Ten Ways to Dodge Cyber-Bullets (Part 8)

[Part 8 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.]

Anti-Virus isn’t Total Security

Don’t expect antivirus alone to protect you from everything.

Use additional measures such as a personal firewall, antispam and anti-phishing toolbars, but be aware that there is a lot of fake security software out there. This means that you need to take care to invest in reputable security solutions, not malware which claims to fix non-existent problems, or toolbars that are designed to divert you away from the sites you want to visit and towards the ones that generate revenue for adware providers.

That apart, even the best protection might not protect you as well as common sense and caution does: there is no silver bullet in protection in malware, which is why we always advocate multi-layering or defense-in-depth. Specifically, don’t fall for the "I can do anything and click on anything because my antivirus will protect me" trap. There seems to be a temptation for people to cluster at one of two extremes.

  •  Some people have such touching faith in their AV that they assume it will catch everything malicious that’s thrown at their system, so they don’t run anything else and are convinced that they don’t need to think about their own security. When they eventually find that their system has been infected, whether it’s by something they’ve clicked on incautiously or something a little more subtle like a zero-day vulnerability or a drive-by download, they feel betrayed and angry. That’s understandable, but it comes from a misunderstanding of the limitations of all security software. For every technical solution (not just AV) there is at least one way of getting round it. 
  •  Others take the view that antivirus is no use at all because it "only detects malware it already knows about". That isn’t the case: only the most primitive modern antimalware relies purely on signatures of known malware variants. Good anti-malware products incorporate tools like generic detection, advanced heuristics, sandboxing, whitelisting and so on into an integrated product that catches a high percentage of all malware, not just viruses.

The danger in both scenarios is that the individual is tempted to substitute one partially successful solution for another. (Some marketing departments may overstate the effectiveness of a product, but that isn’t a problem restricted to the anti-malware industry, or even the security industry!)

The trick is not to rely solely on one solution at all: a diverse spread of partially successful solutions may be more successful… However, note that word diverse. For most people, half a dozen antivirus packages on a single desktop machine is likely to cause more problems than it solves… By multi-layering, I mean using a diversity of product types: using multiple antivirus products may catch more specific malicious programs, but the increased detection may not be worth the additional strain on resources and risk of program conflicts, false positives and so on.

Please bear in mind also that malware gangs spend a lot of development time tweaking  binaries so that they will evade specific scanners. The more effective a scanner is, the likelier it becomes that it will be targeted in this way. Of course, we monitor these tricks closely and enhance our own detection accordingly, but there is always a risk that such a tweaked binary will reach you before we’ve received a sample and updated our detection.

For this reason, we’re always grateful to receive samples of malware (or indeed false positives) that have evaded our products. For details on how to do this take a look at http://training.eset.com/kb/index.php?option=com_kb&Itemid=29&page=articles&articleid=141

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch (or @ESETblog)
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Also blogging at:
http://smallbluegreenblog.wordpress.com/
http://avien.net/blog
http://blogs.securiteam.com
http://blog.isc2.org/
http://macviruscom.wordpress.com/

Author David Harley, ESET

  • cliff

    Nice blog entry, but I really don't get your signature. Is this  "BA CISSP FBCS CITP" some sort of compensation for a small penis? Seriously, how important is a tiny piece of paper for you? Do you actually feel the need to add all these titles to your name? :)

    • http://www.smallblue-greenworld.co.uk David Harley

      Cliff D’Addario, I’m quite happy with the dimensions of my dangly bits, but thanks for your concern. As for the letters after my name, like professionals in many fields, I use them because I’m entitled to, and because they represent the recognition of my peers. I don’t think they make me automatically better than people with no alphabetti, but I don’t think they make me worse, either. I’m sorry that you find them threatening, but I don’t regard that as my problem.

  • Jay Bee

    @cliff Usually someone with an abusive or abused persona makes statements like this.  This is an inductive fallacy Mr. Cliff.  Mr. Hartley is a technical writer that has no problem with what Cisco can throw at him.  Since you like to make inferences, Mr. Hartley can probably hit more pitches thrown from Cisco than someone without those well earned acronyms behind their name.  Why?  Because the acronym shows that Cisco gave him a game that he played in and won.  Is this over your head?  Well then call it a ball.  The next one coming will be right over the plate.  Ready set throw:
    @cliff More apropriately your response to Mr. Hartley was an abusive attack on his person not relevant to what he said.  Argument type of the day is Ad hominem abusive. Ex. People that protect their tweets are all pussies.  Like Lucy, in Merry Xmas Charlie Brown said, "If we can label it, we can fix it!"

    My solution: Change your Firefox persona right away!

  • Jay Bee

    And by Hartley I meant Harley.

  • Sourodip

    Yea That' s The True Advice!
    I Like It ,

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.