Is Anti-virus ineffective nowadays? (UPDATED)

I have seen a lot of stories and blogs this year shouting: "Anti-virus is dead". Quite sensational. The topic reappeared on the SANS ISC website yesterday: To AV or not to AV, is that the question?

Over the last few years we have seen malware go from the “Oh look at me” attempts at “fame” to “how much can I make” approaches. It has now become a business. To succeed in this kind of business you need malware that is delivered and remains undetected. But you also have to keep costs low. Often this results in variations, the same malware over and over again, but wearing different coats, a funny hat or a false moustache. To protect against malware we use our trusty antivirus product, because it will find all those nasties, right?

They arrive more or less at the same conclusion as Dr. Anton Chuvakin made in Let's Play a Fun Game Here ... A Scary Game.

I'm not claiming that AV has becoming less effective. Malware has just evolved at a faster pace and we're failing to keep up.

To state the final quote from the ISC story: "One thing is for certain the malware business model works (storm seems to be doing well) and until we change the approach to managing malware it will continue to. As many of us have learned the hard way, you can't put all your eggs in one basket. By relying on AV alone you may be exposing your machine or your network." (Mark H)

I'm wondering when we will see this next generation of anti-malware detection engines. Here is a VERY interesting articly from daemon.be why good detection has become a problem.


BONUS (04/09/2007): Welcome to 2007: the year of professional organized malware development

Increasingly, we are drifting away from the chaotic distribution of new malware (malicious software). The distribution of new malware has become highly organized and will continue to be so. The “Detect and Forget” times of Antivirus programs belong to the past. This is relevant, at least, for most of recent new malware.