Ted Schlein, investor with Kleiner Perkins Caufield and Byers, built one of the first anti-virus products at Symantec. Today, he says the likes of Symantec and McAfee will run out of gas if they don’t get rid of their anti-virus divisions.

“They will either need to realize their core anti-virus business is going away and make massive shifts, or they will continue to lose market share,” said Schlein at the RSA Conference in San Francisco this week. “You’ve got to change with the times. You can’t be static in security,” he said.

The security community is starting to look down on anti-virus technology simply because such tools don’t get any better until you get hacked. Traditionally, anti-virus software looks at digital signatures to determine whether or not the file entering your system is malware or safe. But it only learns that bad signature if it has seen it. Any new pieces of malware slip in under the radar.

Companies like Symantec and McAfee are running the risk of becoming irrelevant if they don’t change course. Both companies dabble in mobile security and are trying to figure out the answer to the bring-your-own-device (BYOD) trend. But Symantec, as Schlein noted, has more pressure to pivot than McAfee, which is owned by Intel. In the end, Intel can decide what to do with McAfee’s technology — and employees — whereas Symantec is still independent.

Other companies have tried behavioral anti-virus techniques, or studying the typical actions a piece of malware performs to stay relevant. For the most part, however, the overall anti-virus market seems to be slowly becoming the kid no one wants to play with.

“I believe security has to be done from the inside out, not outside in,” said Schlein.

He also said we should do away with firewalls. In fact, he won’t invest in any. Instead, he said, we should focus on protecting the information on the inside of the system — care less about what gets into our systems and more about stopping it from executing once it’s there.

This is especially important in the days of automated attacks, which Schlein said are some of the scariest threats in the industry today.

Botnets are able to storm your system, they’re cheap to use, and they don’t require much heavy lifting on the criminal’s part. Botnets are a huge threat because they let hackers be fast and more economical in attacks, say against banks, that could lead to big financial gains.

Schlein suggests the industry forget about firewalls and instead build “botwalls” that don’t try to keep the bots at bay but instead break them down once they’re on the inside.

“A botwall will be able to figure out these automated attacks,” he explained. “You need to look at these automated bots and how they work. You’re not trying to stop a bot from executing, you’re trying to stop a bot from being successful.”

Image via Meghan Kelly/VentureBeat

FireEye discovered a new kind of malware today that thwarts antivirus software by, well, taking a nap. Nap, as it’s called, was found attacking financial institutions and hides hackers’ identities in the same way the New York Times‘ hackers stayed anonymous.

Currently, researchers are not sure how it enters your system, but they consider it a “malicious downloader” that sneaks in under the radar by putting itself to sleep. That is, many antivirus companies use what is called automated analysis systems. These systems watch a sample of whatever happens to be coming into your computer at that point in time and sees if it needs to quarantine anything. This screening process generally lasts seconds, according to FireEye senior malware researcher Abhishek Singh.

“Nap stops its execution for 10 minutes. So automated analysis system will time out and will not be able to capture its malicious behavior,” Singh told VentureBeat in an email.

Once in your system, Nap downloads a file called newbos2.exe that is considered an “information stealer.” FireEye found Nap

The malware writers protect themselves in a similar way to that of the attackers behind the New York Times hack. Both use a the Fast Flux method, which hackers use to hide their location by using a number of IP addresses from all over the globe. Singh explained that simply because the IP addresses are coming from locations far away from each other, it takes time to discover which, if any, is the right one.

Singh emphasized, however, that law enforcement has no evidence that the two attacks are connected.

Napping child image via Shutterstock