The truth about Anti-Virus: They don’t do it all, they don’t even try.
For good reason, anti-virus (AV) and Firewall (FW) programs have become a necessity for everyone who uses computers and the Internet. Computers and information technologies have been woven into every aspect of our daily lives and there has to be some form of protection otherwise our computerized infrastructure would collapse.
Since the early periods of the “information age”, there have been people who would exploit human errors made in the development and/or implementing of programs (which include applications like Microsoft Office and operating systems like Windows XP, MAC OSX and Linux) in order to forcefully gain access to computers and the information that they hold. Some would do this for profit by selling the access or information, others would do this in the name of free information and still others would do it purely to cause damage. As these events began to occur with more regularity, a desperate and very serious need to protect private information manifested itself and modern AV and FW’s where born.
If you were to look at computers, AV and FW programs as if they were parts of the human body, you would see some striking similarities. One could say that the CPU is the brains of the operation, the motherboard is the nervous system, all the cables are the blood vessels, and the hard drive would be long-term memory. AV programs would act like your immune system and a FW would act like your skin and for the most part, that’s what these two programs where molded after and act like.
AV programs work through the use of virus definitions, meaning, they can only detect, stop and eliminate those viruses for which they have definitions. This is a lot like our body’s immune system in that it works best against infections it knows about; however, this is where the similarities end. For AV programs to work and protect you from viruses, your AV program needs to be updated on a regular bases and can only protect you from the infections it knows about. This means that the makers of AV programs have to troll the Internet to find the newest viruses, then they have to rip it apart to find out how it works and how best to protect you from it. Once they are able to protect you from the virus, you have to download the new definition from them before your computer becomes infected.
Say that there is a piece of malware (a program that is intended to compromise you’re computer) out there called “yourinfected.exe” that infects Windows computers and it’s really bad and everyone is getting infected. The AV companies have finally been able to figure out the malware and they get the definition out right away and there is a sigh of relief. Everyone is safe until the person who created the malware decides to change the name to “yourinfected2.exe”. Now no one is protected anymore and everyone is getting infected again until the AV company’s release a second definition and the malware makers change the malware again. So on and so on till the malware makers give up on it or the main problem is fixed. The real problem with today’s AV programs is that they can only protect you against viruses and malware that it has a specific definition for and once the definition doesn’t fit, you’re not protected anymore.
To properly protect its users, AV programs need to be able to “self identify” potential threats and respond accordingly. This would make it possible for the current generation of “reactive only” AV technologies (defend against what you know) to be integrated into a new, more proactive (identify possible threats and act) protection model that will more adequately protect users from threats. There are some difficulties and potential disasters to this model of protection. One of those possible problems would be to have the AV program falsely identify an important document (or worse, a document type like .doc) or program as a virus and remove it causing loss of data and profits or system crashes (here is an example from www.cnet.com of this happening).
Because of these possible and real situations, we most likely will never see a standalone AV program that is able to proactively protect our computers, networks and information. Giving this information, we now know that the major difference between all AV programs is the amount and quality of the virus definitions that they use and we can focus on getting the right AV program for your needs and computer.
The biggest drawback to all AV programs is the negative impact they have on system performance. A lot of computers that are purchased today have been preloaded with one of the two big AV companies (which will remain unnamed) and they severely impact a computer performance but they offer a hands-off approach to computer security and they don’t require much, if any user input to function and secure a computer. There are other, less known AV programs (which will again remain nameless) that have very little impact on a computers performance; however, they require more user interaction to operate at their best and possibly offer better protection then the hands off AV solutions. The tradeoff between performance and automation is the main consideration when shopping for an AV solution.
For me personally, I chose the option that allows for the best performance because I have a strong interest in computer security and I enjoy getting my hands dirty and doing so provides a higher level of overall computer security. While, others have chosen the automated AV programs because for those that have no interest in information security and are intimidated about configuring settings, this option actually provides the best protection for them. It’s a hard choice that can cost a good amount of money and time – but given that most AV function the same, the only choices you need to make are: How much does it cost in money and system performance and whether or not an automated solution is better for you than a more hands-on option.
Thank you for reading.
Eryk Voelker
(408) 829-4995
Home Network Security
www.hnsecurity.com
