The need for antivirus software has been drilled into people’s minds. The average Joe knows, at the very minimum, that s/he needs to have some kind of antivirus protection. All antivirus software programs, more or less, offer the same kind of basic protection from malware. This protection includes system scans, quarantining and deleting malicious or suspicious programs, scanning processes, real-time protection and heuristic analysis. Some antivirus are designed to prevent system penetration while others do a better job cleaning up after an attack. But, despite the touted benefits of antivirus software, there are some things that an antivirus simply cannot protect you from.
Let’s examine some of these risks and how they can be mitigated.
1. Infected devices on the same network
In an era where many organizations now operate Bring Your Own Device (BYOD) schemes, an employee could easily bring an infected device to work and in the process, infect other devices on the same network. The same thing can happen in a home network where a visitor comes in with a compromised device and ends up infecting your devices with a virus.
To mitigate this risk, organizations should use a dedicated firewall service and implement a policy of mandatory scanning of new and existing devices, using an application approved by the IT department.
For home and personal networks, it is more difficult to mitigate the risk. Other than making clear the importance of network security to anyone coming into your home, you can only hope that your visitors are security conscious.
2. Inside jobs
There is nothing as difficult as guarding against inside jobs. There are three basic types of inside jobs:
- Malicious staff – these are people who deliberately compromise a system for monetary gain by stealing intellectual property, sabotage or simply revenge. An employee with full admin access to critical parts of a system can wreck havoc in an organization. The only way to mitigate against such risk is to ensure no single employee has complete access to critical portions of IT infrastructure. A system of checks and balances should also be implemented such as the using the Maker-Checker principle of authorization in computer systems.
- Exploited staff – staff can also be tricked or coerced into giving away passwords and other critical information. To mitigate against this, all staff in an organization should be trained on the latest social engineering tricks used by hackers. Training should be regular and made compulsory. To mitigate against morale hazards, employee audits should be conducted regularly to ensure employees are not targeted for extortion or enticement.
- Careless staff – these are employees who open email attachments without thinking or leave their laptops unattended and unlocked in public areas. Again, only training and a strict enforcement of compliance to security rules can mitigate this risk.
3. Advanced Persistent Threats (APTs)
APTs are elaborate threats by professional hackers. They can be introduced by malicious system engineers and even manufacturers. Malware is introduced into a system before the system becomes operational and lies dormant until it is remotely activated. The idea is to steal intellectual property, classified information or trade secrets. There are a few APT detection methods which include:
- Watching for an increase in late night log-ons yet most of the staff are active during daytime hours.
- Network wide backdoors that have a similar design.
- Large and suspicious data transmissions with un-discoverable end addresses.
- The discovery of a large amount of data concentrated in a single location.
- A high number of spear-fishing attempts. Spear fishing is the process of trying to trick employees into revealing sensitive information by sending them an email that appears to come from a legitimate internal source.
4. Unknown threats
The best antivirus programs will have a wide virus database with information on the latest threats. However, even with heuristic analysis, there is a chance that your antivirus may fail to detect a new virus. The malware industry is a constant cat and mouse game between the good guys and the bad. There is always a chance that the bad guys will create something that hasn’t been seen before and manage to infect thousands of machines before a “cure” is found.
So, while your antivirus will keep your computer safe, there are times when it won’t be of much help. However, you will note from the four points above that most mitigation efforts have common sense at their core. In most cases, computers are compromised due to carelessness and failure to adhere to basic security practices such as not opening suspicious email attachments, keeping your computer locked at all times and generally keeping away from bad Internet “neighborhoods”.