Are you wasting time and money on anti-virus software?


Anti-virus software has long been a mainstay of PC information security. Recently however, it has gotten a bad rap, with many in the industry stating that it is no longer especially useful, since it misses many malware infections. You may have even heard one of the recent string of TV commercials by a software company, stating flatly that traditional anti-virus packages are essentially worthless.

By way of background, traditional antu-virus software packages are signature-based, meaning that they monitor data coming in to your PC or mobile device, against a database of signatures for known malware packages. When a match is found, the software performs a more-detailed check, and blocks anything it believes to be infectious. Vendors update these signature databases frequently to incorporate newly-discovered signatures. Most companies require 48-72 hours to get a new signature into the database.

The downfall of any anti-virus package, or other security product using a signature database, is malware referred to as zero day. This term defines a malware item that is so new, that it is not reflected in any of the vendor signature files.

For some time, the pace of new viruses entering the ecosystem was comparatively slow. Vendors had some time to discover and analyze the virus, and add the necessary information to their databases. In the last few years however, as the malware industry has become better funded, new malware items have been hitting the wild more frequently, and the signatures on existing malware have changed to make them harder to detect. They are also distributed across the Internet more quickly that before, meaning that your chance of encountering a zero day infection is much greater. This greater chance of you encountering a zro day infection is what has prompted many in the industry to discount the usefulness of anti-virus software.

In my opinion, the usefulness of anti-virus software is a numbers game. It is true that anti-virus packages will be useless against zero-day infections. That being said, there is no retirement plan for older malware items. They continue to float around on the Internet, and turn up again frequently. Based on the shear numbers of older malware items versus zero-day items in the ecosystem, you are statistically far more likely to be hit by an older one. As such, anti-virus packages continue to be an important part of your information security posture. Such packages are also still a requirement of the major compliance standards, including PCI DSS and HIPAA.

This usually prompts the question "Which anti-virus package is best?" There is no good answer to that question. If you ask 10 people for their opinion about which is best, you will likely get 11 answers. I think it matters less which you have than it does that you have one that is updated frequently. That being said, I have had good experience with Microsoft Security Essentials (part of Windows Defender in Windows 8 and 10). This software is free for home users and small businesses. I have also had good experience with Webroot's SecureAnywhere product, which is normally at the top of head-to-head tests, and has good central management capabilities.

In summary, I believe an anti-virus package is still a key part of your information security posture. You should install one, make sure it receives frequent updates, and pay attention when it generates an alert.


Featured Posts
Recent Posts
Archive
Follow Us
  • LinkedIn Social Icon
  • Facebook Basic Square
  • Twitter Basic Square

ToGoCIO

 

LET'S TALK: 678-341-3630
  • Facebook Social Icon
  • Twitter App Icon
  • Google+ Social Icon
  • LinkedIn App Icon

© 2016. togoCIO, LLC