Will Your AntiVirus Program Protect You?
A reader asks: 'Recently I got a virus, even though I have an updated version of Norton Security. Have we gotten to the point where one Internet security tool is no longer sufficient? What do you suggest as the best strategy to protect against viruses, spyware and other Internet threats?'
Are the Bad Guys Winning the Malware Wars?
The most recent Microsoft Security Intelligence Report, which provides an overview of current vulnerabilities, exploits, malicious code threats, and unwanted software, shows a mixture of good and bad news. On the plus side, operating system vulnerabilities are trending downward. The study also shows a decline of about 75% in the amount of spam over the past 18 months. This is primarily due to international law enforcement efforts that have resulted in the takedowns of several large botnets that were responsible for sending billions of spam emails per day.
But the report also indicates a year-to-year increase of 11.3 percent in reported security issues. One of the most common exploits takes advantage of vulnerabilities in older versions of Adobe Flash Player, Adobe Reader, Java and other popular software. Users who have not applied the required security patches are at risk of infection through a drive-by download attack.
There are also warnings about the rise of malicious downloads, specifically malware disguised as (or embedded in) software, music, movies and video games. Users looking for pirated versions of popular programs, or those attemping to generate license keys for commercial software have a much higher risk of infections.
As the anti-virus tools evolve to detect and remove new threats, the bad guys develop new attack vectors and more insidious ways to deliver them. One example is the Win32/Obfuscator toolkit, which enables malware creators to disguise their wares in order to avoid detection by antivirus scanners. Millions of computers are still infected with malware every month.
These and other staggering statistics make one wonder if the bad guys are winning the malware war. It certainly seems so. If we are to reverse this trend, there has to be a new approach to computer security in general and with anti-malware protection in particular.
What Other Malware Detection Techniques Are Available?
Traditional antivirus software attempts to identify malware by its digital signature. That's why such programs periodically download an updated file of malware signatures. The problem is, new malware appears in the wild much faster than signature databases can be updated, allowing it to infect machines without being detected for significant periods of time. Signature-based antivirus protection is always one step behind the bad guys. (Read about my recent virus nightmare in How I Got Hacked... And Why You MUST Have a Backup.)
Behavior-based detection is one alternative to signatures. A profile of a program's normal behavior is established, and any deviation from that norm is flagged and blocked. Let's say a Web browser normally does not create or modify files in a particular folder. If the browser suddenly writes a file to that directory, that behavior would be detected and blocked. ThreatFire by PC Tools is a good example of a behavior-based antivirus program. See my related article Does PCTools Threatfire Boost Security? for more information on that software. (UPDATE: ThreatFire is now part of PCTools Internet Security, and is no longer available as a standalone product.)
Specification-based anti-malware does not try to establish a profile of "normal" behavior for any program. It just uses a set of rules (specifications) to determine what behavior is and is not allowed. For example, updating the Windows Registry or writing to the System directory might be prohibited to all programs except those on a white list. NovaShield is an example of a specifications-based antimalware program.
Cloud-based antivirus protection, such as Panda Cloud Antivirus, is relatively new. A key benefit of cloud AV is that it does not use much of your local system's resources; instead, it runs on remote servers. Another advantage is that malware cannot disable cloud AV because the cloud AV does not exist on the infected machine. One early project had ten traditional signature-based AV programs running in parallel, the theory being that malware which slipped by one AV program would be caught by one or more of the others. In reality, the whole ten caught only 88 per cent of malware.
Crowd sourcing is another technique that some security vendors are using. By collecting data in real time from millions of users worldwide, new threats can be identified quickly, and updates to the anti-malware software can be automatically sent to users.
So What's the Best Strategy?
It seems clear that no single anti-malware tool or technology can stop all of the many types of malware that are assaulting the world's computers. It seems for now, the best we can do is "layer up" with two or more techniques and hope for the best.
Unlike many anti-virus packages, MalwareBytes Anti-Malware combines various technologies designed to seek out, destroy, and prevent all forms of malware -- including spyware, worms, trojans, keyloggers and rootkits. I've often found that MBAM is able to detect or disable certain threats that other anti-virus tools missed.
For now, I recommend one of the excellent free Internet security tools you can find in my article Free AntiVirus Software, along with MBAM. This combination has served me well, but it's just one of many options. Commercial antivirus tools such as Norton Security and McAfee also provide excellent protection, and you may want to combine either of those with MBAM or some other secondary security tool. I recommend against installing multiple general-purpose antivirus programs, because they can interfere with each other.
Do you have something to say about the fight against malware? Tell me your strategy and favorite tools. Post your comment or question below...
This article was posted by Bob Rankin on 5 Nov 2012
|For Fun: Buy Bob a Snickers.|
Find a Lost or Stolen Cell Phone
The Top Twenty
How to Backup iTunes
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Will Your AntiVirus Program Protect You? (Posted: 5 Nov 2012)
Copyright © 2005 - Bob Rankin - All Rights Reserved