 |
 Goodbye Antivirus?
There was a time when antivirus software was the only security tool used for home PCs. That time has passed into history and someday your grandchildren will sit on your knee and be amazed at your telling them about it. But, should we say "Good bye" to our antivirus software?
Today there are many other security applications: personal firewalls, anti- Trojans, anti-spyware tools, and others. Unfortunately many users dismiss these programs with the justification, "I'm just an ordinary user, I don't need this level of protection".
The latest attacks from the W32.Blaster and Sobig.F worms show that this thinking falls short. Those worms spread so rapidly that most users had no time to update their antivirus software. Even the antivirus application vendors had no time to update their virus-signature databases to prevent the infection from spreading. The attacks were simply too fast.
New worms are using new methods to replicate. W32.Blaster spreads via a vulnerability in Windows (Remote Procedure Call module) rather than via e-mail messages. The worm scanned networks for systems with an open port 135 (used by RPC) and snuck through. Tons of computers were infected just because their Windows software was not patched and their antivirus apps were not updated with previously prepared info of W32.Blaster.
The other side of this horror story is that users with a personal firewall (software that acts as a barrier between your computer and the Internet) were not affected. Most personal firewalls such as ZoneAlarm Pro and Outpost Firewall Pro make your computer "disappear" to attacks. Worms and hackers have no idea a computer in stealth mode even exists. Firewalls also block suspicious connections or inform the user who can decide to allow or block the activity.
Security experts predict that future worms will use even more sophisticated techniques than W32.Blaster, so our antivirus programs are certain to loose more battles. It's a safe bet that new attacks will bypass your antivirus application and infect your computer.
These same security experts overwhelmingly advise that it's far better to prevent an attack than try to cure one.
How can you prevent an infection?
- Follow general security measures (never open suspicious attachments, never execute suspicious files, maintain high security settings on your browser and e-mail app, etc).
- Install new security updates (patches) from Microsoft and other vendors for applications you use.
- Install personal firewall software to secure your Internet connection and monitor network activity.
- Use good anti-spam software to prevent malicious spam from infecting your computer.
An excellent example of prevention is the personal firewall that has an e-mail filter (Outpost Firewall Pro and ZoneAlarm Pro). These firewalls rename suspicious e-mail attachments preventing them from executing malicious code. Users of these firewalls were well protected from the Sobig.F worm despite the fact that it used an entirely new method of attack and was able to bypass most users' antivirus software.
These recent attacks raise the question, "Should we give up our antivirus software?" After careful consideration, the short answer is "no". If your computer gets infected, you will need your antivirus app to find and remove the infection from your system. However, your antivirus software definitely needs a partner to keep your computer secure.
The bottom line is every system is open to attack unless it employs a personal firewall.
|
|
