Antivirus: the last line of defense

News

What would a regular user do to protect his or her computer or laptop? Usually, an antivirus is installed on a new machine – and that would be it. The user thinks s/he is absolutely protected against any threat. However, this typical scenario is not ideal. In fact, an antivirus is just the last defense line. To put it simply, imagine your computer is your home and cybercriminals are petty burglars; in this case, the antivirus is a dog which barks and bites and drives the intruders out. It’s nice to have a properly trained dog! Yet, you wouldn’t say no to doors, surveillance, or an alarm system, would you? No dog can substitute them all. One should use all means to protect the property. So, what means are used to create the true end-to-end protection for your digital household?

last_line

OS updates

The first thing you have to do once your newly purchased computer is unwrapped and online is check updates for your operation system. It is almost certain you would discover a full-scale update, beyond just a few patches, is available to visibly get your PC or Mac up to date. Updates to Windows 8.1 and OS X Yosemite are offered free of charge which is a nice move. In terms of security, the most up-to-date version of the OS is much better than the previous available iteration as it has less vulnerabilities known to hackers. There are few causes to decide against the update. A user’s laziness is the main reason why s/he does not bother to update their OS, coupled with, probably, one more which is pirated software. Sometimes, especially regarding home PCs, pirated OS is the case. It prevents you from updating your OS in a proper way, paving the way for malware to enter your computer. Using our household analogy, an older version of the OS is a weathered house with holes in its walls. Burglars are welcome!

Application updates

Besides OS vulnerabilities, the culprits frequently turn to vulnerabilities in popular applications installed on every machine. Just run a seemingly harmless PDF in the vulnerable Adobe Reader version or open a web page using an outdated version of Internet Explorer, and – zap! –a malicious code has just infiltrated your system. In some situations an antivirus is capable of snatching the malware, but this outcome heavily depends on the quality of the antivirus and attributes of the malware. You’d better avoid testing this in real conditions, but try to set up automatic updates for your browser, e-mail and IM clients alongside with other popular software you use. Stats show that the list of the software most prone to being compromised is topped by (in alphabetic order) Adobe (Acrobat Reader, Flash), Apple (iTunes, Quicktime), Microsoft (Internet Explorer), Oracle (Java).

Actually, in terms of security, all applications should be regularly and promptly updated. Not all the developers offer the enforced seamless automatic update feature in their products the way, say, Google Chrome does it. So in case you have not found an automated update capability in a software product you use, take advantage of the great freeware by Secunia – Personal Software Inspector (PCI).

By way of this program, you are able to scan your system to find software requiring an update and, even more, run the update automatically from their respective official web sites. Convenient? You bet!

A similar vulnerability scanner is available in the new version of Kaspersky Internet Security, which does not, in fact, offer automatic updates for third-party applications, yet informs a user about potentially dangerous OS settings and components.

Minimal rights

Having dealt with ‘holes in walls’, let’s enforce the ‘front door’. You might have noticed that computer users vary in terms of rights: they could be Guests, Users, and Administrators. Guest’s rights are minimal, a User has rights to use a computer for his own needs except the rights to install software and change the system settings, which, in turn, belong to the Administrator. Usually, on a home PC there is a single user profile with automatic log-in and Administrator rights attributed by default. So, if a virus gets inside such computer via vulnerability or having lured the user into letting it in, it gets full access to the system.

The correct setting looks as follows: the automatic log-in is acceptable only if the profile is User. Should an application be installed, one should login into another profile which is password protected and provides Administrator rights. Once the installation is completed, one can re-login as a User.

The experts from BeyondTrust, a security firm, have tested this concept. They have studied all the vulnerabilities discovered last year in Windows, Office and Internet Explorer, which totaled to 200+. As a result, about 60% of all breaches were mitigated by using a profile with limited rights. If we speak about critical vulnerabilities, which are capable of inflicting serious harm on the system, about 90% of Windows 7 and 81% of other Microsoft product breaches could be avoided by using the limited rights approach. Moreover, according to BeyondTrust, Office and Internet Explorer using such a method eliminated all threats. Gives some pabulum for thought, doesn’t it?

Backup

There is an entire class of issues which cannot be tackled by the antivirus as they are none of its business. Such problems include hardware failure, user mistake, and maloperation of legitimate software. The result is always the same: priceless photos and documents are destroyed, and all you can do is pull your hair out in desperation, or… restore the information from a backup copy. Provided, of course, that such exists and is up-to-date, which is achievable by regular backups, whether daily or at least weekly.

There are threats to your data brought by malware, and backup could be the only way to avoid a desperate situation. Among such are Trojans with data encryption capabilities, a.k.a. ransomware, recently invented by cybercriminals. They hold your data hostage, encrypt it and ask for a ransom of 5 to 2000 USD. The hackers posses a unique encryption key, so help is nowhere to be found, except probably, an external hard drive with the backup copy of the data which was encrypted.

‘But that’s the antivirus’s job to protect the data!’ you’d exclaim. Ideally, that is true, and the new Kaspersky Anti-Virus and Kaspersky Internet Security even offer a special feature for such security events. But in real life, there are a lot of ‘buts’. The most notorious ‘but’ is when a user is tricked into disabling the anti-virus just before executing a certain malicious file. Or kids could do it. So, a backup copy is essential, and, considering the threat coming from the ransomware, it must reside on a drive which is not plugged into the system all the time, otherwise it could be encrypted as well.

Good habits

It’s good to have a reliable anti-virus solution and the most up-to-date versions of OS and browser, or use a profile with limited rights whilst working. But, first and foremost, you must check regularly if your defense is robust. In order to limit the chances of being affected by any security threats, one should practice the following PC habits:

  1. If a random person or organization sends you a file or a link you were not expecting, just delete this mail or instant message right away without following the link or opening the file. If a suspicious link or file was sent by someone you know, check with him/her to make sure it was he/she who sent it to you.
  2. Mail from web services you use (Apple, Google, Facebook, e-banking service, etc.) containing security alerts should be checked the following way: go to organization’s web site but not via the link you received. Open the page and log-in your credentials, then check whether you have problems accessing the service. Should something be wrong, contact the customer service, but do not do it using the suspicious email.
  3. Random web sites do not check your PC for viruses. Neither do they organize raffles so you could win an iPad. They do not require you to download the player in order to play the video directly from the web site. In other words, if you are offered to download or run anything, it’s time you came to your senses and closed the web page.
  4. Besides links and emails, threats are common for USB thumb drives. Running a quick check of detachable storage (flash drives, cameras, players, SD cards) should become your routine when you plug them into your PC, as they could have been connected to any other machine before. By the way, the autorun capability on detachable storage should be disabled on your computer.
  5. Ensure you have deployed correct PC settings so no threats infiltrate your system with inadvertent ‘help’ of guests or irresponsible family members. Provide Guest access rights to guests and have parental control in place for your kids. Login as a User and do not use Administrator profile for daily work.

We hope these simple tips would help you in your battle against malware.