Doctor, why is my antivirus software not watertight?

Etanchéité de l'antivirus

I come back on the ‘viruses’ to answer a question from a reader: The antivirus cost a lot and, even if you keep them up to date, they let pass unwanted objects. Why and what can we do?

Context

You don’t need to visit ‘dubious sites’ to get a malware. It can be latent in an office automation work file, in a downloaded or bought software (on CD or DVD) – if this still exists, or in a downloaded picture, film or music!

There are 3 reasons why the antivirus software don’t stop everything:

The nature

There are 3 ways to get a malware:

  • The virus: it enters via an email, an attachment, an document imported from a USB-stick, a download, then after an incubation time (defined by its creator) it starts to replicate. Depending on the speed of reproduction we speak about bacteria or … rabbits.
  • The worm: it propagates via the contact lists and the network
  • The gift: it’s the typical case of Trojans. It’s a ‘non-documented piece of software with an undesired effect’ that’s integrated in something you want. It’s sort of false ad.

The payload and its effect

It’s seldom how you get the malware that’s the real problem. It’s its payload and the effect it has on your computer that matters.

If I gave a name to the effects to be easily understood, these effects are actual whatever their name:

  • The bomb: it destroys a maximum of things by making them unusable (software and data)
  • The padlock: it blocs the access or possibility to use the data; it’s the case for ‘ransomware’, these threats that ask money to allow you the recover access
  • The timer: it blocs the access to data or the use of part (of all) your software for a time you can’t control
  • The spy: it copies and send over your files to someone who is able to make full profit of; generally you don’t even feel anything when they operate
  • The snail: it makes your system very slow, leaving an unattractive trail.

Creativity

The creators of malware put all their energy in means to prevent their jewel to be detected and stopped.

  • Stealth: like these aircrafts that are unseen by radars, one cannot detect them; one sometimes take them for something else.
  • Polymorphic: they have a behaviour or signature that changes with time; that prevent us to correctly identify and counter them.

The cause of antivirus malfunction

  1. Antivirus software are intended to catch viruses, not worms and Trojans
  2. Viruses can go ‘through’ the maze
    1. Antivirus only can fight known and documented viruses
    2. It frequently needs 10 days between the show up of a new virus and the availability of a solutions… a time the virus uses to cause harm
    3. The technology of the antivirus is probably not adapted to all existing viruses. You have a choice between:
      1. These that use a ‘signature of the virus: a part of the known code (such as DNA) is compared with a table
      2. These that study he behaviour of the code (called ‘heuristic’).

What can we do?

The issue with viruses and malware is the integrity of your computer, its data and software. They are always modifications to existing files, or the contribution brought by unasked files. The solutions: recover from your backups.

One can never know in advance if a downloaded file is clean or not.

In enterprises, we generally recommend to install one antivirus technology on the servers (eg. files and mails) and the other one on the workstations. It allows one system to detect what the other missed. If you look for an antivirus with both functionalities, you’ll have to pay the price.

Another idea is to make at one time a copy of the content of your computer (programs and data) and to regularly verify if the current content is always identical to the stored reference, and to use your backups.

You can’t do much for the ‘gifts’. It’s a question of trust and mistrust. Where do you put the limit?

Everything is then a question of consciousness and caution …that, also, is insufficient.

The zero risk is a myth… a vaccine is no total immunity insurance.

The best companion of your antivirus is the firewall of your computer – I’ll come back on this – and I already wrote that, this also, is insufficient.

 

Do you now understand why your antivirus software isn’t watertight? Do you know what to do?

See you soon, more secure with your information

Jean-Luc

Leave a Reply

Your email address will not be published. Required fields are marked *