Antivirus Under Attack From Polymorphic Threats -- and You

For cybersecurity geeks, it was a moment to celebrate. In May, as President Obama announced a new federal office to oversee America’s digital infrastructure, he used language rarely heard in the White House. “We’ve had to learn a whole new vocabulary just to stay ahead of the cybercriminals who would do us harm: spyware and malware and spoofing and phishing and botnets,” Obama said. (Today, he named his pick for the post.) Obama also reminded the audience that he knew of what he spoke: in 2008 his campaign’s computer network had been badly compromised by a virus that hackers hid in an e-mail.

When frustration with malware has risen to the level of the BlackBerry addict in chief, the companies that make antivirus software -- a $6 billion global industry dominated by two U.S. firms, Symantec and McAfee -- know that their work is cut out for them. “I never thought I’d hear the day when our president was talking about botnets and Trojans,” says Rowan Trollope, an executive at Symantec, which makes the Norton brand of security software. “The industry has gotten a whole lot more interesting, and a whole lot more important.”

It’s an industry that’s also evolving dramatically as computer users change their habits. Around the globe, people are now spending less time on desktop PCs and more on mobile devices like iPhones; over time, these new gizmos will require new kinds of security. The nature of cyberthreats is shifting, too. While early computer viruses tended to come from solo hackers seeking chaos and notoriety for their own sake, the new breed of attacks is coordinated, sophisticated, and usually put into action by criminals seeking profitable information: credit-card numbers, bank accounts, and passwords to sites like PayPal.

Malicious code has taken many forms over the years, but the latest iteration is especially pernicious. Called polymorphic threats, these bugs change their outward appearance as they spread, making them harder to detect. Antivirus software typically works by keeping an eye out for known bad code, lists of which are pushed out to subscribers at regular intervals. But the number of such “signatures” Symantec created in 2009 spiked to 2.5 million, a 56 percent increase, and the distinct threats discovered by those signatures grew 75 percent to 210 million. In response, the company is rewriting its software to measure the “reputation” of a suspect file -- where it comes from, how common it is across the Web, whether the user has opened risky files before. Think of this new security software like a narrow-eyed dad inspecting his daughter’s dates: he used to bar just the boys that other dads have warned him about, but now he sizes up each one individually.

As antivirus companies battle the latest worms, they’re also fighting another trend, one more perilous to their bottom line. Individuals and corporate users are storing less data on their hard drives and more in the cloud -- remote servers, operated by giants like Google and Amazon. With less valuable data on individual PCs, the need for virus protection could wane over time. The economics of computer protection have changed, too. Back when a desktop PC cost $1,500, a $99 antivirus program that protected it made sense. Now that a netbook with basic functionality can cost $99 itself, paying for virus-protection software feels less necessary.

The antivirus makers insist they’ll remain relevant. And as more of us store more of our life in bits and bytes, in the short term at least, they’re probably right.