Home Blog Is antivirus software enough protection?

Is antivirus software enough protection?

Published on August 1, 2016 in Blog

antivirus coverageIs antivirus software enough to protect your computer systems?  It has been my long held belief that it is not.  Security of your computer systems should be a multi-layered solution and one that is proactively monitored.

I was recently reading a Book entitled “Security Monitoring – Proven methods for incident detection on enterprise networks” an O’Reilly publication by Chris Fry & Martin Nystrom.  I would like to share with you a small section, now bear in mind this book was published in 2009 and surprisingly to some the message still holds true today. (Don’t rely on antivirus alone)

 

 

Failure of Antivirus Software

Hopefully, you no longer rely solely on antivirus software to detect and protect your end-user systems. Rather, a defense-in-depth strategy includes antivirus software, adding OS and application patch management, host-based intrusion detection, and appropriate access controls (we said “hopefully” 🙂 ).  If you are still relying exclusively on antivirus software for protection, you will be very disappointed. For example, in summer 2008, many employees received a well-crafted phishing campaign that contained a realistic-looking email regarding a missed shipment delivery from UPS.

Fake UPS email antivirus

 

 

 

 

 

 

 

 

 

Attached to this email was a trojan that more than 90% of the 37 antivirus software programs were unable to detect.

These antivirus products, which detect malware via “known bad” signatures, failed to identify the Trojan.  Such technology fails primarily because an insignificant change to the virus will make it undetectable by existing signatures.  Vendors have been improving their techniques over the years – by including heuristic/behavioural – based detection, for example – but they still fall far short of providing “complete” system security.

The prevalence and advanced capabilities of modern malware should be reason enough to closely monitor for its existence in your network. If it isn’t, perhaps its use by Mafia-like organisations of criminals for profit via identify theft, extortion, and espionage is more convincing.

So where are we 7 years later

You will notice that these sorts of emails are still doing the rounds, albeit with a more destructive payload (you may have heard the terms CryptoLocker, CryptoWall, and Ransomware in which your files are encrypted and you are forced to pay a ransom usually around $700 – $2000 to have your files restored).  Most antivirus software packages are still having trouble stopping these threats for the same reasons, the malicious code writers are always thinking up new ways to circumvent the protection products.

Remember, we need to stop any and all threats, they just need to find one vulnerability.  The odds are against us. So we need to be vigilant and employ all tools and techniques at our disposal.  One of these solutions is not a security product at all, it is ensuring you have an offsite back up of our data.

 
 Share on Facebook Share on Twitter Share on Reddit Share on LinkedIn