So many home, and even business users, are complacent about the level of protection they are currently receiving from their traditional anti-virus (AV) software.
I have real-time protection in my AV! That's enough, right?Nope. Not any more. The malware ecosystem has changed drastically in the past 10 years, to the point that the old precautions are just no longer enough. Here are the three top reasons for this:
- You don't have to click to get hit.In the past, it was sufficient to simply avoid clicking on suspect links or visiting bad sites. This is no longer the case because of new attack vectors like malvertising. In a malvertising attack, a legitimate site unknowingly pulls malicious content from a bad site, and the malicious content seeks ways (often exploits) to install itself on your computer. You may have heard these attacks called "drive by downloads." Just by visiting a good site on the wrong day, you get infected.To learn more, you can read our other posts about malvertising.
- Traditional AV response times to new threats are too slow. According to data compiled by Panda Research, traditional AV only stops 30-50 percent of new zero-hour malware when it's first seen.A few take up to eight hours to reach even the 90 percent level, with the majority needing a full 24 hours. And it takes them a full seven days to get to the high 90's. That's a whole lot of time to be missing protection!
A recent study by the Enterprise Strategy Group showed that almost half of the enterprises polled had suffered a successful malware attack even though they were running anti-virus.
- Exploits are everywhere. Many software products, notably including Java and Flash, were designed in an era when computer security was a much less serious concern. And the worst part of exploit based malware is that the time from the initial exploit to detection and remediation - is on average almost a year.
The layered approach is just like using a seat belt and an airbag - they both help keep you safe, but they work in different ways.
In layered security, you don't put all your eggs in the AV basket - you use multiple types of defense, each of which has its own strengths, and does different things.
An anti-malware program is a zero-day focused, lightweight product that works with your traditional anti-virus product to block threats that AV misses.
An anti-exploit program takes a different - yet still complimentary - approach.
While anti-malware concerns itself with the what - files, URLs, domains, and so forth, anti-exploit worries about the how. How is a particular application behaving, and is it only performing actions which are expected?
Using advanced behavior analysis, anti-exploit can stop a compromise at the beginning of the attack chain, rather than waiting until malware is already installed.
And of course, you can augment your vendor provided protection by simply maintaining your computer according to the Three Basic Rules of Online Security, written by expert Brian Krebs:
- Don't install software you didn't explicitly request
- Keep your installed software up to date
- If you no longer need a piece of software, uninstall it
And both of these products also come in Business editions for use at the office.
For more history on the evolution of malware, be sure to check out The Malware That I Used to Know.
It's a new world out there. The layered approach to security, along with good software maintenance practices, can help you stay safe.