Does Our Desktop Anti-Virus Protect Us?

May 21, 2008

by — Posted in Security, Technology

Recently at work there was a security incident where a worker was tricked into loading malware on their machine.   I was asked if your desktop antivirus solution fully protected us against this.  While I’m sure most people that read my articles are aware of the answer I gave I thought I would share it with you (some parts have been rewritten from the original email)

While our desktop antivirus solution does detect malware, spyware and virii vectors into the machine, the vendor needs to release definitions to make sure it can detect it.  Due to the fact that we don’t have the name of the spyware in question I can’t verify whether the vendor has the definitions loaded to detect this particular piece of software.  The problem with spyware and malware in general is the fast moving vector in which it changes code, when the code the definition was written for changes even slightly usually they won’t be able to detect it.

Our desktop solution does include heuristics to detect malicious activity done by a software program, but this only goes so far.   Researchers and malicious code writers have even turned this into a game – http://www.infoworld.com/article/08/04/28/Security-vendors-slam-Defcon-virus-contest_1.html.

Without knowing all the steps included I think that the vendor did not have the definitions for this particular attack.  Not only would it have to bypass the desktop virus scanners, it would have had to bypass the web filters if it came via a web page, the mail servers scanners if it came in via e-mail, also possibly any network scanners andmail gateway scanners that we may utilize.

Protecting from malicious software will always be a moving target that there will never be 100% protection against.  There are things that can be done to minimize it’s effects:

1.  Layered security – scanning at the desktop, proxies, mail servers, mail gateways, and virus and IDS at network level – these can help detect known attack vectors and suspicious activity.

2. Vista – not something some people want to hear, but from a Windows perspective with the UAC (User Access Controls) it makes it more difficult for malware to get a foot hold into the operating system.   This is much more effective on machines where the users do not have administrative rights to their machines.  While machines with Linux and OSX operating systems are essentially immune to virii ( there is more virii added to Windows AV Definition files in a week then have ever been discovered for these operating systems) there are not immune to all malicious software.

3. Machine policies – group policies initiatives that lock down the machine lower the surface area that this malware can attack.   Requiring users to only go to trusted sites and disabling unsigned active-X controls go a long way to minimizing these type of attacks from vectors outside of the just e-mail concerns.

4.  User education – the more educated a user is, and the more conscious of the possible repercussions of their actions the less this type of attack happens.

While even all of these will never have 100% coverage combined gives the desktops the best chance of detecting these types of threats.

11 thoughts on “Does Our Desktop Anti-Virus Protect Us?

  1. my question is how does someone get tricked into installing mal-ware unless you “click the monkey” or “install this codec” to watch that porn. haven’t we been worned about this type of stuff in the past

    p.s.
    firefox has mal-ware protection

  2. my question is how does someone get tricked into installing mal-ware unless you “click the monkey” or “install this codec” to watch that porn. haven't we been worned about this type of stuff in the past

    p.s.
    firefox has mal-ware protection

  3. Well your answer is as follows:

    You are assuming that the malware has to come from a browser or active-x control. That is only part of the article I wrote.

    There is downloaded software that has malware piggy backed in, E-mail attachments that bypass scanners, sneaker net, attachments from newsgroups.

    While I only advocate using firefox or a firefox variant you can’t always enforce that at an enterprise level for other reasons.

  4. Well your answer is as follows:

    You are assuming that the malware has to come from a browser or active-x control. That is only part of the article I wrote.

    There is downloaded software that has malware piggy backed in, E-mail attachments that bypass scanners, sneaker net, attachments from newsgroups.

    While I only advocate using firefox or a firefox variant you can't always enforce that at an enterprise level for other reasons.

  5. “”Recently at work there was a security incident where a worker was tricked into loading malware on their machine.””

    well if that were the case of piggybacked software thats okay we all been victim to root kits and so on, then should be stated “loaded software with mal-ware” but saying “tricked” implies hornswoggling or douped into and states that the person was lured by an outside force such as space monkeys with a vendetta against said person

    as a person who laughs at security breach attempts i just wondered how they were “tricked”
    im also putting fort a firefox enterprise version if mozillia wants to be a better browser they need such an animal

  6. “”Recently at work there was a security incident where a worker was tricked into loading malware on their machine.””

    well if that were the case of piggybacked software thats okay we all been victim to root kits and so on, then should be stated “loaded software with mal-ware” but saying “tricked” implies hornswoggling or douped into and states that the person was lured by an outside force such as space monkeys with a vendetta against said person

    as a person who laughs at security breach attempts i just wondered how they were “tricked”
    im also putting fort a firefox enterprise version if mozillia wants to be a better browser they need such an animal

  7. Unfortunately most people do not use an anti virus and are relatively uneducated when it comes to protecting their computer. It is not just anti virus that one needs either. not opening unsolicited emails askign you to log in to your bank, paypal or eBay account is important too.

  8. Unfortunately most people do not use an anti virus and are relatively uneducated when it comes to protecting their computer. It is not just anti virus that one needs either. not opening unsolicited emails askign you to log in to your bank, paypal or eBay account is important too.

Leave a Reply