{"id":14610,"date":"2016-06-13T08:00:02","date_gmt":"2016-06-13T15:00:02","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=14610"},"modified":"2016-06-13T10:13:54","modified_gmt":"2016-06-13T17:13:54","slug":"conventional-av-systems-can-actually-harm-you","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2016\/06\/conventional-av-systems-can-actually-harm-you\/","title":{"rendered":"Conventional AV Systems Can Actually Harm You"},"content":{"rendered":"

There\u2019s barely a day goes by when I\u2019m not reading another batch of stories about how unsuitable conventional endpoint AV security is for dealing with modern malware, APTs, zero-day threats and so forth.<\/p>\n

So replete are these tales of woe that it\u2019s almost possible to switch off from the basic fact that in this uber-connected, cloud-enabled, everything-as-a-service, internet-of-thingamajigs world, most conventional endpoint AV systems are impotent and probably do more harm than good. I write almost, but not quite, because every now and again the occasional story jumps off the screen and gives you that all important wake-up call.<\/p>\n

<\/p>\n

One such story that came to light a few weeks ago, centered around an Adverse Event Report published by the U.S. Food and Drug Administration (FDA)<\/a>. Wherein, a patient (not named), undergoing a cardiac catheterisation procedure at a US Hospital (also not named) had to be sedated, mid-operation, for five minutes, while the procedure was suspended following the system crash of a vital piece of monitoring equipment.<\/p>\n

The system in question monitors, measures and records patient data during cardiac catheterization procedures. The system is made up of a patient data module, used to capture the patient\u2019s vitals, and a hemo monitor PC to display them. The two elements are connected via a serial interface.<\/p>\n

During this particular procedure the monitor PC lost communication with the patient data module resulting in a black screen on the monitor and the patient having to be sedated while the system was rebooted. As the FDA report describes, the cause of this blackout was attributed to the installed conventional AV software, which at a critical point in the procedure initiated a scan of the system.<\/p>\n

Although the system could be rebooted and the patient fortunately survived it got me thinking about the real-life harm a conventional AV could do to me. Quoting from the Manufacturers Narrative in the FDA Report, \u201cOur experience has shown that improper configuration of anti-virus software can have adverse effects including downtime and clinically unusable performance.\u201d So, although I may be sensationalizing the FDA\u2019s paragraph a little, I\u2019m not feeling that confident after reading the manufacturer\u2019s narrative. Let\u2019s face it: the team performing a standard cardiac catheterisation procedure is not likely to include an IT security engineer who can be called upon at a moment\u2019s notice.<\/p>\n

Could this scenario have been avoided with an Advanced Endpoint Protection system? The answer is probably yes. Traps, our advanced endpoint protection product<\/a>, is not a conventional AV system -- indeed, it\u2019s a paradigm shift from \u201cthe way things used to be done.\u201d Traps secures endpoints by preventing known and unknown malware and exploits from executing by focusing on blocking the few, core techniques used by attackers rather than application-specific characteristics. Furthermore, It does this in a lightweight, nonintrusive agent that definitely does not rely on system scanning<\/strong>.<\/p>\n

Learn more<\/span><\/h3>\n