Many install antivirus software on their PC and still became the victim of malware and spyware. Does that mean Antivirus is useless to protect your device? There are number of antivirus application and brand in the market that one can pick and hope for the best. The problem is while antivirus application are a good start to protect yourself some time it’s not the whole solution. As a user you need to establish a basic understanding of how antivirus work against threats and viruses to protect yourself. The purpose of this article is to empower you with the information that can help you to enhance your computer security and provide you with good foundation to choose the best security solution for your needs.
“Do you know having an antivirus does not guarantee protection from viruses and spywares?”
The modern antivirus applications perform virus scan based on a combination of signature and heuristics /behavioural approach. A signature base approach is used for all known viruses, basically antivirus application keep a database of all known viruses signature and use this information to identify and detect viruses. That is why you need to make sure that your antivirus is updated regularly to keep the latest copy of the signature database. An outdated antivirus application will not be able to detect all of the known viruses and it will increase the risk of an infection.
“Most viruses are spread from malicious website and spam email using social engineering techniques.”
However a signature base antivirus approach is not sufficient as it will not detect those viruses that are not in the signature file. The heuristics / behavioural approach enhance the functionality of antivirus application by detecting malicious behaviour of files and processes to identify them as virus. However, there are significant drawbacks with heuristics method, if the setting is set to strict you will have higher false positive or incorrect application and programs been blocked as virus, therefore this setting is set to medium or low which is whey not all malicious program are detectable using heuristics method.
Most viruses spread using internet in today’s well connected world. Attackers use expert social engineering techniques to lead users on to infectious websites using spam email, sometime attackers are able to compromise well known business websites with viruses and use those websites to spread viruses to the website visitors.
“Crypto locker is ransom virus which encrypts / locks your files and it is not detectable by antivirus applications.”
You need a multilayer security application or multiple applications. While a basic antivirus is a good start you need to look for additional features within the antivirus product suite. For example, some antivirus offer site advisor which is an add-on module to mark websites sites good or bad while you are surfing on the internet, see the image below. Another good feature is spam filtering which detects unwanted email messages that may trick you into clicking on a link to infect your computer. While spam filtering and site advisor will help you reduce the exposure to malicious email messages and websites there will be times when you did not pay attention or one of these security layers failed and as a result of that your computer is infected with a virus.
“To ensure safety of your device you need to install multi-layer security which include an antivirus, site advisor, spam filtering, HIPS and firewall.”
An antivirus cannot guarantee to detect all viruses therefore you need to implement an antivirus product with Intrusion prevention system or separate layer of intrusion prevention application. For example Kaspersky home security include HIPS, and there are enterprise HIPS for end devices available by other manufacturers like McAfee,Trend etc. A host intrusion prevention system create a list of white listed applications and allow them to run certain processes, open firewall port, access operating system process and different type of files. If an application is not listed in a white list HIPS does not allow that application to perform its job, or access other files and system areas. By restricting this access if your computer is infected with a virus which was not detectable because its signature did not exist or heuristics method failed to detect malicious executable the virus will not be able to execute its pay load to damage your system because it is not white listed by host intrusion prevention system hence it will be able to access other files or processes.
“To protect yourself against viruses like crypto locker you need install antivirus with host intrusion prevention system.”
A good example is a Crypto locker virus, this virus is a ransom virus. Once you are infected, the virus access different files such as documents, PDFs and pictures and encrypt them using Advance encryption Standard (AES) and change their file extension. The only way to decrypt these files is to have access to encryption key. The virus prompts a message for its victim to pay a ransom to access their own information. As of this writing the antivirus cannot detect and remove all versions of Crypto locker, this is a classic example of why end devices must empower with host intrusion prevention system as part of standard security. The files on a device without the HIPS will be encrypted by the virus, therefore it will result in a information loss. But the virus will not be able to encrypt files on a device with HIPS therefore the data will be protected.
So when you go out to shop for an Antivirus product, either for your home PC or office, make sure to check if the antivirus product include:
- Site advisor
- Spam filtering
- Host intrusion prevention system (HIPS)
- And optionally a firewall or you can use windows firewall
Remember to update your antivirus regularly and only add applications that you are aware of their purpose on your PC to HIPS white list. If you have suspicion about a website and its mark as red by the site advisor do not open the link or interact with the link in an email.