Can You Trust Security Software?

Whether you have a new computer or old computer, you are probably wondering if you can trust security software that is on it. This is something everyone should worry about.

Malicious Software

Virus, spyware, worms, trojans and exploits – regardless of the type of malicious software (malware) and attacks, they can be detrimental to the health of your computer and in some cases your life or at least your lifestyle.

Imagine that spyware gets on to your computer without your knowledge. It has been logging your keystrokes and reporting them to a predator on the internet. This predator now knows your bank account login information, your credit card numbers and your favorite web-sites and the credentials there too. They might simply do some shopping as you and max out your credit, or they might transfer all of the money in your checking and savings accounts to their own account. How would having all of your money taken away impact you?

Virus and Worms

A computer virus spreads by copying itself from computer to computer across a network by taking advantage of attached file shares, e-mail or some other exploit, usually leaving some form of damage in its wake. Some viruses are simply an annoyance while others can be quite severe. The virus will usually attach itself to programs on a computer allowing it to be launched each time the other program is launched, while a worm is typically a stand-alone malware.

Trojans

Named after the wooden horse used by the Greeks, trojan malware presents itself as legitimate software tricking users into running it on their computers. Once a trojan is launched by the user it has the ability to perform other tasks on the computer undetected, like installing other malware or harvesting an e-mail address book.

Exploits

I am including this here for reference, but an exploit is technically not malware but instead a flaw in the programming of other software or the computer’s operating system which an attacker or malware can use to gain access to a computer, kind of like a backdoor.

Can You Trust Security Software?

The short answer is “sort of.”

What do I mean by “sort of”? You’ll have to get the long answer for an elaboration, read on.

As Good as It Gets

Security software is only as good as the way it is programmed and the information it is provided.

Just because it is the best anti-malware product on the market doesn’t mean you can trust security software being installed on your computer – even if it came with the computer.

Signature Analysis

Bloated Code is Slow to Identify Risks

Security software works by using multiple techniques to identify malware. The primary method of identification is analyzing the coding of objects running in memory or stored on a disk. This code is compared, looking for matching strings of bits (signature), to a database of known malware. These databases become extremely large and when coupled with the commonly inefficient code of anti-malware products they tend to be very slow, even on modern, faster computers.

Some security software manufacturers combat the large signature database issue by removing old signatures that haven’t been recorded for an extended period. This is the equivalent to no longer immunizing children for polio and chicken pox because it hasn’t been recently diagnosed in a sampling of the region’s population.

Known Malware

The principal of Signature Analysis is that the malicious software has to be known and identified within the signature database. Any new virus in the wild could take up hours or days to be included in signature databases; in the meantime it won’t be stopped by the signature analysis method.

Firewalls

Many security packages, even Windows XP and newer, have an application firewall enabled by default. This usually serves two purposes: the first being a firewall to prevent unwanted network traffic from getting into the computer system and the other as an application firewall preventing unknown applications from getting out of the system.

Firewalls and Application Firewalls are only as good as they are programmed and configured. Sometimes the firewalls are too aggressive and instead of adjusting the settings appropriately, people will disable the firewall or blindly allowing access when prompted about a new application.

Heuristic Scans

Behavior analysis is another term for heuristic scanning. This method of detection is most effective for unknown malicious software, zero day spread. It works by monitoring the behavior of running applications for virus-like activities, such re-writing executable files, sending multiple e-mails quickly, etcetera.

Summary

As I provided some insight of how security software works, I also highlighted some of the reasons that you might not be able to trust security software.

  1. Known malware – signature analysis relies entirely on the malware being known to the security provider. New malware may not be detected.
  2. Bloated code – large signature databases and inefficient software slow detection, sometimes enough that the malware can do its damage long before being detected.
  3. Signature pruning – just because the security provider hasn’t seen the malware in a while, doesn’t mean it no longer exists. Old viruses linger; dormant and offline computers may be able to spread malware when activated later.

How to Protect Yourself

Simply put – use a quality security software and keep it up to date!

I will not be providing a recommendation due to the ever evolving world of computers. Check with Consumer reports, PC World and other reputable organizations for current reviews of security software. Any product review older than eight months holds less value than more recent reviews.

Enable the firewall and restrict everything from the start. Adjust the settings to gain the internet functionality needed to use your internet and applications.

If someone calls you unexpectedly to help with your computer – don’t believe them. Microsoft, nor anyone else, is going to call you to fix your computer unless you call them first. Watch this blog for my post on phishing and scams.

Protect your data by backing up your files with an online service, like Carbonite, that stores multiple versions of your files for easy recovery.

Mythology

There are a lot of myths and theories about being secure. I’ll touch on a few and then give my recommendation.

Get a Mac

I laugh whenever someone says that they are changing to an Apple computer because Macs don’t get viruses. I remember 30 years ago, sitting in my friends basement helping him get a virus off of his Macintosh computer. I’d even comment to him that I don’t have this problem on my PC. The laugh was on me, wasn’t it?

Truth be told, whether a computer has Windows, iOS, Linux, Unix or some other operating system on it is not necessarily relevant to whether or not malware can impact it. Just because no one is currently writing malicious software for your favorite operating system, doesn’t mean they won’t.

I Have {Big name} Anti-virus installed

You might want to reread this article. It is all about not being able to rely completely on security software. Human behavior is part of the risk as well.

I Only Check My E-mail and Visit {pick a store site}

Numerous trojans and other malware are distributed via e-mail and are often designed to appear as if someone you trust sent them. Follow a link, open an attachment and you are exposed.

Trusted retail and community sites are often hacked and malware is then installed on the site. Sometimes for theft of information through the site, to redirect users to a malicious site or for actual distribution of malicious software.

Leave a Reply