Will Your AntiVirus Program Protect You?
A reader asks: 'Recently I got a virus, even though I have an updated version of Norton Security. Have we gotten to the point where one Internet security tool is no longer sufficient? What do you suggest as the best strategy to protect against viruses, spyware and other Internet threats?' |
Are the Bad Guys Winning the Malware Wars?
The most recent Microsoft Security Intelligence Report, which provides an overview of current vulnerabilities, exploits, malicious code threats, and unwanted software, shows a mixture of good and bad news. On the plus side, operating system vulnerabilities are trending downward. The study also shows a decline of about 75% in the amount of spam over the past 18 months. This is primarily due to international law enforcement efforts that have resulted in the takedowns of several large botnets that were responsible for sending billions of spam emails per day.
But the report also indicates a year-to-year increase of 11.3 percent in reported security issues. One of the most common exploits takes advantage of vulnerabilities in older versions of Adobe Flash Player, Adobe Reader, Java and other popular software. Users who have not applied the required security patches are at risk of infection through a drive-by download attack.
There are also warnings about the rise of malicious downloads, specifically malware disguised as (or embedded in) software, music, movies and video games. Users looking for pirated versions of popular programs, or those attemping to generate license keys for commercial software have a much higher risk of infections.
As the anti-virus tools evolve to detect and remove new threats, the bad guys develop new attack vectors and more insidious ways to deliver them. One example is the Win32/Obfuscator toolkit, which enables malware creators to disguise their wares in order to avoid detection by antivirus scanners. Millions of computers are still infected with malware every month.
These and other staggering statistics make one wonder if the bad guys are winning the malware war. It certainly seems so. If we are to reverse this trend, there has to be a new approach to computer security in general and with anti-malware protection in particular.
What Other Malware Detection Techniques Are Available?
Traditional antivirus software attempts to identify malware by its digital signature. That's why such programs periodically download an updated file of malware signatures. The problem is, new malware appears in the wild much faster than signature databases can be updated, allowing it to infect machines without being detected for significant periods of time. Signature-based antivirus protection is always one step behind the bad guys. (Read about my recent virus nightmare in How I Got Hacked... And Why You MUST Have a Backup.)
Behavior-based detection is one alternative to signatures. A profile of a program's normal behavior is established, and any deviation from that norm is flagged and blocked. Let's say a Web browser normally does not create or modify files in a particular folder. If the browser suddenly writes a file to that directory, that behavior would be detected and blocked. ThreatFire by PC Tools is a good example of a behavior-based antivirus program. See my related article Does PCTools Threatfire Boost Security? for more information on that software. (UPDATE: ThreatFire is now part of PCTools Internet Security, and is no longer available as a standalone product.)
Specification-based anti-malware does not try to establish a profile of "normal" behavior for any program. It just uses a set of rules (specifications) to determine what behavior is and is not allowed. For example, updating the Windows Registry or writing to the System directory might be prohibited to all programs except those on a white list. NovaShield is an example of a specifications-based antimalware program.
Cloud-based antivirus protection, such as Panda Cloud Antivirus, is relatively new. A key benefit of cloud AV is that it does not use much of your local system's resources; instead, it runs on remote servers. Another advantage is that malware cannot disable cloud AV because the cloud AV does not exist on the infected machine. One early project had ten traditional signature-based AV programs running in parallel, the theory being that malware which slipped by one AV program would be caught by one or more of the others. In reality, the whole ten caught only 88 per cent of malware.
Crowd sourcing is another technique that some security vendors are using. By collecting data in real time from millions of users worldwide, new threats can be identified quickly, and updates to the anti-malware software can be automatically sent to users.
So What's the Best Strategy?
It seems clear that no single anti-malware tool or technology can stop all of the many types of malware that are assaulting the world's computers. It seems for now, the best we can do is "layer up" with two or more techniques and hope for the best.
Unlike many anti-virus packages, MalwareBytes Anti-Malware combines various technologies designed to seek out, destroy, and prevent all forms of malware -- including spyware, worms, trojans, keyloggers and rootkits. I've often found that MBAM is able to detect or disable certain threats that other anti-virus tools missed.
For now, I recommend one of the excellent free Internet security tools you can find in my article Free AntiVirus Software, along with MBAM. This combination has served me well, but it's just one of many options. Commercial antivirus tools such as Norton Security and McAfee also provide excellent protection, and you may want to combine either of those with MBAM or some other secondary security tool. I recommend against installing multiple general-purpose antivirus programs, because they can interfere with each other.
Do you have something to say about the fight against malware? Tell me your strategy and favorite tools. Post your comment or question below...
This article was posted by Bob Rankin on 5 Nov 2012
For Fun: Buy Bob a Snickers. |
Prev Article: Find a Lost or Stolen Cell Phone |
The Top Twenty |
Next Article: How to Backup iTunes |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Will Your AntiVirus Program Protect You? (Posted: 5 Nov 2012)
Source: https://askbobrankin.com/will_your_antivirus_program_protect_you.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Will Your AntiVirus Program Protect You?"
Posted by:
Mac Eld
05 Nov 2012
PC Tools Threatfire is no longer available as a standalone product.
Posted by:
Jon Skrine
05 Nov 2012
In the UK we get 'free' anti virus and firewalls from ISPs and even our Banks.
I use Kaspersky Internet Security from Barclays.
On the other hand, it's not always great to not know the protection you are getting.... the Virgin supplied security let through a real nasty last year which killed one of our PCs.
FIXMESTICK seems to have mixed reviews on the internet. How do you rate it?
The other question is - Is it possible to safely disinfect an infected hard drive to rescue the data on it? Or is this taking a 'risk too far'... (that's a drive run from a external docking bay).
All the best and Happy Election from us.
Jon
Posted by:
Nigel
05 Nov 2012
I've used Microsoft Security Essentials almost as long as it has been available. It is scheduled to update daily and then scan when I am safely in bed. I back it up with a weekly scan by Malware Bytes, which is updated immediately before the scan. So far so good - no infections. My wife's computer uses the same and on hers there is one big advantage over what we've/she's tried before. Most of the AV programs she tried before, both paid for and free, caused glitches with some of her software for photo processing and slide show producing. The combination of Microsoft Security Essentials and Malware Bytes has not caused any of those problems. Again on her computer - so far so good.
So we're quite happy with the combination.
Posted by:
John Napier
05 Nov 2012
Hi Bob
Subscribed since early Tourbus Days. I note you say use MBAM plus and an antivirus app. I have used MSE with MBAM and Spybot on my demand in Windows 7. I would like to subscribe to all 3 by paying for and running the latter two with MSE but have not done so as I wonder if there would be a conflict.
John
Posted by:
Jeri
05 Nov 2012
This is the set up I use and recommend to my friends.
Run AVAST Free. Then once a week update and scan with Malwarebytes, Spybot and Super Antispyware.(not at the same time)
Once a month, Windows Updates for security patches.
Also use Firefox and the Web of Trust addon.
I have not had a problem in years.
Posted by:
Digital Artist
05 Nov 2012
I wish the fight against these criminals would get physical. Maybe a few well-placed kicks and punches would be the best anti-malware. (Unfortunately, two geeks fighting would probably choose pillows for weapons.)
Posted by:
Freerk Jongsma
05 Nov 2012
Try to download one of those fantastic programs you mentioned in your article. I bet that you probably download it somewhere gifted with a piece of malware. Or accidentally install a program you did not ask for. How could you know it's the original program? Even if averything looks OK. After a month or so it can behave different than the first time. Microsoft should take its responsibility and initiate a network of servers, as the repositories linux distro's have, to guarantee that it is virus/malware free and from the original source. and they can see this as a disadvantage for their commercial goals but should they realise that this is the one and best way to select the crème the la crème amongst oncoming programmers?
EDITOR'S NOTE: You can be sure you're downloading the "real thing" if you follow the links I gave. Yes, if you search for those titles on your own, it's possible that a search engine might turn up a bad link.
Posted by:
TheRube
05 Nov 2012
Mr. Rankin . . . KOUDOS to you for keeping your rabid fans informed and entertained through your periodic newsletters. It is much appreciated - - and because of my gratitude it's time for me (us) to make another donation to your website!
Hi Y'all from the North East region of the United States!
Here is my layer(s) of security:
Microsoft Security Essentials (MSE)
Malwarebytes (MBAM)
Spybot: Search and Destroy (On-Demand once a week)
Microsoft (malicious) Removal Tool (MRT) which is built in to Windows via UPDATE. It updates once a month so to use it just go to the Start button and type in MRT in the search bar!
Comodo (Standalone) Firewall
(Highly recommended as it preempted a rather Nasty Cyber attack on my Windows 7 machine - - it Immediately shut down the computer so that this cyber miscreant could NOT inflict any damage.
The action on the part of Comodo was a Unexpected but Pleasant Surprise!!!)
Keyscrambler. It can be found at http://www.qfxsoftware.com/
Look it UP . . . You'll be glad you did!
All of the above-recommended security Programs have been thoroughly time-tested by me AND can be had for F-R-E-E!!!
Regards
TheRube
Posted by:
Karan Marie
05 Nov 2012
I used to use a wealth of free anti virus, anti malware, anti adware software on my old Win XP laptop .. I would have to use up a good chunk of my Sunday mornings updating and/or running them all. When the hard drive in that laptop finally died (after 7 years of service), I upgraded to a Dell Win 7, 64-bit Vostro, which I purchased from a licensed Dell dealer. At the time, they highly recommended a single anti-virus program - ESET NOD32 Anti-Virus 5. I had to pay around $69 for it - and I had to pay again for another year - but it's the only thing I've used for the year I've had the laptop and I haven't had a single issue since I loaded it. Nothing. Not one. Worth it, in my view.
Posted by:
Maurice Lampl
06 Nov 2012
I've been using Microsoft Security Essentials and IOBit Malware Fighter and so far so good I have't been hit yet... It's all freeware.. IOBit will warn you of attempts to invade your computer and eliminate these threats...
Posted by:
Dave Baer
06 Nov 2012
I first started years ago with Norton, the one and only anti-everything ware for the "ultimate" in internet protection. Yeh! If someone had the sniffles I caught it. I then went to AVG free for my email and most of the malware and viruses stopped. Later I went to their full coverage and bought it 2 years at a time. It was great until recently when they went commercial and started charging for everything as extra's. Now I have only my normal firewall and Microsofts security along with a free anti-malware and free version of Clary utilities. If I don't know who the email is from "I DON'T OPEN IT". Knock on wood, so far so good since the first of the year[2012].
Posted by:
Ken Lane
06 Nov 2012
I tell you, it's getting to the point I just might throw out my PC and laptops, along with my cellphone, with all this spyware/virus/trojan/etc. crap the bad guys/girls are foisting on all of us honest Computer users.
Thank goodness for your newsletter, so at least with your articles, I know I'm doing all I can to keep the scum at bay.
Posted by:
Heidi
06 Nov 2012
I bought a 2 yr. subscription to Bit Defender as rated 4.5 of 5 stars by PC. Magazine. In less then a year, I contracted a nasty virus as evidenced by my browser being hijacked(for example I do would search for: "symptoms of a UTI" and would be sent to a diet pill advertisement page or a page stating I had a dire computer virus and better buy this product NOW!). I had to use Comodo to catch the virus. This product will catch ANY virus, rootkit or anything that didn't come with the original installed software. It is the best virus/malware detector and its free. I have since switched to Norton(Symantic) A.V. software. I don't know if it is any better, but it is way more user friendly.
Posted by:
KatieA
06 Nov 2012
Hi Bob,
I have done the same thing as you with the "layering up" as far as the fight against malware goes.
I also use MBAM, plus free AVG.
MBAM found a Trojan a few years ago on our computer, that other programs didn't find at the time.
Unfortunately, I had opened up an infected e-mail from a friend that had contained the Trojan.
That is when I switched things around and added MBAM on to our computer, and switched to AVG for free antivirus coverage.
I have also recently added free SuperAntiSpyware too, and find that it picks up additional spyware that is on our computer.
Posted by:
Kirill
06 Nov 2012
To Jon Skrine: The safest way to desinfect an infected drive is to do that under other operating system. Antivirus manufacturers offer "rescue versions" of their antiviruses that usually work under Linux. Or you could just connect your drive to another PC with non-Windows OS (I bet you have Windows-drive). Or boot up from a LiveCD with any OS. Cloud AV could be the best option for that.
To Bob: Links you gave could be absolutely safe, but the user's computer could be infected by some kind of a DNS-changer or another web-address switcher, so the download could be redirected to a source of malware. Genuine AV-manufacturer's sites are easy to find, but the actual download link should be examined during the download. However, even that can not guarantee anything, since there is a possibility to catch a local DNS-server in a malware bundle. It's very unlikely and sounds too paranoid, but technically it is possible.
Posted by:
Richard
06 Nov 2012
One method is not to use Windows other than where it's needed.
Our youngsters don't have access to Windows at home, just Linux. Our main PC dual boots and defaults to Linux (OpenSUSE), Windows is used for Adobe and games software.
We have an old laptop that only has Linux on it. This is what the kids can take to their "study". They can do all they want to do on it, browse the net, email, write documents and many other pieces of free software e.g. astronomy, chemistry, games.
I have also set up the router and their email clients so they can't get to some sites and we parents get copies of their emails both out and in. (This latter will change when they get older and want more privacy.)
Posted by:
Tom Van Dam
06 Nov 2012
At home I use Kaspersky which has worked well as far as I know. At work we use Eset Nod antivirus. I am very impressed with this software. It has trapped numerous virus' in emails, files and others. I haven't seen anything that thorough before.
Posted by:
PooterMan
06 Nov 2012
I run a UK based PC helpline and on average clear 4 to 6 viruses per week for my callers. With the exception of 2 callers this month, every virus I've had to clear in the last 4 months has been one or other variant of the Ukash Metropolitan Police virus. This particular nuisance seems to evade detection by all antivirus software and many of the removal solutions found online don't work as the virus seems to vary as to what and where it places the nasties on your hard drive. It also seems to have evolved recently, and the worst strain of this virus will even work while you are in safemode, disabling pretty much everything and blocking all attempts in the standard removal processes, including the use of Malwarebytes, which can usually clear the earlier variants provided you can install and update it. I still have no real idea where this virus is picked up or why not a single antivirus application will detect it. However, I heartily recommend having Malwarebytes in your frontline defences and performing regular scans with it, whatever other antivirus software you use.
Posted by:
dmytro
07 Nov 2012
switched to Linux half year ago....
Viruses? No, haven't heard about that...
Posted by:
zhotsma
08 Nov 2012
Now isn't this a coincidence!? Within 24 hrs of reading this article my computer started doing weird things that prevented my doing any work. It first showed its head when I tried to open Ask Bob for Nov 6. Hmmm. Interesting. I have been online since before the introduction of TOURBUS and have had only one previous infestation. Run AVG Free and AdAware. My ISP provides a firewall. Had to remove Spybot because it was causing trouble. AVG scan showed corrupted files mainly in GIMP, which I found interesting. Seem to have cleaned things up while watching election results. Heh.