In a guest post for National Cyber Security Awareness Month, Tim Cline, Information Security Specialist with Information Technology Services, explains why anti-virus software isn’t the be-all and end-all solution and he shares other ways to defend yourself against online threats.
While average people say using anti-virus software is their best way to stay safe online, using anti-virus software isn’t even among information security professionals’ top five best practices, Google researchers found in a 2015 study. Understanding why is key to managing risks that can come from using digital devices.
Examining an analogy between digital and human anti-virus efforts
Traditionally, anti-virus programs worked by maintaining a database of known virus “signatures.” If a user attempted to download a malicious file from the Internet or tried to open a malware attachment that came in email, the anti-virus program would detect the malware from the file signature, and would prevent the file from running, either by deleting it or quarantining it. Think in an analogous way how vaccinations against the flu or to prevent tetanus work. Vaccines protect your system (your immune system) against future “attacks” by a particular disease.
When a pathogen enters your body, your system “recognizes” it and prevents it from doing harm by generating antibodies to attempt to neutralize it.
However, this analogy between the human and digital world only holds for so far and in particular breaks down here: virulent “organisms” in the digital world can reproduce at a rate that is magnitudes beyond what human pathogens can do, and malware can be spread across the global Internet at the speed of light.
Too many threats for anti-virus programs to keep up
By way of comparison, in a report published in 2013, the anti-virus company McAfee estimated that it cataloged more than 100,000 new malware samples every day, which averaged out to just less than 70 new threats every minute, or a little more than one new threat every second[1]. Maintaining a database of anti-virus signatures on your computer to protect your computer against a threat of that size would require that there be more than 12 million unique signatures. And that was just from the fourth quarter of 2013.
Layered defense is the best defense
If traditional anti-virus is failing, how can you best defend yourself against online threats? Think back to the analogy from the world of human health. A similar set of best practices works there too, which can be summed up in a phrase: have a layered defense. Get vaccines for diseases you are likely to contract, but also watch your health in other ways, including a periodic checkup. The same model makes sense in the digital world. Have an anti-virus program, but also keep your system patched. Use strong and unique passwords and use a password manager to help keep up with juggling all the different accounts you have. Finally, take advantage of two-factor authentication where available.
October is National Cyber Security Awareness Month. Visit ITS News throughout October for posts offering cyber security advice from experts and other tech tips. For additional cyber security tips and to check out the activities and resources associated with National Cyber Security Awareness Month, visit the national campaign’s website.