Running antivirus has become standard practice on home computers and corporate desktops alike. It is required by a number of security certifications and most IT security policies. Yet I’m willing to bet that almost every company has still seen an increase in the number of computers infected with some form of malware. And cleaning up the havoc malware reeks is becoming more and more difficult. It would seem antivirus is letting us down when we need it most. This is backed up by recent research that shows that of 10,000 computers infected with a common Trojan virus, 55% were running fully updated, fully functional AV software.
So, if you are running antivirus why doesn’t that protect your computer? In my view the problem with antivirus is that it is far too reactive and not proactive. To explain, let’s look at how antivirus works:
· Antivirus companies scour the internet looking for new malware. The problem with this is that some poor soul is already infected at this point.
· The antivirus company then has to build a signature of this particular malware. This takes time during which your computer is potentially vulnerable.
· The signature is than packaged and pushed out to the antivirus client. While this is a proactive action, any IT admin will tell you that keep AV signatures up to date is a hassle with the best products out there.
· Now your computer thinks it knows what to look for. The problem is that if the malware is modified, the signature can become worthless and the process has to react again.
· Even if you have the right signature, many AV products won’t find an infected file until they perform a scan of your computer. It then tries to quarantine and clean the infection. Again, this is reactive. Real-time scanning might catch some malware before it lands on your computer, but if this method is reliable than why do AV companies still advise full scans on a regular basis.
There was time when user education could do as much to prevent an infection as the best antivirus. But when high profile, trusted sites become compromised, and drive-by downloads can infect your computer without any user interaction the ability of end-users to protect themselves diminishes greatly.
So, what is the solution? Home users will probably just have to hope for improved antivirus products and fewer vulnerabilities in their software. But to business the pain and expense of dealing with malware infection has made the concept of Application Whitelisting an attractive way to keep computers clean. In my next post I’ll explain exactly what this is and talk about a few of the options out there.