There is a common misconception that if you have Anti-Virus software then you don’t need to worry about viruses, trojans and all assorted malware. It doesn’t even seem to matter what version you install or how it works, anything will do.
Unfortunately this is completely untrue, and this feeling of safety you’re feeling knowing you have Anti virus software installed is completely misplaced. The simple fact is that the writers of malware have developed a host of techniques to fool AV software. In fact there are some AV programs which are almost worthless – here’s a video from the creator of McAfee Antivirus software with his suggestion on removing the software which he once owned (please note do not watch this at work!).
Although no one is suggesting that you should uninstall your AV software, it is important to realise that no product is anywhere close to being able to detect 100% of malware out there.
Your Antivirus Software is No Protection
Many security researchers use a great little website called virustotal, basically this web site runs scans on web pages and files using all of the major Anti virus software. Everything is included from the big guys like McAfee and Symantec to other smaller firms like AVG whose free version you’ll find on millions of computers. The results that you will see from this web site are certainly eye opening.
Here’s what happened when I uploaded an infected file that I received in an email entitled – “Voice Message Attached”. The email is a common one which pretends a voice mail is attached which you need to click to listen to – of course that would not be advisable !!! Here’s the results –
The important line to note is the detection rate, remember this is a dodgy file that I know is infected with quite a common Windows trojan, and yet only 21 out of 55 Av software was able to detect it. Here’s a little snip it of the results –
Although some software was able to detect this trojan many more didn’t and the ‘No’ list contains names like McAfee, Trend Micro and AVG. This isn’t meant to be a list of which AV software works best – because if I load up a different infected file – the numbers detecting will be similar but the names will be slightly different. If you look at the list, virtually none of the software can even agree on the malware that was detected.
The scary fact is that the people who develop malware have access to all the AV software and places like this site, they can keep checking when and how their code is detected. Obviously then they have the facility to produce code which isn’t detected. This usually involves encrypting parts of the code, so that no signatures are present – these can be run over and over again, each time hiding a little more and checking whether the AV software is able to detect it.
There are methods which are able to protect you, an important one is education and common sense – not clicking attachments for instance. Although even this won’t protect you in all situations and there are some more advanced techniques which should provide better protection than our current AV solutions which I will cover in another post. So don’t uninstall your AV software like John McAfee suggest, they do offer some protection but also be aware that it’s likely to only detect around 50% of malware out there at the very best.
Check out my post on using Smart DNS – here.