Often, we get questions regarding the kind of antivirus we run. I’ll talk to them about what we install on all systems, and about why we choose antivirus A over antivirus B. Truthfully, antivirus in general is mediocre at best. The best antivirus really is; you, the end user.
Any antivirus package, free or premium, is the way that they detect viruses. Generally speaking, the virus must already be widely known. This means that the virus must have been successful at some point on a large enough scale to be “found out”. Secondly, it has to be detectable by known methods. It is true that these requirements still cover a large selection of viruses and malware, so what’s left that antivirus doesn’t deal with well? Newly written or custom viruses may not match any known profile and can avoid detection. There are also polymorphic and self-encrypting viruses that are able to modify their behaviors or code well enough to cloak themselves from antivirus systems. “Rare” and seldom deployed viruses may not have had enough attention to be added to a known virus database as well. Antivirus is a completely reactive technology that can only deal with previously known quantities.
The best antivirus is a user that pays attention to what they’re doing. Using some basic rules, a user can avoid getting a virus on their computer in the first place. I like to teach our end users about the most common methods of virus deployment, starting with email. Email is hands down the biggest vector for malicious viruses. Good email policy in an environment can help filter a lot of the bad stuff out, but like antivirus, it is not fool proof. Email attachments or a link in an email to a website are the most common kinds of these vectors.
If you’re not sure what you’re downloading or why someone would be sending you a link, don’t click on it. If you suspect anything suspicious forward it to your IT to verify it is anything suspicious. This really comes down to being able to identify a fishy email. If the email seems suspicious, it most likely is. Most of the time your gut feeling is right when it comes to a malicious email.
The second biggest culprit comes from browser-based attacks on malicious websites. These involve either a website or a redirection script that attempts to confuse a user into downloading something they didn’t intend. Don’t download anything unless you are 100% sure you know what it is. When you do install something, make sure you read while you’re going through the wizard to avoid installing another Ask toolbar. A good example of this are websites that want you to install helper programs for “high speed” downloads or search bar add-ons for a browser. (I’m looking at you Cnet). A website that pushes this kind of software should be considered questionable. If you need software installed on your system, or you need to use an online service, you should be going to the vendor’s website.
The last piece of basic protection that a user should know is their password. Antivirus does virtually nothing to stop a user from practicing bad password policy.
The two main rules here are:
- Change your passwords every so often.
- don’t use the same password everywhere.
The bottom line is that antivirus is a partial safety net, but will not guarantee protection. The best antivirus is an educated user.