There has been quite a bit of marketing effort put into declaring that AV is dead. It is difficult to make sense of it because the term ‘Anti-Virus’ means so many different things. Much of what it means depends on who you ask.
What is AV? It’s a short-cut. It’s not a short-cut from a technology perspective, but rather, in language. Just as a single-use facial tissue is a “Kleenex”, so does ‘AV’ mean ‘endpoint security’ to many folks, while ‘AV’ is scoffed-at by others.
To generalize, there are two audiences; those who work in IT, and those who do other things. To a person outside of IT, ‘AV’ equals security.
When a family member asks me about ‘AV for smartphone’, I don’t go into depth about it being less an AV than about application reputation, as determined by running applications in emulated environments to assess the quality (from a security perspective), and on and on. That’s because I’m being asked about security for a phone.
If I did answer as I would to an IT professional, it would raise more questions than I’ve the patience to answer. I don’t usually carry around a whiteboard, a PowerPoint with thrilling and educational animation, or perhaps a puppet show (or at least convincing arm-waving), to explain.
That is not to deride the person asking; what I know about what they do for a living is firmly on the low end of the spectrum because it’s outside of my domain of knowledge, just as endpoint security is to them.
On the other hand, if an enterprise IT expert asks me about ‘AV for public cloud’, I’ll happily get into the nitty-gritty of it, because it’s within our mutual domains of expertise.
The implication is that a phrase like, “AV is dead”, means different things to different audiences. To a technical audience, and it’s old news (like so 2006). Basing endpoint security on comparing hashes of files to a set of known-bad files isn’t going to get the job done today. We all know that it’s a reactive technology that plays only a part in modern endpoint security. Consider that sending AV updates via fax worked like a charm back in the day, but nobody who is really all-in on security has worked off of that premise for the last few decades.
In other words, to security-minded IT folk, stating that AV is dead is a press release from the official Department of Stating the Obvious, while to others it’s a shocking statement (imagine, “Original Kleenex no longer effective!” because – fun fact - the original trademark was for removing cold cream. There is a difference between re-purposing technology and re-purposing phrases. One is about the evolution of technology, the other is about the evolution of language.
What, then, do I answer when someone asks me if AV is dead? Like so many things in life, it depends.
My answer usually begins with a question, “What do you think AV is?” With that information, I can formulate a complete response using definitions for tricky phrases like ‘anti-virus’ that both the person asking and I agree on. Well, that’s if I’m not pressed for time; otherwise I suppose I could simply point to the Bitdefender ranking in independent testing, but that might be considered bragging.