If you rely only on traditional, signature-based antivirus, you are going to get infected—and probably a lot! Antivirus was, and still is, a valuable addition to your layered security strategy, but only if you understand its limitations, which have become more and more prominent over time.
What’s wrong with signature-based AV?
You probably know signature-based antimalware solutions work by recognizing patterns in known files. If a human or automated system identifies a particular file as malicious, it’s relatively easy to find some pattern that uniquely identifies that specific file, whether it be a file checksum (hash), a binary pattern, or even a more complex algorithm that looks for multiple “signs” or patterns. However, this detection methodology suffers from two issues (which even its inventors realized years ago).
1. Signatures only help after you know something’s malware – Signatures are reactive. They’re great at the prevention part, but worthless for initial detection; you can’t write them until after you’ve discovered something bad. This means unless the signature writer (AV company) identifies malware before anyone else, some initial victims will get infected.
