One of the first things the average person thinks about when a topic like cybersecurity comes up are anti-virus programs. And usually, their thoughts will default to some of the more widely known and used versions.
“Just download (and pay for) this program”, so the popular wisdom goes, “and you’ll be safe from viruses and other icky stuff.” After all, it’s right there in the name, right? Anti-virus. So simple, so easy.
The problem is, while most anti-virus software will at least reduce your chances of having your computer infected, it’s not nearly the unbreakable barrier or omniscient protector that most people think. Far from it.
Most Modern Anti-Virus Software Focuses on Detection Over Prevention
Most modern anti-virus programs revolve around their “scan” feature. Of course, they’ll block the occasional connection or quarantine a file every now and then. Most anti-virus software today also includes a firewall which offers some level of added protection.
But you’ll still be prompted to scan your computer’s files regularly, whether it’s a quick scan or a full one. And in theory, there’s nothing wrong with scanning for viruses. In fact, it’s a good thing. Your anti-virus should be digging through every folder and file for malware, spyware, and everything else.
However, if you’re looking for malicious files on your computer, it means… well, that those malicious files already on your computer. And the fact that these scans take anywhere from a few minutes to several hours also means that your anti-virus has no idea where they are – or even that the viruses are there in the first place.
Considering the massive amounts of havoc these viruses can wreak, the damage they can do, the data they can steal, all in the matter of minutes, wouldn’t it be better if you simply didn’t let them on your computer in the first place? And if you did, shouldn’t your anti-virus be keeping an eye on them the entire time?
This is one of the main problems with modern AV software. It’s focused on detection, when what you need it to focus on is prevention.
Most Modern Anti-Virus Software Rely on Incomplete Lists of Viruses
Now, we don’t want to give the wrong impression. And so, we’ll give the average anti-virus the benefit of the doubt and assume that they do in fact want to prevent those malicious files from every reaching your Downloads or Documents folder.
Unfortunately, as we highlighted above, they do this through a detection method. By checking a file against their database of trojans, spyware, and other nasty little programs, they’re able to look for matches and let you know, “hey, buddy, don’t open this file”.
The main problems with this method are:
1. In order to be identified as a virus, the virus has to infect some unlucky person’s (or persons’) computer first.
2. There is so much malware out there, with so much more being created each day, that it is simply impossible, even under the best of circumstances, to create a complete database of it all.
And this is where the detection method fails. If Joe Hacker created a new virus twenty minutes ago, and you’re one of the first people to download that file, there’s little chance that your anti-virus will detect it. Because it hasn’t had a chance to learn about it and add it to the list of naughty programs yet.
In some cases, this file will end up infecting not only your (or some other guinea pig’s) computer, but the computers of hundreds, thousands, or even millions of computers before it’s been properly “identified” and added to the database.
Most Modern Anti-Virus Software Contains Key Vulnerabilities
Okay, so most AVs aren’t perfect, but at least they do what they say they do, right? Eh, not quite.
Again and again, the biggest names in the anti-virus business have been shown to possess key vulnerabilities in their code and how they function, which ultimately leave their users unprotected.
What makes this even worse is the nature of anti-virus. First of all, it’s supposed to make you safe, not vulnerable. That false sense of security can leave you more at risk.
But secondly – and perhaps more importantly – these programs require access and permissions above and beyond most programs. You don’t allow your word processor, for instance, to write or delete or modify files in the way that your anti-virus does.
Unfortunately, that access makes exploits in AV software particularly bad, because the program that’s now compromised is also one of the most powerful programs on your computer, in terms of what it can do.
In other words, the software that’s supposed to be your protector could quickly become your worst enemy.
So, What’s the Solution?
At this point, you might be thinking it’s hopeless. If most anti-virus software suffers from these problems, then you’ll never be fully protected, right?
Fortunately, this is NOT the case. Yes, there are some major issues with many AV programs. But not all.
For instance, Comodo’s Internet Security anti-virus seeks to solve these problems:
• Features like Default-Deny place the importance on prevention over detection
• Features like “sandboxing” which keep even new and unknown viruses from causing damage
• Any vulnerabilities, if they exist, are quickly found and patched
The above are just some of the reasons that Comodo’s Internet Security Premium has been earning perfect 6/6 protection ratings from AV-TEST for a couple years running.
There’s no need to abandon your faith in anti-virus software entirely. You just have to make better, more informed choices in who you trust to keep your computer and data protected.