In the 90s and 2000s we had AntiVirus now we have A.I

Intro

When I began my journey in the early 90s with research regarding how Anti-Virus works and what makes them so special compared to applying just basic OS hardening rules I realized that they will probably not the final solution and that AVs constantly need to change, adapt and evolve. I then quickly joined some communities, some that do not even exist anymore and others that are still accessible but probably under new management, I decided to conduct own research and create my own tests. However, even then I already knew that hackers as well as bots quickly will abuse such systems for their own puposes.

Security in a modern world

Today AVs play less of an role, they still can have purposes but only as multi-layer strategy and an AV alone is only as trustworthy as the provider which you choose to trust. Open source AVs exist only on paper and the ones that can be used are mildly put nothing but trash compared to professional solutions on the market simply because you need millions of dollars and a lot of coders + experience to design complex products such as Kaspersky, ESET and Co. This is not usually a task 3 or 4 developer can address for free in their spare time. There are other factors why open source AVs will never be as good as their closed friends but this is not what this topic is about.

Artificial Intelligence

I think know that I have huge problems with the term - A.i. - I just do not think there exist - yet - some intelligent system that fit this term. Usually it is just a more modern term for pattern seeking system. There is no true intelligence behind except analyzing given data and then create patterns and algorithm to optimize existing solutions. For my definition what intelligence is that that not fit the requirements, anyway back to the topic.

So the 2000s came and AVs began to struggle, we had some doubts from actual security experts, than we had some attacks on AVs which got abused as Command and Control for some operations and people finally started to question if AVs are useful or not. More and more security concerns came from people that had more influence in the security community which lead to more distrust regarding AVs. Microsoft then finally decided to adopt Defender into the OS which made third-party solutions pretty much useless, or there was more and more less need to install other products alongside with Defender.

Today’s System - Controlled by Bots

Most attacks are Bot related and controlled, A.I. is trained and used against AVs and it is nearly impossible for normal people without any background or a daily dosage of security news to keep up with threats. You can dedicate your life and check each single day for security news, adopt manually to it and waste lots of time reading or you lock down the OS as well as your servers to a point were you can do nothing much with it and even then people still need to be scared because there are more and more threats coming faster an faster because the A.i. system is used to analyse and infiltrate structures in order to get new strategies that were never seen before.

In order words you cannot dodge a bullet because you do not see the bullet coming.

What the future might look like

The future might look problematic, I think A.I. systems will continue to improve and that they learn and amplify their attacks. Websites like GitHub are tested constantly to check what they can withstand and to check how good or bad their attack works against high traffic domains and websites that are constantly used and monitored by thousands of people. Such pages are gold to test your attacks, even if you do not succeed you learn a lot from how good the website is protected or how bad your attacking system actually is and what you need to improve, not putting in consideration that even if you do not bring down high-traffic pages that this is potential still enough against other less maintained websites.

At the end think it will probably end up with A.I. against A.I. fights. Going back in 90s we had at least some actors behind the scene who developed and improved AVs and you knew that there are actual people behind a so-called security product, today this entirely fades away and you have faceless actors behind attacks and even some security products that usually use frameworks coded by others or sold by others for the highest bidder which then quickly gets converted into Bots that uses some sort of artificial learning system that might beat every human one day, when there are enough data provided in order to evolve to actual intelligence which quickly adopts to your counter measures such as AVs or server and OS hardening.

Fighting A.I. with A.i.

At some point we saw this more or less from the Terminator movie when machines had enough intelligence to make their own decisions in milliseconds, such fight can happen in the actual real world, maybe not - yet - with robots like shown in the famous movie but artificial intelligence is both a threat and a cure. I see that actors using or abusing such systems much more in the last 5 years than ever before and that such system thinking in ways that you as human never think of because those systems can potential predict and simulate more scenarios in advance than a human ever could, which makes it valuable and dangerous at the same time.

I like to close this small blog post with a quote:

“After all, all devices have their dangers. The discovery of speech introduced communication—and lies. The discovery of fire introduced cooking—and arson. The discovery of the compass improved navigation—and destroyed civilizations in Mexico and Peru. The automobile is marvelously useful—and kills Americans by the tens of thousands each year. Medical advances have saved lives by the millions—and intensified the population explosion.”

― Isaac Asimov