The global and independent platform for the SAP community.

Antivirus solutions - modern snake oil?

In the Wild West, "Clark Stanley's Snake Oil Liniment" promised relief from many illnesses - and turned out to be completely ineffective. Since then, snake oil has stood for expensive, useless products - just like today's anti-virus solutions?
Jörg Schneider-Simon, Bowbridge Software
June 7, 2018
It Security
avatar
This text has been automatically translated from German to English.

In the IT security scene, the discussion about the effectiveness of anti-virus products is a perennial topic. Most recently, it was spurred on by statements from Robert O'Callahan, a former Mozilla developer, and Justin Schuh, Director of Chrome Security at Google.

They claimed that anti-virus solutions are in many cases a stumbling block in the development of more secure browsers and could possibly even reduce effective security. They referred to Tavis Ormandy, security researcher at Google, who had shortly before discovered security gaps in some anti-virus solutions.

However, the affected vendors patched them so promptly that even Ormandy praised the speed. Nevertheless, O'Callahan went so far in a blog post as to even advise users to uninstall their anti-virus solution!

In addition, numerous "studies" can be found online that purport to prove that signature-based solutions achieve malware detection rates of only 30 to 40 percent and extrapolate that the gain in security is marginal at best.

It is undisputed among security experts that purely signature-based malware detection alone does not provide sufficient protection, especially for interactively operated desktop systems where web surfing and email remain the main infection vectors.

The sheer number and high volatility of malware that is in-the-wild is simply too great. It is also true that simple pattern-matching techniques fail conceptually for complex malware with mutating, polymorphic code.

However, it is also a fact that the majority of malware does not display such a high level of complexity. Furthermore, it does not do justice to security manufacturers if modern virus scan engines are reduced to pure pattern matching.

All vendors have long since enhanced pattern recognition with heuristics, numerous decoders, whitelists and variant detection to such an extent that it is becoming increasingly difficult - though not impossible - for even "custom malware" to remain undetected.

Joerg SchneiderAllow me to use a comparison to show that PR-effective, provocative statements like O'Callahan's do a disservice to ordinary people. It should be clear that a normal cylinder lock will not stop a savvy burglar from breaking into a house.

If, from the burglar's point of view, the prospect of the loot justifies the risk and effort, the said lock will be a hurdle, but one that can be overcome.

However, this fact does not justify dispensing with a door lock. This reduces the effort for the burglar to virtually zero and shifts the effort-benefit calculation for the burglar in favor of the burglary.

In the same way, systems without virus protection become the point of least resistance for attackers and conjure up attacks. Security manufacturers whose products do not meet the requirements of secure software development should in no way be taken to task. Customers must hold the manufacturers accountable here.

With their purchasing decisions, they have considerable leverage to demand improvements and quality from those manufacturers who want to secure their share of the enterprise endpoint security market (according to Forrester, a market volume of $5.9 billion annually by 2021).

Similarly, I don't think signature-based malware detection alone is adequate to comprehensively protect any type of endpoint against malware.

Very much so, however, I believe that modern anti-virus protection must remain an integral part of any serious, multi-layered security strategy for the foreseeable future. These solutions are the only line of defense where malware is not executed, but merely dropped. This means central distribution points in the corporate network that are accessed by numerous internal and external users - such as storage, document management and, last but not least, SAP systems!

avatar
Jörg Schneider-Simon, Bowbridge Software

Jörg Schneider-Simon is Chief Technical Officer of Bowbridge Software, a provider of cybersecurity solutions for SAP applications.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.