Antivirus is Not Enough with Today’s Hostile Internet Environment

At this point, everyone pretty much realizes that every system needs Antivirus in order to stay protected. Those that didn’t want to spend the money or computer resources have already been burned and now see it as a necessary expense. Now, most individual users as well as companies are doing a good job at budgeting for this expense every year. So with the hundreds to thousands of dollars spent for this each year, the question remains: why are my systems still getting infected?

As necessary as antivirus is these days, it’s simply not enough. It’s never been a perfect solution but has always been good enough to protect from the majority of the scripts created by the pimply faced kid in his parents’ basement. As time goes on, more is at stake. No longer is a virus simply a way to ruin someone’s day, or steal a piece of information, or even destroy a system. No, the virus of today is just another method of marketing (pop-ups), bumping a webpage’s stats in search engines (homepage hijacking), selling a product (rouge antivirus/antispyware ), assisting with an emailing campaign (spam bot), a form of activism (DDoS attacks), stealing your identity (backdoor Trojan), another place to store information (mIRC, FTP bot), or make a name for one’s self by spreading as much and as fast as possible (worm). Because there is more on the line, there are more resources on the side of evil than good.

So what can you do?

Well, all the major antivirus players seem to be doing two things. First, they are beefing up their antivirus programs to try to stop this. The side effect to this is an antivirus software that is now taking up 60% of your computer resources and creating little add-ins that require you to do more manual maintenance. From what I have seen, this is not really effective. All it's doing is slowing you down. If this was effective, then my laptop with 4 gig of ram, 2.4ghz processor, and a 100gb 7200 rpm hard drive that is bogged down with Symantec Endpoint 11 would not have just gotten the WinAntivirus 2010 virus from the spoofed UPS email I just opened. Or my desktop with 3gig of ram, 3ghz processor, 500gb 7200prm hard drive bogged down with McAfee would not have just downloaded a Russian speaking virus from my friends Facebook profile. Trust me, by the numerous issues per day ACS works on I know I am not alone. Yes, my antivirus was up to date, my Network threat protection was enabled, Tamper protection was enabled, the internet was marked as an untrusted zone, and I even verified that the firewall component was enabled. More features just bog me down, make it confusing, and leave more room for misconfiguration.

These companies are also releasing different methods of protection. Most have been around for a while, but now are starting to get serious attention and are becoming more effective. It is very important to choose the right solution for your infrastructure and as your IT provider what’s best for your situation.

So what are some of these methods:
The correct firewall – you can spend fifty or five thousand dollars. The correct one depends on your setup and need. The biggest mistake is most people make a decision based on price, and many firewalls I have seen implemented are doing more harm than good. Make sure you weigh all the factors before making a decision.
Content filtering – while not a viable option for all companies this is usually a very effective way to protect your network. By using an effective content filter you can not only protect yourself from malicious programs, you can also protect your business from losing time/money due to employees goofing off.
Gateway Antivirus protection – Just one more way to filter your traffic, but at it's source. By adding this to your arsenal, you are removing viruses before they hit your machines.
Managed Anti-spam protection – Spam is a growing problem, but in addition to just wasting time deleting junk it's also a way to get malicious programs. A Managed Anti-Spam solution can eliminate the junk mail while saving your machines.
Deep Packet Inspection - A powerful method for filtering traffic. DPI acts almost like a customizable antivirus/content filter. This is not meant to replace these functions but instead to add to them. DPI will scan for a pattern within a packet rather than the file itself like an antivirus solution will. DPI signatures were more effective in preventing the Conficker virus than the antivirus programs themselves when it first released.
Managed antispyware protection – Antispyware is best to work in conjunction with antivirus software. A managed solution will ensure that your systems are fully updated and have the appropriate settings for your environment. While antivirus is necessary for preventing viruses they usually lack the protection of those pop-up campaigns, and rouge antivirus/spyware programs.
Managed Antivirus protection – While antivirus has been the topic here, it still is necessary, and by having the appropriate managed solution you increase the effectiveness.

Brian Kingsley - Director of Technical Services