Here are 7 myths about antivirus software that we get from interacting with users when dealing with security related support cases.  Let’s debunk the myths related to AV applications.

The Top 7:

Here are the myths that we cover in this article along with the real truths about each.

1. Authentication and encryption offers me all the protection I need.

It’s true that authentication and encryption can make it challenging for a criminal to get to your confidential information but not impossible.  Some authentication systems use a One Time Passcode (OTP) and send a Simple Messaging System (SMS) or computer generated call back system.

Unfortunately, cyber criminals have already found ways to circumvent multi-factor authentication which was supposed to radically reduce online criminal activity.  New malware versions are now able to intercept authentication codes that are sent to your phone, so criminals can still get access to your OTP without you knowing about it.

Encryption scrambles your information to render it useless and requires you to use an encryption key to unlock the data.  However, it does not fully protect you from key-logging malware that can read your password used to access the encryption key.

While both of these technologies are useful in protecting sensitive data on your PC, they do not protect your PC from contracting malicious software.  In other words, your system can be hacked and be held hostage – you can fall victim to ransomware and other debilitating viruses.

2. I don’t download files so I am safe from virus attacks.

You don’t have to actively download files to be the victim of virus attacks.  Browser based attacks are now much more common.  In fact, some of the most popular websites, including Yahoo, New York Times, Huffington Post, and CNN.com, have fallen prey to malware attacks that are integrated in display ads.  This is known as “malvertising”.

Malvertising is a common online criminal tactic which can easily spread among popular websites for maximum gain.  There are two types of malvertising attacks.  One is when a user clicks an ad and the malware infects their system.  The other type is not even triggered by user interaction as it uses embedded malware code within iframes that results in the ability to manipulate the browser to grab files from other malicious sources.  Simply browsing to a site can result in falling victim to malware attacks.

There are also attacks, referred to as “Man in the Middle” where an “…attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other”.^[1] For example, the Man-in-the-Browser (MITB) attack utilizes a Trojan horse virus.

Online banking is very susceptible to the MITB attack.  In these cases the infected web browser uses altered web pages and content without the user knowing it.  The information is exchanged between the user and the host bank and the confirmation screens are all the same.  However, in the background, the criminal can be altering the data so as to change the transaction destination and the amount.

These examples illustrate that files do not have to be downloaded in order for you to be compromised.  Fortunately, Trojan viruses can be detected and removed by effective AV engines.

3. Firewalls protect me from malicious activities.

Firewalls block certain nefarious traffic but they cannot protect your PC from files that contain a virus or Trojan.  The reason for this is that firewalls are not designed to scan for infected files – you need an AV engine specific to this purpose.

It is crucial to eliminate potential security holes.  Port scanning can be problematic as criminals look for ways to openly connect with your PC.  A properly configured firewall can minimize this risk and new Windows operating systems come with firewall functionality.  While this is the first line of defense… it is not sufficient in blocking the myriad of virus and malware threats that are out there.

A firewall can be configured to block outbound traffic as well.  However, malware writers have been able to disable a firewall so traffic can escape from your system.  AV vendors have already created mechanisms to minimize this problem, but cyber criminals have proven themselves to be very clever in being able to hide the information within normal http traffic so as to disguise the data as innocent web requests.

4. Viruses and malware are written by AV companies.

There is no shortage of conspiracy theories.  So… is there any truth to AV companies creating malware?

There is an old technique that Firefighters use known as back burning.  Firemen create a controlled fire to burn up all of the debris that can fuel a fire which leaves a black zone. This method reduces the chance of a wildfire from jumping across the black line of defense.  This is similar to a strategy that Antivirus companies employ with viral attacks.  They use existing malware or create viruses to test their AV engine so they can understand the limits of their program, improve their software, and eliminate the vulnerability associated with such attacks that are known and encountered in the real world.

The real and full truth here is that there have been billions of dollars in loss suffered by companies and private individuals as a result of cyber criminals utilizing malware for profit.  There are in fact real criminals that focus their energies and skill on a variety of heinous activities such as stealing money, selling stolen credit card information, hiring other malicious code writers, selling malware to other cyber criminals, holding an infected PC ransom, and more.  Cyber crime is a billion dollar industry and it will continue to grow as long as criminals see an opportunity to make money.

5. You can get good protection from free AV programs.

There are free antivirus programs that provide a basic level of protection, like Microsoft Windows Defender.  However, many of these lack key security features to reduce exposure to attacks, some have slower scanning speeds, others do not provide technical support, several do not respond quickly to emergencies, and some do not detect new threat categories effectively.

Free AV programs generally do not provide web protection.  This fundamental security feature is designed to block malicious links, prevent phishing attempts, and stop fraudulent links from compromising your system.  As we stated previously, online criminals want to make money and they will target personal or financial information.

Some free antivirus products offer a personal firewall that can block unauthorized communication.  You will need to verify your AV solution is equipped with this and activate it during the enrollment process.  And keep in mind, if your PC is already infected, cyber criminals could be actively stealing your information.

Choosing a free or paid antivirus program can be a difficult challenge as you need to weigh out your own privacy concerns along with getting full protection.  Third party publications can help narrow down your choices so we recommend that you review articles from publications such as: PC Magazine, Cnet, AV-Test, AV Comparatives, or Virus Bulletin.

6. AV applications are not equipped to deal with APT attacks.

Advanced Persistent Threat (APT) is a recently used term spoken in such a way as to conjure up dark and scary creatures that we can speak of when gathering around a campfire at night.  In reality, APT is not dramatically different from malware that was launched ten years ago.  It’s quite common for cyber criminals to use similar tactics in new ways when launching their latest PC threats.

Malware writers are very innovative as they quickly change their attack methods while still leveraging criminal underground networks and strategies all the while remaining focused at absconding funds or making their mark.  Case in point: Ashley Madison hackers were motivated as a result of outrage due to the activities of the targeted website.

AV companies have evolved by using a combination of malware signatures, heuristics, and behavior techniques to capture new and unknown threats.  They will not however detect all malware attacks.  Some AV companies detect unknown threats better and more consistently than others.

Let’s turn our focus on third party testing companies that specifically test for unknown and zero-day malware threats.  Companies that specialize in preventing APT attacks generate a lot of revenue, but it is surprising to see that these vendors have not submitted their products for testing by a third party organization.  Why is that?

For most users, the most affordable and best option is a reputable AV program along with using common sense.  It also helps to get recent and frequent software updates.

7. I can get good information about AV app comparisons from the AV vendor.

The simple answer to this is: make sure you get independent reviews.

Often times, AV test reports sponsored by a company range from being biased to blatantly skewed.  These reports typically highlight specific detection techniques and compare a limited number of vendors.  On the other hand, third party, non-profit malware testing organizations publicly provide their testing methodology to be scrutinized by all participating vendors.

All AV vendors are allowed to participate in third party tests and reviews, compared to being selected and tested by a vendor who is paying for the report.  There are different testing scenarios to help understand efficacy characteristics.

One test, involves capturing malware for a specific period of time and preventing the update mechanism from fetching the latest files from the AV vendor.  This particular test determines whether the AV engine can proactively prevent new or unknown threats from infecting a PC without file updates.^[2] Another test involves speed performance tests which measure the impact of the AV program on the performance of a computer system.

An Independent Review: CompuClever Antivirus PLUS

We are pleased to report that we were tested and received a glowing review by VB100, “…a world-renowned independent testing and certification body, active in testing, reviewing and benchmarking security solutions for over 20 years.”^[3]

For more information about CompuClever AV PLUS click here: Are You Well Protected?

Summary:

With the information provided in this article we feel you now have a much clearer understanding of AV applications and virus attacks.  We strongly recommend that you protect your PC from viral dangers that are prevalent in our daily computing world.

We will continue to provide story lines like this and we will describe them in a manner that is within reach of everyday computer users.  If you have some ideas of topics you would like us to cover, email us at: newsletter@compuclever.com