The need for antivirus software has been drilled into people’s minds. The average Joe knows, at the very minimum, that s/he needs to have some kind of antivirus protection. All antivirus software programs, more or less, offer the same kind of basic protection from malware. This protection includes system scans, quarantining and deleting malicious or suspicious programs, scanning processes, real-time protection and heuristic analysis. Some antivirus are designed to prevent system penetration while others do a better job cleaning up after an attack. But, despite the touted benefits of antivirus software, there are some things that an antivirus simply cannot protect you from.
Let’s examine some of these risks and how they can be mitigated.
In an era where many organizations now operate Bring Your Own Device (BYOD) schemes, an employee could easily bring an infected device to work and in the process, infect other devices on the same network. The same thing can happen in a home network where a visitor comes in with a compromised device and ends up infecting your devices with a virus.
To mitigate this risk, organizations should use a dedicated firewall service and implement a policy of mandatory scanning of new and existing devices, using an application approved by the IT department.
For home and personal networks, it is more difficult to mitigate the risk. Other than making clear the importance of network security to anyone coming into your home, you can only hope that your visitors are security conscious.
There is nothing as difficult as guarding against inside jobs. There are three basic types of inside jobs:
APTs are elaborate threats by professional hackers. They can be introduced by malicious system engineers and even manufacturers. Malware is introduced into a system before the system becomes operational and lies dormant until it is remotely activated. The idea is to steal intellectual property, classified information or trade secrets. There are a few APT detection methods which include:
The best antivirus programs will have a wide virus database with information on the latest threats. However, even with heuristic analysis, there is a chance that your antivirus may fail to detect a new virus. The malware industry is a constant cat and mouse game between the good guys and the bad. There is always a chance that the bad guys will create something that hasn’t been seen before and manage to infect thousands of machines before a “cure” is found.
So, while your antivirus will keep your computer safe, there are times when it won’t be of much help. However, you will note from the four points above that most mitigation efforts have common sense at their core. In most cases, computers are compromised due to carelessness and failure to adhere to basic security practices such as not opening suspicious email attachments, keeping your computer locked at all times and generally keeping away from bad Internet “neighborhoods”.