If you think about your computer’s password like a toothbrush — you must use it every day but don’t share it with anybody else. Then compare your antivirus software to deodorant. Everybody should use it. Period.
The Internet continues to be infiltrated daily with newly introduced and existing spyware, malware, bots, rootkits and worms that are not being cleaned up. Today’s top threats continue to prove this point. Stats report that the top threats being exploited this month are:
This was initially detected in 2008 as a Trojan that uses an advanced rootkit to hide itself. The current variant is infecting 64-bit machines (as well as 32-bit); it also is infecting the MBR (Master Boot Record) gaining control before the operating system is loaded.
Conficker (aka Downadup, Kido) blocks access to more than 100 anti-virus and security websites. It can be detected as malware and prevented by (after removal) applying patch MS08-067. The Conficker eye chart assists in detection of the worm. I encourage you to run this eye chart to see if your network environment is infected: http://www.confickerworkinggroup.org/infection_test/cfeyechart.html
Multiple Adobe Products Remote Code Execution Vulnerability
Adobe has released special out-of-cycle security updates to patch critical vulnerabilities in Adobe Reader and Acrobat X (10.0.2), including earlier 10.x and 9.x versions for Windows and Mac. The announcement was Adobe’s second in four weeks concerning a zero-day vulnerability. Adobe says there are reports that one of the vulnerabilities, CVE-2011-0611, is being actively exploited in the wild against both Adobe Flash Player and Adobe Reader and Acrobat, as well as via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an e-mail attachment.
Windows RPC Denial of Service
This threat has been detected and updated since Windows NT 4.0 Service Pack 6a. Recently it fixed a vulnerability that could allow remote code execution in the way that the OpenType Font (OTF) driver improperly parses specially crafted OpenType fonts. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights (CVE 2011-0034).
The weakest link in your network is the unprotected computer that may be connected to but not necessarily logged into the “domain.” Utilizing a “layered” security approach is the best methodology but, after you get past the multiple firewalls, SMTP Gateways, Network Intrusion Detection Systems, Network Intrusion Prevention Systems, Host Intrusion Detection Systems, and Personal Firewalls, the antivirus software is still a line of defense that must stay in place and updated, guarding the local Operating System.
As threats grow smarter and stronger, the antivirus solution needs to be faster and able to detect malicious behavior. To remediate the suspected intruding code, either quarantine or delete it quickly and efficiently, and then notify the user of the potential infection.
The antivirus detection methodology needs to know the “family” association of the threat and understand its behavior by nature and during its execution. The antivirus solution needs to know the patterns and the characteristics of the threat as well as the packages it disguises itself in. If a generic signature can match the pattern of the threat, it can be unmistakably identified and dealt with.
In addition to the above requirements for an effective antivirus solution, all of this needs to be done with minimum impact on system performance. This allows the operator to continue working, unaffected by the security defending their data. The necessary function of antivirus can be effective and efficient.
In conclusion, the necessity of an antivirus solution is obvious to the most basic computer security implementation and all of the points made in this discussion should help establish the criteria when including an antivirus product as part of your layered approach to security. Do this and you won’t be left holding your nose.
– Kim Fors