Let’s face it, the internet today is a vast and ever expansive digital universe that has a huge impact on the world we live in. For IT service experts, it literally impacts our business. With such vastness also comes a dark underbelly of harmful programs and applications referred to as viruses. A virus is a malware program that, when executed, duplicates itself by inserting copies of itself into other computer programs, files, or the root of the hard drive; when this succeeds the computer is said to be “infected.” Viruses carry out some kind of harmful or annoying activity on infected host computers, including attempting to use the host as a “bot” to infect others as well. Naturally if there is a virus, then there must be an “antivirus” right?
The Burning Question
As most savvy computer users and IT service experts know, there is a supposed solution to combat viruses and other malware. Antivirus software is an application that uses complex algorithms and frequent updates to identify viruses or potential threats and neutralize or quarantine them. The burning question is, do we really need antivirus software to be protected? The short answer is yes, with some caveats. Many people don’t see the pressing need to have antivirus software installed on their computer. The most common justification is, if antivirus protects from viruses then:
- Why is it that computers and networks still get infected periodically?
- Would it really be that much of a threat without antivirus software?
When considering these questions, as IT service experts we must emphasize, that what we really must understand is the complexity and vastness of the virus problem facing technology.
Sizing Up The Enemy
Be it for fame, fortune, or general malice, you better believe that the perpetrators of these viruses are motivated. The most common motivation naturally, is money. Using malware infected computers to make money is far easier and less risky than any other criminal activity. Given that knowledge you would think us victims would be just as motivated, as we want to keep our money..OUR MONEY. So what is giving the enemy the advantage? Why do they always seem to be one step ahead of the game? It boils down to three main reasons
- Software Vulnerability: Software is comprised of tons of complex code and naturally with something so complex, there will be holes.
- Getting The Head Start: Normal just use software to do what it was created to do. They do not “proofread” the code and try to deconstruct it. The enemy does just that, seeking fervently through code to exploit weaknesses way before the rest of us, even the creators, have a clue.
- Playing From Behind: Because it is so hard to determine what malware and virus code looks like, or when it is going to strike, antivirus software developers work in a reactionary state of mind more often than a preventative.
What Does That Mean?
Take a look at what happened to Sony recently. Attackers exploited holes in their security network and used malware to gain access to sensitive information of Sony execs and confidential projects. This was done in protest to a release of the film, The Interview and caused a huge problem in Hollywood circles, with personal emails and information exposed. Attackers used the three factors mentioned above.
- Software Vulnerability: Sony’s intranet infrastructure software, email programs, and internet browser software had undetected exploits.
- Getting The Head Start: Only the attackers seemed to know about it and how to take advantage Sony’s IT service administrators had no idea what hit them.
- Playing from Behind: The vendors that created the software Sony uses had to scramble to detect the exploits source and re-code to close it off, by the time they plug one hole, the attackers found another.
That being said that is one of the biggest reasons these attacks keep happening. It is hard to find something when you don’t know anything about what you are looking for.
Malware Detection Methods
When it comes to detection, there are two basic methodologies. Signature-based malware detection and then the more complex, behavior-based malware detection. Antivirus software can use one or the other and in some cases a combination of both.
Signature-based malware detection
Signature-based malware detection relies on recognizing patterns. Here is how this works. The Antivirus application scans the suspect file comparing specific segments of code against information in its malware-signature database. If the file has a pattern that matches one in the database, the file is considered malware. The antivirus program will then either quarantine the file or altogether delete the file, depending upon the program settings.
Being IT service experts we have seen just about every antivirus software out there. Just about every antivirus program includes this method in it’s arsenal. However, companies are trying to move away from signature-based malware detection because of some serious drawbacks:
- Signature-based malware detection is only effective against known viruses and their behaviors.
- Because new malware is being created daily, new signatures have to be downloaded and updated on your device, otherwise new malware could infect your machine
These two main drawbacks are very valid arguments for a shift towards behavior-based detection. This is a much more complex method but for good reason.
Behavior-based malware detection
Behavior-based malware detection monitors and takes notes on how programs act, not the actual software build. To explain, if abnormal behavior is detected, the program is flagged, regardless if the software seems is performing properly. Behavior-based malware detection is typically more productive and effective in finding exploits or hacks in software.
So, Hype or Necessity?
So, while no Antivirus software is perfect, as your IT service experts, we do recommend using antivirus software from respectable companies such as Webroot, AVG and Malwarebytes. There is just no sense in being vulnerable when you don’t have to be.