and reported several dozen serious flaws in antivirus products from vendors such as Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes. Many of those vulnerabilities would have allowed attackers to remotely execute malicious code on computers, to abuse the functionality of the antivirus products themselves, to gain higher privileges on compromised systems and even to defeat the anti-exploitation defenses of third-party applications.” — PCWorld: Antivirus software could make your company more vulnerable
This article explains how the cybersecurity industry leaped out of the frying pan and into the fire. Then, in conclusion, this article unveils a new, revolutionary security paradigm created by cryptographer Michael Wood. This new paradigm finally offers genuine protection — for your family — for your business — for yourself.
The Frying Pan
The antivirus industry used to rely on a technology called file signatures. Every virus has a unique signature. By scanning every file on a computer, the antivirus software could identify which ones (if any) were viruses.
Hackers responded by writing programs that automatically generated unlimited variations of their viruses. Each variation has a unique signature. Sending unique viruses to every recipient meant that antivirus wouldn’t recognize the new signature. Therefore, the antivirus software would always conclude that the file is clean.
This technique worked so perfectly that underground hackers began advertising Fully Undetectable (FUD) malware. Today, off-the-shelf programs allows even teenagers to create FUD trojans in less than two minutes.
Any script kiddie can create FUD trojans in minutes, rendering antivirus signatures useless:
“The antivirus industry has a dirty little secret: its products are often not very good at stopping viruses.
Consumers and businesses spend billions of dollars every year on antivirus software. But these programs rarely, if ever, block freshly minted computer viruses, experts say, because the virus creators move too quickly.”— New York Times: Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt with emphasis added
The New York Times reported the ineffectiveness of antivirus software. Then, in an ironic twist of fate, the New York Times was hacked by the Chinese while using Norton Antivirus. In fact, the Chinese hackers were able to bypass Norton’s security 44 out of 45 times:
“One fact, however, will be of particular concern to the world’s largest antivirus firm, Symantec: Out of the 45 different pieces of malware planted on the Times‘ systems over the course of three months, just one of those programs was spotted by the Symantec antivirus software the Times used” — Forbes: Symantec Gets A Black Eye In Chinese Hack Of The New York Times
The maker of Norton Security, Symantec, responded to the New York Times’ hack:
“The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behaviour-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough.” — The Register: Symantec: Don’t blame us for New York Times hack
Symantec suggested that antivirus combined with “reputation-based technology and behavior-based blocking” might’ve possibly prevented the hack. But is this true? Or has the cybersecurity industry actually leaped out of the frying pan and into the fire?
In response to the uselessness of file signatures, the cybersecurity industry married antivirus with a new technological paradigm: internal behavioral heuristics. This is the “reputation-based technology and behaviour-based blocking” Symantec was referring to. But, in stark contrast to Symantec’s assertion of added strength, this is where the industry only went from bad to worse.
First, hackers simply wrote code to secretly inject their malware into reputable programs (like Skype, Microsoft Word, etc.). Once injected:
- The trojans are invisible to antivirus and firewalls (because they are now running inside reputable apps). In other words, the trojan inherits the same reputation as the app it’s invaded.
- Also, it’s normal behavior for Skype and Microsoft Word to access the internet. Therefore, the trojans masquerading as these programs inherit the very same behavioral privileges as well.
When Symantec asserted that their “reputation-based technology and behaviour-based blocking” might’ve stopped the Chinese hackers, they left out the part where trojans effortlessly inherit the reputations and behavioral privileges of other apps.
To demonstrate: watch how a new invention, Hacker Deterrent, exposes how easily spyware bypasses Norton and Bitdefender both:
Notice in the video that the full combination of Norton’s features was enabled; yet the spyware effortlessly sailed through. So the first problem with internal behavioral heuristics is that it’s just as useless as file signatures.
Second, many of the processes involved in behavioral heuristics can be hijacked by hackers, making it even easier for hackers to break into the computer. (US Govt Warns: Norton Helps Hackers)
And if that’s not bad enough, there’s a third problem too: Internal Behavioral Heuristics often blocks applications that you actually want to use. This forces you to have to wade through complex menu systems in order to figure out how to tell the internal behavioral heuristics to allow the application.
In short, the antivirus replacement technology:
- Doesn’t even stop modern trojans;
- Yet can be leveraged to make it even easier for hackers to enter;
- While often making it difficult to use legitimate apps.
Truly the internet-security industry has leaped full tilt out of the frying pan and into the fire. The industry’s failings make all too common headlines, as one major hack is followed by another.
If trojans can make themselves invisible to traditional cybersecurity then what alternative exists? Is there even a way to protect ourselves from malware that has a fully-undetectable signature and cloaks itself inside other reputable programs? The good news is yes, a new paradigm does indeed offer a genuine defense against hackers. No hype. Just results. Which brings us to the gamechanger.
When firewalls first appeared on the scene, they didn’t rely on artificial intelligence or heuristics. Rather, they made their decisions on simple blacklists and whitelists:
- Blacklists tell the firewall which destinations are blocked.
- Whitelists tell the firewall which destinations are allowed.
The highest form of security is to deny all traffic except that which is in the whitelist. After all, as long as only legitimate destinations are whitelisted, it doesn’t matter if the malware is fully-undetectable, and it also doesn’t matter if the malware has hidden itself inside a reputable application:
- When a fully-undetectable trojan tries to communicate with a destination not on the whitelist: it’s still blocked.
- When a trojan hidden inside a reputable application tries to communicate with a destination not on the whitelist: it’s still blocked.
Whitelists overcome the inherent flaws of traditional cybersecurity products. But, while whitelists do successfully cut hackers off, they used to be impractical to implement:
- Whitelists were often created during firewall installation, meaning that the user had to know in advance all the sites (s)he might want to visit.
- Whitelists were based on technical information such as IP addresses and domain names.
- Whitelists were very unforgiving.
Due to these difficulties, anti-intrusion systems looked to file signatures and internal behavioral heuristics instead. And the result has truly been catastrophic. The number of hacking attacks continues to increase exponentially while large corporations continue to charge billions for their over-hyped products.
Fortunately, a patented new invention brings back the security of whitelists while avoiding the impracticalities of the past. Hacker Deterrent introduces a unique paradigm: Dynamic Whitelists. Dynamic Whitelists have all the strength of traditional whitelists, yet:
- They are dynamically generated on-the-fly in real-time. Thus, the user doesn’t need to know a single destination in advance.
- They are based on actual names of companies, organizations, and people (e.g. “Microsoft Inc.,” “US Department of Labor,” “Timothy Anderson”). Thus, the user doesn’t need to be bothered with technical details like IP addresses nor even domain names.
- They are very forgiving; if a user forgets to whitelist something (s)he needs, (s)he can allow it with a click of the mouse, on-demand, in real-time.
Hacker Deterrent’s unique, name-based, dynamic method actually makes whitelists easy. In other words, the most secure way to keep hackers out has finally been made available to all.
In a future post we’ll take a closer look at Hacker Deterrent, its unique method of dynamic whitelists, and how you can use it to protect your family and yourself when online.