Why Anti-Virus Software Does and Doesn't Work

Anti-virus software is important. Hackers could get all of your data. If you don't have an anti-virus, CRIMINALS could steal all your money. Sound Familiar?

Anti-virus and security companies, especially the large ones, like to use FUD (Fear, Uncertainty and Doubt) to acquire new customers. The practice has been an industry standard from the very beginning of computing.

While years ago, a good anti-virus program could in fact save you, the fact is that in today's world, new viruses and malware are coming out at such an incredible rate that the anti -virus vendors simply can't stop them all.

There is a very simple reason for this. Anti-virus technology depends on blacklisting. That is, your anti-virus has a list of signatures that are known malware. When it finds a match, it notifies you that a virus was detected. Sometimes your anti-virus will apply a match to a file that is not malicious, which is called a false positive. The problem with this solution is that any new malware that the anti-virus vendor hasn't seen before isn't stopped, it passes right by the anti-virus and has it's way with your system.

While anti-virus technology is not the end all be all for consumers, there is a handy function after you have been infected that makes a blacklisting anti-virus extremely useful. If you don't have any anti-virus, you may never know you have been infected, however if you have an anti-virus on the system, either an update will detect the malicious software or the anti-virus itself will malfunction, letting you know something is wrong with your system.

An alternative to blacklisting is called white listing. This is where the anti-virus software has a list of known good software, and it prevents anything not on the list from executing. This is the more effective type of anti-virus, but it has severe limitations as well. For one, if you are running something the anti-virus company has never seen, you simply cannot execute the file. You will have to contact the vendor and ask them to add an exception for the program or worse, the program will allow the user to add their own exception.

The user is the weakest link for anti-virus software. Many times users will simply ignore any warning on their screen as they are “too busy” to worry about it. Other times, the user will add an exception to known malware simply because it gives them something fancy like smiley cursors on their windows. I had one customer years ago who diligently followed the instructions on a malicious RAT program called Sub Seven and infected himself simply by not using common sense. This is all too common in computer users today. The fact that 50% of people using a computer have no idea how to actually use their system is scary. Imagine if 50% of people on the road couldn't drive...oh wait, bad example.

Written by Fingers on 2015-01-23 00:12:07

Login to NerdNOS
Register with NerdNOS