You know computer viruses are bad: they can make your computer behave erratically, steal your data, or expose you to other forms of fraud. This is why you installed antivirus (AV) software to hunt down those rogue files and keep your computer safe, but is that really enough? Are you still at risk from dangerous applications even with a great antivirus product installed? Let’s take a look together.
Antiviruses
Before we dive into whether antiviruses, alone, are enough protection for your computers, we should first get an understanding of what an antivirus is and how it works. You are probably familiar, at least loosely, with what antiviruses do: most PCs ship with some version of AV software like Symantec (or Norton) and McAfee trial products.
Antivirus products scan the files and programs on your computer to identify viruses. Today, AV products can detect many other forms of malware like worms, rootkits, keyloggers, adware, spyware, and ransomware, among others. While AV products can leverage a variety of technologies to catch dangerous software, there are two predominant technologies used by virtually all reputable antivirus solutions in the market: signatures and heuristics.
Signature Detection is the most well-known virus identification method and is, likely, the one you are most familiar with: your AV solution downloads virus definitions on a regular basis. This dictionary of signatures identifies specific files and programs that are known to be dangerous. Your AV scans the files and software on your computer and attempts to match the signatures of the things you have to things which are known to be bad.
Signatures are the fingerprints of the digital world: they are a unique, calculated abstraction of the bits and bytes which compose files or applications
If a file on your computer matches the digital signature of a known piece of malware, the AV can act to protect you and your system from harm. Signature detection is useful specifically for known malware, but is ineffective for new or adaptive malware that has a signature not yet in the signature dictionary.
Heuristic Detection is a feature of modern AV products that allows the AV product to analyze the behavior and characteristics of files or software that match known patterns of viruses or other malware. If a matching pattern is found, the AV can respond to limit the access, exposure, or execution of the file or application until the user can confirm whether the suspect item should be trusted. Heuristic detection attempts to identify malware that cannot be found using signature based detection, which makes it useful in identifying, stopping, and preventing the spread of malware that is new or which adapts its code to avoid detection from signature based AV products.
Isn’t An Antivirus Enough?
If you’re still with me, you might be thinking, “that sounds pretty good, isn’t that enough to protect me?”
No.
In the information security space, sadly, there is no silver bullet. Everyone, security experts included, would love if there was a single product that, once installed, would indisputably secure a computer. Such a product would revolutionize the security industry and provide peace of mind for billions of people worldwide.
AV software is a product you can download. Unfortunately, security is not a product. You cannot download it: security is a habit. We have to use a layered approach to information and systems security. This approach is often referred to as “Defense in Depth” or the “Castle Approach.” According to a publication from the United States Computer Emergency Readiness Team (US-CERT),
The idea behind defense in depth is to manage risk with diverse defensive strategies, so that if one layer of defense turns out to be inadequate, another layer of defense will hopefully prevent a full breach.
Barnum, S., Gegick, M., & Michael, C. C. (2005, September 13). Defense in Depth.
Protecting your data, whether on your computer or online, requires layers of good security, but that doesn’t mean it’s impossible or even especially difficult. Remember, security is about developing the right habits and keeping them over time, so what can you do to fill the gap left by your antivirus solution?
Filling the Antivirus Gap
- Install Software Updates Regularly. Computers are easiest to break into when they aren’t updated. Regular updates provide patches for software vulnerabilities that can be used by hackers to gain access, allowing them to steal your data or persuade you to give away access to sensitive information like credit card numbers, bank accounts, or personal information.
- Create Strong Passphrases. Passwords are out and passphrases are in: get rid of those short passwords you’re used to and start creating longer passphrases composed of multiple words to make it harder for computers and hackers to guess.
- Be More Skeptical. If you get an unexpected message from someone who claims to know you, don’t trust them at their word. Reach out to them using a known phone number or in person to confirm who they are. Malicious actors might use a variety of social engineering techniques to convince you they are legitimate in an attempt to learn more about you, convince you to hand over personal information, or to send you attachments or links that might be harmful. It’s okay to take some time to confirm the details, even if they are creating a sense of urgency.
- Don’t Just Click “Next.” When you install an application you downloaded or copied from a disk or other physical media, you usually have to click “Next” through a few screens of information. These screens typically communicate a few common pieces of information like where the application will be installed, the terms of service, and other relevant information. Often lost in the details, though, is that some applications will automatically install other things you don’t want. When you install new applications, read the screens carefully to make sure you don’t end up with Potentially Unwanted Programs (PUPs) you don’t need or which might be harmful to you.
Information security is as much a lifestyle as it is a field of study. It takes time to learn the most effective means of protecting information, so start simple: be judicious in choosing how frequently you update your software, picking strong passphrases, the trust you place in people who solicit your good faith, and the software you attempt to install. Following these simple suggestions can help you ensure that you information stays in your control and out of the hands of those who might use it against you.
Share Your Thoughts: