Computer security products in the 1980’s were essentially synonymous with antivirus signatures. The concept, as we all remember, was that simple pattern matching would be used to detect computer viruses based on file names, executables, and other tell-tale signs. The approach worked for some time, but then malicious actors figured out how to side-step signatures through variants. The security community responded by tossing the signatures out with the bathwater, and declaring behavioral analytics to be the only solution to preventing malware. While real-time observation is certainly powerful, I think it is obvious from the cesspool of breaches that continue to occur that malware is still a nagging, largely unsolved problem. Perhaps the best approach moving forward will involves integration of the best elements – signature, behavioral, heuristic, and so on – of every available security solution that can help detect and remove malware. I recently connected with an interesting young man named Marcin Kleczynski, CEO of Malwarebytes, who appears to be doing just that. His company produces anti-malware software that seems to work quite well (including on my own PC). I asked Marcin to briefly share with us his unique views on antivirus, malware, and other issues in modern security.
EA: Marcin, does traditional antivirus software detect and mitigate malware?
MK: No, that’s exactly why I started Malwarebytes. Symantec, McAfee, and other security companies built their engines and core technology in 1985 and it’s my view that they simply haven’t updated them much since. At the same time, cyber criminals are getting more and more sophisticated and agile. Most traditional antivirus software simply cannot keep up with today’s generation of cyber criminals anymore, because they are being outpaced and using signatures.
EA: It seems like the idea of any type of signature has gotten a bad name in the past few years. Is this a fair characterization?
MK: Signature-based anti-virus software has some obvious flaws. Introducing new security techniques like advanced heuristics, machine learnings, and behavioral monitoring will get you a lot further than signatures.
EA: Does behavioral analytics play an important role in the detection of malware on a system?
MK: Yes, absolutely. Addressing gaps in security related to user behavior before you are targeted is crucial. Behavioral rules are a core component of how our technology catches instances of zero-day malware and the exclusive technology of our anti-ransomware.
EA: What trends have you seen recently in malware design? I assume the malware is getting better.
MK: Ransomware will soon be the most used type of malware we have ever seen. For example, we see almost 5 to 10 new ransomware types created every day, each a little different. This will not slow down. In fact, we will see double to triple the numbers that we have seen with any other type of infection in the past.
EA: Is there an appreciable difference in detecting malware on PCs versus Macs – or between PCs and mobiles?
MK: The ability to detect malware on a Mac is mostly just hindered by a false perception of risk and a resulting lack of preparedness. Many Mac users are genuinely puzzled when they learn that they have been infected, as they believed that Macs were immune. On forums and blogs, people often tell Mac users not to install any kind of antivirus software. This leaves users in a difficult situation when they get infected and are trying to find a way to solve the problem.
EA: Do you think we’ll ever see a time when operating systems and applications can be free of the malware risk entirely?
MK: Probably not. And even if we do, cyber criminals will find a new way to infect our systems. Their attack vectors are always evolving and as they do, we will continue to fight the most dangerous threats out there.