Anti Virus is not enough to keep you safe online!
A vulnerability scan is a fundamental tool for any organization. When an administrator is trying to secure his network there are a lot of things that need to be kept in mind. Unfortunately we have noticed that when it comes to network security most people (and companies!) stop at installing an anti-virus program. They are unaware of the potential threats posed by configurations, issues with third party applications or maybe weak or poorly setup hardware on their network which can leave them totally open to attack.
There are literally hundreds of high profile examples of network breaches where anti-virus has been evaded (this New York Times one is a great example). These attacks highlight something computer users either don’t know or don’t want to admit, anti-virus is not enough to keep your system secure.
So any person or business that relies on an anti-virus package to keep its network secure are exposing themselves to a huge security risk. This can in part be blamed on the security industry who sell these products but never the less it is something we must all unlearn. We need to do more!
Anti-virus works best by spotting known malware. It matches the digital signature of known malware to signatures in its own database, the type of hackers and attack we are seeing these days are increasingly more intelligent and have ways to mask their code so as anti-virus cannot detect it this way.
There is a good chance that the New York Times were relying on Symantec’s anti-virus signature detection to protect their network. After the attack was publicised, Symantec said in a statement “Turning on only the signature-based antivirus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Antivirus software alone is not enough.”
Most anti-virus including Symantec will offer more than just signature based detection by using algorithms to protect against similar malware, or prevent buffer overflows (a common attack). This are often (in our experience) turned off as they can hinder a computers performance or quite frankly are seen as a pain. However even when these are turned on they do not offer total protection from an online attack. The reason for this is: Whether or not a given antivirus product will detect a piece of malware is entirely predictable.
To defeat this all a hacker needs to do is test their attack on a computer with a particular anti-virus product to see if it will be detected. If it is then there a lot of ways this code can be modified to avoid the anti-virus.
So how do we stay safe online?! The answer is to use several layers or security measures to reduce the risk of your systems being compromised. One of these layers should absolutely be an anti-virus suite but others must also be adopted. Hackers and attackers all too often look for easy pickings and this is where vulnerability scans come into their own. A vulnerability scan is one of the many methods a hacker would use to attack your system. So it is a good idea to get a trusted third party to do this for you so you can address any issues you may have. Just like keeping your anti-virus up to date a third party scan should be carried out regularly (at least once a year, twice is better!) as sometimes your software and hardware vendors change things without you knowing…That doesn’t include the sheer volume of attacks that are developed daily that need to be checked for.
Cyber security is ever evolving and to stay ahead of the curve business and users alike must adapt with it or risk losing their data or having their systems compromised. Reduce the risk that you will be targeted by keeping on top of your virus updates and get a vulnerability scan scheduled.