Ask the average home user or small business how they defend themselves from internet nasties and the typical response is: ‘We use freebie antivirus programs’. Let’s jump to the “real” world and ask if they would use a standard police constable to guard their home from burglars, their yacht from pirates or themselves from kidnappers while doing business in Iraq. The answer is ‘no’. A police constable can do a good job guarding a house but lacks the skills and experience to guard a yacht from maritime pirates or protect a person from armed kidnappers in Iraq.
Each situation requires separate training, experience, equipment and insurance – and the situation is very similar with antivirus. Viruses can enter through various avenues, mainly websites, email or physically (USBs & CDs/DVDs). Each avenue uses different tricks and complexities, with web malware being the favourite entry method of the twenty-tens. That’s not to say that viruses are no longer delivered through USBs, CDs and emails, but the true payload today is often web-based and one product alone cannot be 100 per cent accurate.
Go back a few years and the main entry method was USB. It was common to hear students crying out that they had plugged in a USB stick or entered a CD and their homework had gone. Then email took over – but people are a little savvier when it comes to being cautious with email attachments. So the bad guys had to rethink their strategies, which is where web-based payloads came in. Web-based delivery is now their favourite strategy.
With viruses coming through three main areas, traditional antivirus cannot cope alone and a multi-layered approach is now required. Everything virtual or physical should come in layers like a prison. If one layer fails the next will (hopefully) catch it. Endpoint antivirus should still be used, but it should be used in line with one or two other layers. You may ask how three antivirus programs can be installed on one computer… Even a layman knows you shouldn’t do this.
Each avenue needs its own dedicated and specialist service. So if you run an email server or use a third party this should be covered with a specialised service or with multiple layers of antivirus. Some vendors offer an on-premises solution which comes with five antivirus programs and five anti-spam engines. Then if you surf the web (who doesn’t?) you need a specialised on-premises solution or SaaS (software as a service) to deal with web threats.
Without even downloading a file a computer can become infected with ransom-ware or, worse, a RAT (remote-access Trojan). Web protection first checks the website from a database then pulls apart the html, java script, flash and more to see what is going on. We have seen four or five well-known antivirus products fail to pick up exploits on websites.