I got this call from a client last month on the day when the Syrian Electronic Army hacked several news web sites (including the CBC).
What does your antivirus software protect you from?
First we have to look at how antivirus software works. There’s two components to antivirus software. One component is the database of known nasties. Antivirus software downloads updated information usually several times a day to get the latest list of viruses. Kind of like getting a booster shoot.
However hackers are creating new malware (malicious software) so quickly that the antivirus companies just can’t keep up to date in protecting your computer from the latest hacks. So antivirus software is best at protecting you from well known older viruses.
The second component of antivirus software is what they call heuristics. Heuristics is where the software looks for behaviour that indicates a virus. It’s like you start getting a fever with coughing and sneezing and you know you have a virus, you just don’t know which one. The antivirus sees behaviour like an excel spreadsheet that wants to run code and it shuts it down.
This can lead to what they call false positives where the antivirus software mistakes a legitimate software for a virus and tries to shut it down. A good example would be an Excel spreadsheet with a custom macro that is legitimate but the antivirus software by defaults views macros as infected code.
Besides these two components, most antivirus programs provide some kind of internet browser protections. Example include settings that keep your home page from being changed and malicious internet link checking.
Let’s go back to my client’s question. Her antivirus was protecting her from her home page being changed but not from the site itself getting hacked. Her antivirus was protecting her from any older malicious code that was loaded on the hacked site.
You can’t rely on your antivirus software to protect you from everything. But you still need it as part of a protection plan for your business computers.
What else do you need in your protection plan? A regular patching schedule. Patching your operating system and software will protect you against almost 95% of the latest hacks. This is because the hackers examine the security patches released by Microsoft, Apple, Adobe and the others and then reverse engineer them to create the malicious software.
The other important and oft neglected component in a protection plan is education. Educate yourself and your employees about the digital risks out there and how to avoid them.