Ten Ways to Dodge CyberBullets, Part 8

8. Antivirus isn’t total security

This is the eighth in a series and is an update to our top 10 things that people can do to protect themselves against malicious activity we provided to our clients two years ago.

Don’t expect antivirus alone to protect you from everything.

Use additional measures such as a personal firewall, antispam and anti-phishing toolbars, but be aware that there is a lot
of fake security software out there. This means that you need to take care to invest in reputable security solutions, not
malware, which claims to fix nonexistent problems, or toolbars that are designed to divert you away from the sites you want to visit and toward the ones that generate revenue for adware providers.

Apart from that, even the best protection might not protect you as well as common sense and caution do. There is no silver bullet in protection in malware, which is why we always advocate multilayering or defense in depth. Specifically, don’t fall for the “I can do anything and click on anything because my antivirus will protect me” trap. There seems to be a temptation for people to cluster at one of two extremes.

  • Some people have such touching faith in their AV that they assume it will catch everything malicious that’s thrown at their system, so they don’t run anything else and are convinced that they don’t need to think about their own security. When they eventually find that their system has been infected, whether it’s by something they’ve clicked on incautiously or something a little more subtle like a zero-day vulnerability or a drive-by download, they feel betrayed and angry. That’s understandable, but it comes from a misunderstanding of the limitations of all security software. For every technical solution (not just AV), there is at least one way of getting around it.
  • Others take the view that antivirus is no use at all because it “only detects malware it already knows about.” That isn’t the case; only the most primitive modern antimalware relies purely on signatures of known malware variants. Good antimalware products incorporate tools like generic detection, advanced heuristics, sandboxing, whitelisting and so on into an integrated product that catches a high percentage of all malware, not just viruses.

The danger in both scenarios is that the individual is tempted to substitute one partially successful solution for another. (Some marketing departments may overstate the effectiveness of a product, but that isn’t a problem restricted to the antimalware industry, or even the security industry!)

The trick is not to rely solely on one solution at all. A diverse spread of partially successful solutions may be more successful… However, note that word diverse. For most people, half a dozen antivirus packages on a single desktop machine are likely to cause more problems than they solve… By multilayering, I mean using a diversity of product types. Using multiple antivirus products may catch more specific malicious programs, but the increased detection may not be worth the additional strain on resources and risk of program conflicts, false positives and so on.

Also, please bear in mind that malware gangs spend a lot of development time tweaking binaries so that they will evade specific scanners. The more effective a scanner is, the likelier it becomes that it will be targeted in this way.

This is why we recommend supplimenting your antivirus program with two scanners for malware – Malwarebytes and Spybot Search & Destroy. These last two programs have a free license to use them, however they do require manual updates and manual scanning. Only the paid versions will offer automatic updates and scanning.


About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: