Is Antivirus useless?

antivirus-uselessRecently, Mohammad Mannan, an assistant professor at the Concordia Institute for Information Systems Engineering in Montreal, came forth with the position that modern malware has rendered antivirus products essentially useless. Mannan went on to say that because antivirus products struggle to detect malware, he believes anyone relying on antivirus as the first line of defense is likely vulnerable to attack.

Malware has become increasingly sophisticated, but has it really deemed antivirus useless?

To answer the question simply, most antivirus tools on the marketplace also include some form of protection from malware. The issue with looking at threats strictly labeled as viruses is that the label “virus” does not encompass all elements of malware. Viruses are a component of malware, but malware is not necessarily just a virus—malware can also be spyware, adware, Trojans, worms, and so on. Thus, products labeled as “antivirus” may only protect systems from some types of malware threats.

It is true, however, that more sophisticated malware can be incredibly difficult for standard-issue antivirus products to detect.

According to an RSA Research report on the state of cybercrime in 2014, “Fraudsters and cybercriminals are finding sophisticated new ways to make botnets stealthier and more durable, and to shield the data stolen during attacks.” These botnets are comprised of a network of malware-infected computers that criminals have turned into bots (or zombies) that can perform automated tasks for them without your knowledge. The RSA Research report suggests that “botnets are being created to behave as similarly as possible to legitimate software and take considerable time and effort to detect.”

So what can you do to protect yourself from malware? We recommend the following:

1) Ask your IT team to whitelist rather than blacklist. For most businesses, it is unlikely that there would be more than 50 URLs that should be legitimately visited by employees in the normal course of business. Rather than fighting off a constant stream of “bad” sites, it can be easier to just allow the “good” ones instead. You can learn more about web content filtering

2) Keep your antivirus, but install a complementary antimalware tool. We are fans of Malwarebytes Anti-Malware, as this tool is exceptionally good at combating newly created and newly released attacks.

3) Practice good internet hygiene. Remind your employees of the dangers of clicking on unsolicited emails, and encourage them to question all attachments and links in messages—especially if those attachments and links are not expected. Also, make sure to review your outgoing firewall rulesets, as these rules will define what kinds of traffic comes in and goes out of your network.

4) Enhance the effectiveness of your antivirus/antimalware posture by using current Intrusion Detection/Prevention (IDS/IPS) and Data Leak Protection (DLP) technologies. These sophisticated systems are not looking for “bugs” like an antivirus scanner, but rather they are watching the network for the conversations those “bugs” may secretly be having with the bad guys as they transmit breached data onto the Internet.

Want to learn more about protecting your business from malware and cybercrime? Contact us today!

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s