Is your Antivirus still good enough to protect you from modern online threats?

[Petrovic]

The first thing people do after installing an operating system is to install an antivirus software. With an antivirus installed, they think that their computer is safe now. But how effective are these antivirus? New malware is written every day while old ones are enhanced to bypass both signature and behavior based antimalware. Under current circumstances, it is safe to say that antivirus software itself can be exploited by the cybercriminals to compromise your computer. Do antivirus really work? Is an Antivirus good enough to protect you from modern online threats? Is it still necessary & relevant? Do you even need one? We’ll talk about that in this post.

 

Is an Antivirus still good enough to protect you?
Antivirus software is either offered as free basic version or a paid pro version with some additional features. The same holds true for Internet Security Suites too.

 

Out of these two, the paid one’s typically are bulkier, occupy more space, take up RAM and use more CPU, etc., while at the same time offering you integrated protection.

 

The problem starts at the point where the advanced anti-malware start interfering with your operating system and browsers. These security software reach out to the OS kernel and tweak it for continuous monitoring. They also bypass the built in features of browsers that detect dangerous web pages. That means installing such a security software can expose you more to the dangers lurking out there on the Internet.

 

Do Antivirus really work?
According to Google Zero Day Blog, a security researcher found many vulnerabilities in the Symantec antivirus suite, that allowed malware to get into the base and exploit the operating systems. Read the findings on Google blog. The post also includes Norton and explains that since these antivirus software can tweak the OS and browsers, they can easily be targeted to compromise the computer.

 

Quote

“These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”

The blog also cites examples of compressed applications. When developers want to reduce the footprint of their applications, they compress the applications and hence, are not easily identified by antivirus. To solve this, anti-malware from Symantec or Norton unpacks the application straight in the Kernel – instead of using sandboxing techniques.  You can imagine what may happen while unpacking an infected application in the base of the operating system.

 

As far as Symantec is concerned, it released few updates and says the issues pointed out by Google are solved for now. But Symantec is not the only one. There are many other antimalware packages and more zero-day vulnerabilities to be explored and patched.

 

Reading this, you might be inclined to believe that using a basic antivirus software is better as it not only saves on resources but also doesn’t go on to integrate themselves with the operating system files.

 

Do you need an antivirus?
Yes, sure you need an antivirus software not just for your Windows computer, but even for your Mac or Linux systems, these days. While it is good to use a modern operating system like Windows 10, Windows 8.1 or Windows 7 to protect your computer against online threats, a security software offers an additional layer of protection against malware. It will help you stop almost all known malware and even detect unknown one’s on heuristics – although this does not always succeed.

 

Most malware today, get on systems, due to user-initiated actions. It could be a user clicking on a bad link, visiting a malicious website, not paying attention during installation, opening infected attachments and so on. And so, in today’s times, to stay safe online not only do you need to secure your Windows PC, you need to also exercise common sense and follow these basic Internet security tips:

1. Always keep your operating system antivirus software and browsers updated to the latest versions
2. Do not download email attachments from unknown senders, which you were not expecting or which look suspicious
3. Do not click on any links – whether it is in an email or a web page.
4. If you must download software, download it only fro their official home pages or from safe software download sites and exercise caution while you install them.
5. Install additional free tools like EMET to add an additional layer of security. Use our Ultimate Windows Tweaker, to change a few settings on your computer to further harden Windows security.

Conclusion: So Is your Antivirus still good enough to protect you from modern online threats? Well – it is good, but not enough!

Article source

[maniac2003]

Interesting read. Any software could have flaws also a security suite. AV makers should test and audit their software to minimize the potential attack surface and keep their customers as safe as possible. You'll never have a 100% guarantee.

[dMog]

is my antivirus and firewall and malware and ransomware  good enough..... oh god i hope so

[SnakeMasteR]

First, easiest and weakest part in this will always be the user, high priority target and as proven, it works. Majority of virus authors don't bother to find weaknesses in proprietary software.

[dMog]

13 hours ago, n0_risk! said:

First, easiest and weakest part in this will always be the user, high priority target and as proven, it works. Majority of virus authors don't bother to find weaknesses in proprietary software.

that is what I keep telling my brother who regularly opens those suspect emails or goes to "dangerous" sites and always clicks ok when a window opens without at least even a cursory read of what he just agreed to run on his computer

[pc71520]

No Resident (=Real-Time) Anti-Virus/Malware, here.

 

Sandboxing, Imaging & various On-Demand Tools.

[uffbros]

Today you must image..and keep the image on an external drive. Many make a partiton on the active drive and this can get the crypto virus and your still screwed. 

[dMog]

19 minutes ago, uffbros said:

Today you must image..and keep the image on an external drive. Many make a partiton on the active drive and this can get the crypto virus and your still screwed. 

AND ...keep that backup image as well and copies of all your really important stuff NOT connected to the source computer

[Vic Vega]

2 hours ago, dMog said:

AND ...keep that backup image as well and copies of all your really important stuff NOT connected to the source computer

very true, but sometimes people are too busy worrying about others business to take the time to back up their own data! tough life lesson!

[SnakeMasteR]

I could make hundreds of jokes about backups but here is only one: It was broken.

[TheMountain]

I'm one of the fools who don't use 'real-time AV', & I've never felt safer online as I do now.

[Ice Frog]

20 hours ago, TheMountain said:

I'm one of the fools who don't use 'real-time AV', & I've never felt safer online as I do now.

Even I no longer use a AV now, not only am I relieved of vulnerabilities in the AV itself but also of the load it put to the system as a whole.  

[smokeyjoe]

Symantec Endpoint Protection fixed these vulnerabilities in version 12.1.6 RU6 MP5

[HNB]

1 hour ago, smokeyjoe said:

Symantec Endpoint Protection fixed these vulnerabilities in version 12.1.6 RU6 MP5

o ' really?