Does Antivirus really protect your system from malicious attacks?
Virus: A malicious code or a program written to alter the way a computer operates and is designed to spread from one computer to another
Malware: Malware is nothing but malicious software and used as a single term to refer to the virus, spyware, worm etc.
Phishing: Phishing is a type of attack which tricks the users to steals sensitive information. This attack mainly occurs through email send from a known person or from a company asking you to fill in your personal details such as credit card numbers, user credentials etc.
Antivirus software is a software program used to remove, delete and quarantine virus. The primary purpose of an Antivirus is to protect computers from viruses and remove any viruses that are found.
The main work of an antivirus is to scan the entire system or the network and remove any virus found. The antivirus operates in different roles like manual and automatic scans. The manual scan will scan the entire system or enterprise to find any malware, spyware or virus present in files and directories. The automatic scan will check files that are downloaded from the Internet and from any software installer.
It is designed primarily to protect computers against viruses; many antivirus programs now protect against other types of malware, such as spyware, adware, and rootkits as well.
Anti-Virus is just an information provider
Antivirus is not a perimeter between an application and internet, it can only inform that the application is infected by virus or malware. The main role of an antivirus is to inform the users that we are victim to any viruses or malware.
Antivirus works on the malware signature that it already has and then gives us an alert that the system is been infected. Antivirus software cannot detect any vulnerabilities but it can only give information that the system or the enterprise has been compromised.
Anti-Virus Solutions Don’t Provide Sufficient Security
In the present day scenario, there are numerous zero-day attacks occurring, an anti-virus solution is not enough to protect your enterprise systems because it can give an alert that the system is affected by virus or malware.
Anti-virus products are not a “one stop solution” from being hacked. While all anti-virus software is good at spotting known malware by matching its digital signatures with a signature database, today’s sophisticated hackers write their own exploit code that no anti-virus product would have ever seen earlier.
Once the system or the network is affected by a virus or malware it can only remove the threat or quarantine it. Antivirus programs cannot restore or replace the corrupted files or folder rather it can give an alert on any affected files.
Anti-virus can’t detect a phishing or social engineering attacks which are bigger concerns than viruses or malware because hacking can happen easily using these techniques.
Example of a recent attack
The New York Times said it has an antivirus system from Symantec (SYMC) installed on devices connected to its network but even though they were hacked by the Chinese hackers. They have built a new exploit code to steal usernames and passwords from New York Times, these signatures were not present on Symantec’s list of forbidden software, most of it was allowed to pass through undetected.
Anti-virus software is fairly effective to detect, remove and quarantine the affected files or networks, it will not prevent you from getting hacked and there are new security loopholes to exploit in the operating system and networking software that would give the virus a new entry point to bypasses the anti-virus software.
To eradicate virus and malware it is required to perform vulnerability assessment and penetration testing on enterprise platforms. These enterprise platforms should follow security compliances such as OWASP and SANS.
Finally, to protect the system from malicious attacks, the end user is advised to use globally accepted security practice guidelines.