I Have Anti-Virus Software, Am I Safe?

April 13, 2011

I’ve heard many different variations of the question “I have anti-virus software, am I safe?” from friends, family, clients, AVG Community members, and even strangers. As hot a topic as this is, I felt it was a question worth addressing.

This isn’t a simple “yes or no” question though. The short answer is “it depends.” There are multiple factors at play that can contribute to your susceptibility to being infected by a virus despite having anti-virus software installed, some of which include…

  • Which software you’re using is a key influence. As with pretty much anything mankind has ever manufactured, quality of products differs between manufacturers, and although software isn’t necessarily a tangible good, the same age-old rule applies. Some companies make a better product than others, and some of the free software is better than some of the paid software. Based on my personal experiences with many different AV products, my professional experiences working with my IT consulting business and many other businesses, and my extensive knowledge of InfoSec in general, I recommend AVG. Free or paid, I’ve used both and they both do a great job.
  • What features your software has available is equally important. This ties in with the previous point, different vendors offer different features. Some AV software includes sand-boxing (a type of virtualization) to put a layer of separation between files or applications and your operating system, some include social networking protection, or the ability to check the safety of websites without having to actually visit them. It’s up to you to decide which features are most relevant to your own personal computing habits and keeping you safe while you go about your typical online activities.
  • Your personal computing habits are an interesting element because this causes the answer to the question posed by this article to differ completely depending on who is asking it. There are actions you can take that will undermine the protection your AV software has afforded you. There are threats out there that specifically prey on your trust to manipulate you into allowing them to have their way with your computer. Through the practice of social engineering (basically a type of con), instead of superior coding and advanced technology, these threats can infect your computer. No amount of technology and features in your AV software will protect you from these threats. The best defense against these threats is safe browsing habits and educating yourself on the types of threats that are out there.
  • Some infections are unavoidable. It’s sad, but true. There are at least 25,000 new malware variants released each day. It is impossible to keep up with that volume of malicious software on a daily basis, and while many AV vendors do a great job of gathering samples, creating virus definitions, and getting those virus definitions released to their users in updates, as well as utilizing technologies like behavioral detection, none of them can catch everything. As such, at any given time there are at least a few, and likely many more, malicious pieces of software floating around the web that your anti-virus won’t pick up on.
  • Are you using multiple anti-virus programs? In the case of anti-virus software, less is more. Most anti-virus software includes processes which “lock” specific files, a way for the anti-virus software to dynamically monitor your files in real time. This works great with one program, but when you add a second anti-virus program that offers full, active protection this can lead to one program not being able to function properly, making it useless (but not preventing it from consuming your system’s resources) or even making it interfere with the functionality of the other anti-virus software you have installed. What’s the best solution if you want a second opinion when you scan? Use an on-demand scanner like Malwarebytes Free alongside your primary anti-virus software. Malewarebytes Free does nothing to actively protect you against viruses (so it won’t interfere with any AV software that does), and only scans when you start a scan manually, but it does a great job of detecting and removing most malware that may slip past your primary anti-virus software.

As you can see, the question “I have anti-virus software, am I safe?” has a multifaceted answer that differs based on which brand you’re using, how you use your computer, how educated you are on how the threats and scams work, and in some cases pure luck. You are of course much safer using anti-virus software than you would be if you were not, but it’s important to remember that anti-virus software is not your get out of jail free card to do whatever you want on the Internet and not worry about getting infected. You can increase your odds of avoiding viruses even more by practicing safe browsing habits and becoming more educated on how online threats work and how to identify and avoid them. One great way to do that is by “Liking” the AVG Facebook Community, where information on the latest threats and how to stay safe online is shared, and your questions can be answered by knowledgeable volunteers (such as myself) and AVG staff.

AVG Software Pirates, Friend or Foe?

December 29, 2010

Recently AVG Technologies brought myself and a few other AVG Community VIPs to Prague, Czech Republic, where we had breakfast with the senior executives, took a tour of the city, ate delicious traditional Czech dishes, and attended a concert hosted by AVG.

During the breakfast with the senior executives at AVG, my friend and fellow Community VIP Kyle Moore asked a great question about how AVG was dealing with software piracy. It is surprisingly common for people who are pirating AVG’s software to come and brag about it on the AVG Facebook Page, or try to share cracked licenses on the page, so those of us who are involved in helping the community have all seen it quite often. Tony Anscombe, Ambassador of the Free Product Range and Dusan Zabrodsky, Senior Vice President of Operations explained to us that AVG is still gaining value from everyone who uses the software, because the majority of people who use AVG software automatically report data back to AVG about infections they encounter, allowing AVG to have more inclusive virus definitions for all new infections. So the more people who use AVG, legally or not, the better AVG will get.

Also, they pointed out that people who are likely to pirate their AV software and use software cracks typically engage in more dangerous activities online, encountering more malware because of their involvement with cracked software, and any other dangerous activities they may be a party to. This in turn provides AVG with more valuable information than the average user practicing safe browsing habits could provide, because the average user would not encounter as much malware as the typical software pirate. So while it’s not obvious to someone on the outside looking in, AVG actually benefits quite a lot from the people who pirate their software.

As with many of my posts, this one was also inspired by my interactions with someone in the AVG Community. Recently a community member made an appeal to AVG to try harder to stop the pirating of their software. It seems that AVG is content with their current methods though, as am I. I’ll elaborate with this analogy to show you what I mean.

As I mentioned, people who use software cracks are at a greater risk for contracting malware. While it’s true that cracks can get you free software, they will just as often get you infected with malware. So the trade off doesn’t really appeal to most people. Think of it like this, while it’s true that robbing a bank will net you a whole lot more cash much quicker than working a job everyday like the rest of us, it’s also a very dangerous crime that could get you killed and will make you a wanted man. Though people have been robbing banks for quite a while, we still see the majority working at their jobs to make an honest living.

While we may see people pirating AVG’s software, the majority will continue to purchase their software legitimately, so they don’t have to worry about getting infected and so they have the benefit of free technical support. As for the minority who are pirating the software, in a rare instance the criminals are actually helping their victims more so than hurting them, the information on new threats these software pirates provide may be worth more to AVG than the $54.99 that they ripped AVG off for ever could be. It’s always interesting to see things from a different prospective.

Thank You For Reading,
Zachary Chastain
AVG Community VIP

Malware Misconceptions

June 17, 2010

A common misconception is that there is no malware for Macs. I’ve informed many people of the truth behind this misconception during my volunteer work with AVG Technologies’ community efforts. I can understand the average user believing the hype, but I recently encountered an IT professional who actually thought that Steve Jobs had created a literally perfect product. Steve Jobs may have a cult following, but he is no God, and he has yet to create anything perfect.

I was answering a question on the professional networking site LinkedIn. A student in Bangalore, India was interested in learning how to secure his computer from hackers and malware.

A Disk Jockey was the first to answer the question, and had simply said “buy a Mac.” Now, ignoring the implications of a DJ answering Information Security questions with authority, after providing some useful information on the topic, I mentioned that using a different Operating System is not a real security measure.

Using a Mac or Linux OS as one’s sole security measure is called “Security Through Obscurity.” Basically the concept of security through obscurity is that Microsoft has the largest market share,  with many more people around the world using a PC rather than a Mac or using a PC that’s running Linux. Hackers and malicious software developers are looking to infect as many people as possible with as little effort as necessary. It makes sense to target the device that the most people are using, so most criminals target Windows systems.  So, basically you’re relying on nobody to attack your computer in order to stay safe. See what the problem is with security through obscurity? It’s the same as leaving your home, and closing the door, but not locking it. Sure, everything looks alright from outside, but if someone actually walks up and tries to open the door, they’ll have no trouble at all getting inside and making off with everything they can carry.

I might expect this from your average user, who doesn’t know the implications of their actions until they are provided with the evidence, but I was surprised to see an IT professional with several years of experience refute my points about security through obscurity. He actually said “no one has put forth a successful attack on the Mac OS ever.” Of course, this is a wildly inaccurate statement. Here’s just one example that cites 20,000 Mac users who were infected by malware. I provided other examples in my reply as well, such as this FAQ and this information on Mac Malware provided by Panda Labs. He also went on to say “Now, security through obscurity is a false argument. The Ubuntu OS on the iPhone is under 10,000 users. As close to the smallest user set as can be measured, and yet, it was hacked within weeks of being released.”  Now, considering that the original iPhone already had a 20% market share by the third quarter of the same year it was released. (and it was release around the middle of 2007) I don’t think that a wildly popular product is a good example of security through obscurity because the whole point is using an unpopular product that doesn’t have a large market share in order to avoid attacks, but I digress.

If the IT professionals of the world don’t know better than to do some research for themselves, how are the end users of the world supposed to get the facts? That’s why I’m writing this post, to alert you, the end user, to the dangers of the very real self imposed threat of security through obscurity. If you want to stay safe online, the first step is to take responsibility for your own actions and your own security. I recommend getting started by learning some safe browsing habits. You can’t leave all your security up to someone else, and you certainly shouldn’t leave it up to chance that nobody will attack your computer, considering that an average of at least 25,000 new malware variants are released daily, and by 2015 Trend Micro expects to see at least 25,000 new variants released per hour!

Please feel free to leave comments, ask questions, and provide your own thoughts on “security through obscurity.”

Update!: AVG has released LinkScanner for Mac after I originally published this article. I strongly suggest installing LinkScanner for Mac to add LinkScanner’s powerful protection to your tech defense arsenal. http://linkscanner.avg.com/Mac/

How Anti-Virus Signatures Work

March 26, 2010

Most traditional Anti-Virus software works using a technology referred to as signatures. A virus signature is unique to each individual virus, just like your signature is unique to you. Once an AV vendor identifies a new virus, they assign it a signature, which is generated using an algorithm and a hash. A hash is a unique set of characters generated by an algorithm being run against a particular object. Hashes are also used when you activate your OS with Microsoft. And when passwords are sent on a domain ( a group of computers in a corporate environment) they are converted to hashes, which can be identified by the domain controller (the server that authenticates users trying to log onto the network) but if intercepted in between, are supposed to be impossible to reverse engineer to figure out the password. (article on password hashes later).

This hash is what makes up the virus signature. The signature is then distributed to the clients who are running the AV software through updates. This is why it’s so important to keep your AV software updated, because hundreds if not thousands of new threats are identified daily, so that’s a lot of threats you’re leaving yourself open to if you don’t turn on your automatic updates in your AV software configuration page.

Of course, to be identified and have a hash created, a virus must first be found. AV vendors devote a lot of effort to locating and identifying new threats before they infect users, but a lot of new threats are identified because users are infected by the yet to be discovered virus and the AV product sends information on the new virus to the vendor.

So obviously this means that no anti-virus software can ever be perfect, or protect you from every threat that hits the Internet. There are bound to be plenty of threats out there each day that haven’t yet been identified, and you could be the unlucky one to get infected by one if you feel too safe because of your AV product.

Some products like to market “total protection” and want to make you feel like you’re absolutely safe if you buy their product. It’s a great way to market a product. Here’s a widespread problem that could cost you a lot of money, pay us less than $100 a year and we’ll make that problem go away. However, it’s also a great way to misinform millions and make them even more susceptible to infection.

The truth of the matter is that there is a human side to security. You have to practice safe browsing habits, take precautions when opening attachments in e-mails, and be careful what you install on your computer. Your AV solution can only do half the work. Your brain, the most sophisticated computer known to man, has to do the other half.

When you pair technological solutions with end user education and safe browsing habits, you can create a powerful security tool, more powerful than any programmer will ever create.

Scare Tactics And Empty Promises

March 26, 2010

A particular pet-peeve of mine (other than the word pet-peeve) is Anti-Virus products that advertise using scare tactics. “Download our product now or else hackers will get your credit card information.” Well, unless you’re lacking in the intelligence department enough to bank online or buy online from sources you don’t trust, chances are that’s not going to happen. If it does happen, chances are that it’s some company’s fault (include link here later).

I feel people should have AV software as part of their protection, but you shouldn’t sell it to them by spamming them, or by trying to scare them, or by guaranteeing they won’t ever be infected (that’s my biggest pet-peeve). It’s good that people are putting up another line of defense, but when you make them feel like it’s an impenetrable defense, then they start feeling like they can do whatever they want on their computer and they’re safe. And that usually leads to people getting infection.

It’s kinda like a condom. Sure, it may prevent those unwanted results at a rate of like 99% or so, but only if used properly. If you’re not careful and you misuse it, it completely defeats the purpose.

The problem I’m talking about is how certain vendors like to say that you’re completely protected by their product. This simply isn’t true. Even the best AV products can’t protect you from everything. Due to the way Virus Signatures work you’ll never be protected from viruses until they’ve been identified and their signature registered by an AV product. This identification often happens when a user “in the wild” becomes infected.

Furthermore, if you go to dangerous sites and download files or or run executables, or you’re challenged by your AV software when you attempt a certain action and you tell it “yes, allow it” even though you really don’t understand what you’re agreeing to, then the protection isn’t really working as intended.

My point is that the only way the world will really ever attain some level of global security and successful prevention of virus propagation is if Information Security becomes a mainstream topic. No program is ever going to provide complete protection. There’s no such thing as complete protection. We would, however, be closer if we paired technological solutions with end user education. What good is the software if people don’t understand what it’s asking them? What good is it if a company tells them they’re 100% safe when that’s just not true?

There are several sides to Information Security. Two of them are the technological side, and the human side. Until we all start addressing both, we’ll never achieve true security.

Underhanded Anti-Virus Marketing

March 26, 2010

I was reading a post on an Anti-Virus product’s Facebook page today, and I got really pissed off about something. It’s not anything that the AV vendor (AVG) did, it was just the topic of one of the posts. Products (such as AV products) being advertised through spam. AVG was recommending you steer clear of them, and I have to agree. Honestly, would you trust the security of your computer to something you received unsolicited in your e-mail? That’s the same method that many viruses themselves are propagated throughout the Internet.

In fact most of these fake AV products that are actually viruses themselves are usually spread through spam advertisements. I’ve even seen certain products which were right on the line of “legit” in my opinion to begin with, due to their lengthy late night infomercial which was full of scare tactics and simulated attacks in a lab using methods that don’t exist as a means of making end users of their product feel secure. Well, later on I saw their product in a pop up generated by a browser hi-jacker on an infected computer I was working on. I won’t say any names because I can’t prove they were involved in it, and I sure don’t want to get sued, but honestly, why would the browser hi-jacker send you to an advertisement for their security product if they didn’t either create it or fund it?

Spam is an underhanded way to market a product, and it often attempts to take advantage of users. Even in it’s most harmless state it’s annoying and undesirable. I would never buy anything advertised through spam, and I recommend you don’t either.