15 May, 2016 No Comments Bobby Virus Security

From the way antivirus companies talk in their sales copy, you would think their products are to internet safety what Superman is to petty crime. But their claims tend to be exaggerated and that leads to some problems, namely a false sense of security for their customers. Most people use antivirus incorrectly, and here are the reasons why.

Antivirus is not a preventative measure

We like to think of antivirus as a wall between us and the evil little buggies on the internet. That’s not the case. Essentially, the role of antivirus is to tell you that you’ve already been a victim. It tells you after they’ve infested your system, or were at least trying to.

Think about it like a house alarm. If someone trips the alarm during the night, it means there’s someone in your house. You don’t just kick out the bad guy and suddenly everything is hunky dory. There’s cleanup to do. The house needs to be inspected, law enforcement informed, and if possible, measures taken to prevent a future incursion. Likewise, simply finding the malware isn’t sufficient. It could mean there’s a bigger problem on your system.

Antivirus doesn’t catch everything

Antivirus can only be relied on to tell us about the malware that it already knows about. (Malware means “malicious software” and encompasses all the things you don’t want infecting your system, not just viruses.)

There is plenty of malware in the wild which has not been discovered yet (these are called zero-day threats). When (and if) the malware is discovered by an antivirus company, it will take time to reverse-engineer and then program into their database. Then it has to trickle down to the other antivirus companies who will add it to their own antivirus programs.

Basically, by the time we’re properly defended against the threat, the bad guys are already releasing the next new thing. We’re constantly trying to catch up with the bad guys. That’s a scary thought. Even if you never see your antivirus catching anything, it doesn’t actually mean you’re never compromised.

Antivirus can be tricked

There are special types of malware that can hide themselves from antivirus programs. They do this in some sophisticated ways.

Some, like rootkits, can hide their tracks by hiding themselves from the computer so that nothing can see them running. Others are programmed to self-alter their own code, morphing into something slightly different than their original state, thereby fooling anything that scans them. Others still will encrypt themselves so they can’t be recognized at all.

Antivirus can’t repair the damage

In most cases where damage is done to your system, your antivirus can’t fix it. It only attempts to remove the threat, not remedy the aftermath. Antivirus programs aren’t sophisticated enough to restore your corrupted documents or replace deleted system files. That part is left up to you. Or your local computer shop for a fee.

Antivirus isn’t foolproof

Are you sure your antivirus is turned on? Some malware knows how to turn off or interrupt antivirus programs. Is it updating its malware database? The antivirus program itself (like any other computer program) can malfunction and not work like it’s supposed to.

Antivirus is limited in scope

Malware is only a small part of what makes the internet unsafe. Phishing is arguably a bigger threat than viruses. Social engineering can be just as devastating. Our behavior gets us in trouble more than anything. Antivirus programs can’t change your behavior.

So what’s the point of having antivirus?

As fallible as antivirus can be, it has its place. Just don’t overestimate its effectiveness. In the grand scheme of computer safety, antivirus actually plays a rather small role. What it comes down to is this: use it but don’t trust it. Antivirus is a best-effort, last line of defense and should be treated as such.

Related Articles