Uncategorized

Why Antivirus is like a green traffic light

    This morning while I was driving to work just as I was about to go through a greenlight I looked to my left and saw a white Kia that sped right through its red light. We have all likely experienced showing up at work and wondering how we got there. Sometimes the brain just disengages. I was reminded of a phrase my driver education teacher told me, a green light is not an indication that it is safe to enter an intersection, it’s just an invitation for you to enter the intersection, the rest is up to you.

This adage really applies to the use of antivirus today. If you own a computer antivirus is valuable, it can at times save your bacon. We need to use it, but also we need to do other things as well.

                It is because others don’t always follow the rules that we need to form good habits like looking both ways before entering an intersection even if the light is green.

It is because others don’t always follow the rules that we need to form good habits like looking both ways before entering an intersection even if the light is green. Since it was time for me to renew my antivirus, I was thinking about this topic recently. When we use Antivirus it is going to identify and block some malicious files because the antivirus can identify files that match a certain signature or identify a certain behavior. Many times malicious software is about the intent of the actor who wrote the file, and if they are using commands and system services that you have the capability to run yourself, the system nor the antivirus can possibly know the intent of the software. For example I can write software that erases your hard drive. Now that could indeed be legitimate, in fact there are many commercial tools sold to erase a hard drive, but if you open a document that includes the same instructions as the commercial program, the intent is different, one is legitimate and one is nefarious. Software cannot tell the difference in intent.

This is why user behavior is just as important. Just as a defensive driver looks both ways when entering an intersection, it is important we take the time to ensure that we do not to open documents from anyone we do not know. This includes files like Microsoft Word documents or PDF files because while we use them mainly to exchange the printed word, both include a full programming language that can perform actions on our computers, and do so without out knowledge or any indication that something is happening beyond us looking at the document.

It is very frustrating, but in fact when we open a document from someone that we do not know, we are essentially handing them the keyboard. System settings can combat this, but in some cases there are errors or bugs in the Windows Operating System that allow commands to be used in ways that Microsoft did not intend. This is why it is important that we update software regularly and we do, but from the time that a flaw is found and exploited to the time that the update comes up, there is a window of opportunity.

This is why it is so important that users do not open a word document or a PDF from someone they do not know. To make matters even worse the FROM field on emails can be set to whatever we would like for them to be so when you get an email and it says it is from one person, it can really be from someone else!

92% of all malware related and breaches now start with an email that contains a link or attachment that someone opened or clicked.

92% of all malware related and breaches now start with an email that contains a link or attachment that someone opened or clicked. Don’t be that guy. When you click links, or open attachments make sure you know who they are coming from or are expecting them. If not, call the person and ask. If you can’t call them then don’t open the file. It really has become that simple. If you do otherwise you can easily become the next statistic.

 

Leave a Reply