Dr Craig Valli and Dr Ian Martinus
Anti-Virus = Nike i.e Just do it!
Anti-Virus protection is an essential element in securing your systems/compute devices from unwanted malware (viruses, worms, crypto locker attacks). These systems work by using a range of technologies but primarily break into two macro types of technology. The first is signature-based systems that compare a list of known “bad behaviours or code patterns” in the form of binary signatures to the incoming binary codes in your files (PDF,DOC,XLS etc)or network (Youtube, MP3, MP4 etc) streams, if a “bad” is detected it takes action. When the Internet was a far safer place than today this was an acceptable strategy to combat malicious codes but not any longer. It is still in use though due to its speed and accuracy and the fact that cyber criminals recycle code.
The secondary methods used now rely on “the behaviour” that the binary content represents or displays when tested i.e. what is the probability that this is abnormal/dangerous code or could something new and be behaving with malicious intent. The use of artificial intelligence (AI) and statistical and probabilistic methods (e.g Bayesian) for detection has been around for decades in this realm of cyber security.
Most modern anti-virus programs are now actually an amalgam of the two methods described above. This having been said you would think anti-virus is 100% effective sadly no. A single anti-virus is now only on a good day able to detect around 98-99% of all inbound threats and this is declining. This percentage on face value sounds very secure, however, due to the increasingly hostile nature of the Internet, your device (laptop, phone, tablet, computer, CCTV camera, TV etc) may be sent as many as 150,000 plus malicious pieces of code in any one day. Please note the faster your Internet connection the more threats you will able to receive its just one of those nasty realities of network speeds. Please note we are not advocating the reduction to 300 baud as the primary rate of data transfer just pointing out a reality.
Which means at 99% the 1% unknown amounts to around 1500 potentially malicious events that have got through your defences even at the gold standard of 99.99% that is 15 malicious codes through your defences. So why should you continue to use anti-virus? It is simple because otherwise you are 100% exposed to every bad code on the Internet. In the same way that helmets are mandated for operating a motor bike you should use an anti-virus for the simple reason it affords you protections.
Be virus smart
As coronavirus has taught us for the last 2 years being vaccinated with a single vaccine is not really enough you need to adopt safe practices to further minimise the risk to yourself. The same applies for ant-viral defence on your devices. The following are some processes you can implement to further reduce your risk of loss as a result of network borne malware attacks .
Containment for obvious vectors…attachments As defence against attachments that contain viruses/worms one of the ways you can assure yourself beyond your conventional anti-virus is to place/upload suspect email attachments to sandbox service. A service such as Virustotal www.virustotal.com which will check your suspect file against about 60 different virus checkers, this is a free service up to a very reasonable limit per day. We recommend you routinely establishing checking PDF and doc attachments before loading them in your computer/laptop as a precaution. Why bother it seems like overkill? Well when running network honeypots for research for over 20 years and collecting and analysing 100,000s of sample Dr Valli determined that NO anti-virus trapped all bad code at the first attempt at 100%. It should be noted with new sophisticated malware sometimes as low as 10% detection. So using Virustotal or similar service can reduce your risk if you are the target of sophisticated cyber attackers.
2 anti-virals are better than 1 Even for a small enterprise heterogeneity is the best defence. Use a different virus scanner on your gateway device or router and use a different one on your devices. Note; do not use multiple virus scanners on the one device as sometimes they will literally fight each other for control of the device in a Martin Scorcese you talkin to mean kind of way. They can significantly degrade the performance or make it completely inoperable.
It is cheap! One of the hoary old chestnuts is the antiviral’s “cost” too much. Most anti-virus software even a bells and whistles “suite” is around < $150. Ask yourself seriously how long it takes for your organisation to lose per seat $150 in lost productivity the obvious being just direct salary and wages of the employee, not even taking into account intangible and long term losses.
Keep your systems “fit” One of the non-obvious protections for combatting malicious code is making sure that your systems and the applications they run are at the latest patch levels i.e fit and healthy. Patches are applied as a result of the discovery of a vulnerability (a break down in coding or logic of the program) that can be exploited i.e. attack your device using the vulnerability in essence a remedy or preventative medicine for your compute device. Applying patches regularly or when notified by your vendor prevents exploit/attack/compromise/destruction of your device.
Free versus commercial
You get what you pay for…sort of. Some of the free anti-virus programs are sometimes more effective at blocking “new” malware than robust commercial offerings but also on balance sometimes let known knowns slip through.
The key thing is how often do you get updates to your signatures with whatever version/program you use. Little point in using AV when there is a tsunami of new malcode types and your vendor has not pushed updates in 2 weeks.
Also AV that is made by the operating system manufacturer would also be a prudent choice, i.e they have a vested interest in keeping the platforms secure.
But seriously with anti-virus just do it!