Anti-virus software was created in a time when dinosaurs roamed the earth. Okay, maybe not that long ago. But the devices we depend on daily to help run our lives and businesses have greatly evolved from their bulky, slow, and monochrome ancestors. So have the threats that they now face every day, multiple times a day, and even when you’ve gone home for the evening.
What does it actually do?
Anti-virus software was originally designed to protect computers from one thing: viruses. However, as technology leaped forward so did the threats. These include; Trojan horses, worms, bots, rootkits, adware, spyware, spam, malware, and every scary variant in between. The name remained, even if its job got harder. A lot harder. According to Symantec, more than 57.6 million new pieces of malware were created in June alone.
Quick History Lesson
Computer viruses first emerged in the mid-1980’s during the first large wave of personal computer innovation. The viruses started off basic and quickly became more malicious as programmers began to manipulate the code. Developers saw the emerging threat and responded with anti-virus software (cue John McAfee and Eugene Kaspersky). However, internet connectivity was still not common and viruses were mainly spread via infected floppy disks, which limited the scope of computers you could infect as well as the number of viruses. Once the internet because more popular, viruses quickly began pouring into the digital space and antivirus software became a must for anyone with connected devices.
Software doesn’t know…what it doesn’t know.
The problem with anti-virus software is that it is very good at picking up the generic viruses and malware that would impact a PCs performance, and less reliable at picking up new and unique threats. The problem lies in the way antivirus software operates. For the large part, the software relies upon signatures to identify malware and viruses. The program will scan the code and match it against its database, if there is a match then the program marks it as a threat. All cyber criminals need to do is write a new virus or piece of malware and run it against these programs. As long as the program doesn’t identify it as a threat, they know they have a ‘golden goose’. Unfortunately, cyber criminals are very good at creating new threats. According to Checkpoint, there was a 71% increase in new malware in 2014 and around 106 downloads of unknown malware occurred every hour.
Another major security concern is Zero-day vulnerabilities. These exploits are often launched via malicious codes on websites that infect a user’s browser when they visit a specific URL or open malicious attachments in the form of PDFs or ZIPs, all going undetected by the anti-virus software. These vulnerabilities are given the name ‘zero-day’ or ‘zero-hour’ because developers have that long to find a solution before criminals start to exploit them. In its Internet Security Treat Report for 2015, Symantec reported that, on average, it took 295 days for vendors to create patches for the top 5 zero-day attacks, which means users were vulnerable regardless of their anti-virus software.
Prevention is better than cure – Security Measures You Can Take
So how do you protect your system? Two Words – Layered Security. Having only one type of defence is like locking your front door while the window remains open. Here are several steps you can take to add layers to your protection.
1. Update Your Software
Regularly updating both your anti-virus software and overall day-to-day business software will allow you to have the latest patches to vulnerabilities and updates in regards to new threats. Set your anti-virus to auto-update, to never forgo an update. Also, never update software via links on emails, alternatively do so directly for the vendors’ website to avoid Trojanized software.
2. Personal firewall.
A reputable firewall such as Bitdefender Total Security, on each personal system, will help prevent the spread of an infection in case a corporate firewall has been breached. This can help minimise damage to systems, loss of information and keep operations running.
3. Email Spam Filtering
Investing in an email filter such as SPAMFighter, for your company’s emails is a good first step to preventing tempting phishing emails and spam. Furthermore, setup an email policy regarding opening executable attachments such as PDFs, ZIPs, etc.
4. Be Safe on the Web
Many anti-virus programs offer online protection such as URL scanning which works in the browser to automatically scanning the web page before you enter. This will help keep you away from sites that may have harmful code or suspicious activity. You can also use Free Plugins such as Web Of Trust (WOT) for Chrome, Safari, and Firefox, which also checks the reputation and safety of a website based on user experience. This adds a human factor to the equation, allowing users to protect each other and find threats that the software hasn’t picked up.
5. Think Professionally
Due to the expertise of cyber criminals, it often takes individuals with equally matching skills to successfully stop their attacks. A good option for companies who are looking to better manage their cybersecurity risk is investing in services conducted by Cyber Security providers. These companies often offer professional services such as Managed Security Services conducted by IT Security experts.
Managed Security Services are an all-included suite of services, such as 24x7x365 Live Network Monitoring, Managed Malware and Firewall protection, Email Filtering, Managed Patches, and Updates, to name a few. The Live Network monitoring also provides peace of mind because malware or other threats such as any suspicious activity or spikes in the system are automatically picked up and eliminated.
Utilizing the services of such companies takes the pressure of internal IT staff who are already taxed with daily operations and who may not have the expertise or manpower to successfully fight off persistent cybercriminals.
Don’t Be Complacent
A good anti-virus and firewall are definitely something every company should invest in as a basic layer of security. However, they by no means guarantee a company’s safety. In the words of the anti-virus giant Symantec itself: “Antivirus software alone is not enough” (Symantec, 2013).
Read Our Latest Blogs