Skip to content
Naked Security Naked Security

My anti-virus is up to date so I am protected, right?

The world of malware was a lot simpler 20 years ago. Now we live in a far more complicated time when it comes to cybersecurity, so is an up-to-date anti-virus product alone enough to protect you from threats?
Written by
May 16, 2016
Naked Security Anti-virus defense in depth Tips

The world of malware was a lot simpler 20 years ago.

If you had received your monthly floppy disk containing the latest updates to your anti-virus software you could consider yourself relatively safe. (Assuming you actually took the disk out of the envelope and installed it, of course.)

Now we live in a far more complicated world when it comes to cybersecurity.

Nevertheless, I often hear people asking the same questions that they would have asked 20 years ago: “What is the latest software version?” and “What was the last identity file you released?”

I should stress that being on the latest software versions with regular and live updates are an essential part of modern security. The problem I have with those questions is when those are the only ones being asked.

Here is a typical scenario:

A user called Brian has a virus on his computer. He believes it must be a new zero-day threat because it got past his anti-virus software and he’s pretty sure he’s using the latest version.

Brian understands that no security vendor guarantees 100% protection, so he puts it down to a one-off. He checks that all his computers are using the latest versions and are downloading the latest threat updates. He is happy that they are so goes back to work.

The next day another ‘one-off’ attack happens…

So why is this happening? Is Brian being targeted by a cybercriminal gang? Does he need to change his anti-virus vendor?

The truth is that security is built up of layers, and ensuring the latest versions are being used is only one layer of your security.

This fact isn’t new. Imagine you are building a castle – would you consider yourself secure if you only built the walls? What about a moat, battlements, soldiers, catapults, a drawbridge, and so on…?

Now imagine you are Brian and you are using the latest next-generation, shiny new anti-virus software.

Are you safe if:

  • You aren’t regularly deploying the latest security patches?
  • You disabled a security feature after a user complained Facebook was slower?
  • You have unprotected mobile devices that can connect to file shares?
  • Your email doesn’t get scanned for viruses and spam?
  • Visitors can access your Wi-Fi, which is on the same network as your servers?
  • Anyone is allowed to turn on macros in Office documents they receive via email?
  • Users can read files they shouldn’t access at all and write to files they shouldn’t change?
  • You don’t require users to choose suitable passwords?
  • You ignore alerts from your security software that are warning you something is wrong?
  • You’ve forgotten about those old XP machines still running in the basement?

You can probably think up any number of examples to add to the list.

Now imagine if Brian took a more proactive approach to these recent threats.

He knows the attack wasn’t detected on his computer, but he isn’t sure if his anti-virus software is following best practice, so he double checks all the settings and corrects some mistakes made by his predecessor.

Next he looks at the first virus, which he received on an email.

It was a Microsoft Word file with a macro that automatically ran when he opened the file, so he makes changes to stop macros from running without him first allowing it.

The second virus he also received over email but this was a JavaScript file. For this he changes his Windows settings to make .JS files open in Notepad by default. He also enables Application Control to stop JavaScript files from being able to run on his machines.

Next he looks at his email gateway product. This was upgraded recently but he notices that some of the new security features that came with it haven’t been enabled yet.

Next he looks at the access rights of his staff and makes some very overdue changes, including enforcing proper passwords.

These are just some examples of the different security layers that Brian has at his disposal.

The goal of security software is to stop threats. If the threat can be stopped by the first security layer then that’s great, but it’s not always as easy as that.

If an attack succeeds, it didn’t just get past your anti-virus – it got past everything.

The best way to stop it from happening again is to understand how it got through and make appropriate changes to prevent a repeat.

About the Author

Read Similar Articles

8 Comments

I often ponder this. AV software is fine, but is your firewall setup correctly and are any unnecessary ports open, will someone open a bad attachment, plug in an infected USB drive? Between Zero Days and new variants, AV software basically protects you from the average bad guy, but if someone really wants to get in, there’s good chance they will. I do backups and unplug the drives when I’m done, but honestly I expect to come in one morning and find a problem.

Reply

“Next he looks at his email gateway product. This was upgraded recently but he notices that some of the new security features that came with it haven’t been enabled yet.”

What is an email gateway product? Is this software that scans all opened and unopened emails in your email account?

Reply

Pretty much, except that in this context, I think Peter is referring to an email filtering system that runs before the email is actually delivered to your inbox.

The word “gateway” implies that the email has to pass through it first, and if it fails the tests or policies set up by the gateway admininstrators (e.g. your company IT security guys), then it will either be discarded, or put temporarily in quarantine, or perhaps have dodgy components (e.g. attachments) stripped out before delivery, for safety.

An email gateway relates your inbox a bit like a network firewall on your router relates to your PC inside the network. If the gateway detects a virus in an email, you don’t get that email at all…

Reply

“I think Peter is referring to an email filtering system that runs before the email is actually delivered to your inbox.”

Are there any examples of reputable email filtering software for home use? Can such software be used to filter web-based emails or does it work only with stand-alone email programs, e.g., Thunderbird?

From my personal experience, T-bird by itself does not seem to do a great job of filtering out bugs.

Reply

The Sophos XG Firewall is 100% free for home use:
https://www.sophos.com/en-us/products/free-tools/sophos-xg-firewall-home-edition.aspx

You need a spare computer (or a virtual machine) to run it on, and you need a bit of technical knowhow to set it up, but it can filter SMTP (mail server mail), POP/IMAP (ISP and webmail mail downloaded with a mail client like T’bird), and HTTP. (Oh, and the -S, or secure, variants of those protocols, too.)

It’s a network firewall, web filter and much more besides. Not bad for $0 :-)

Reply

A link in the above post for “Application Control” for .JS files would be useful.

Reply

I think you’ll find this related post useful:
https://nakedsecurity.sophos.com/2016/04/26/ransomware-in-your-inbox-the-rise-of-malicious-javascript-attachments/

Reply

Hi Nick,

If you are using the Sophos Endpoint Anti Virus product you can find the instructions here: https://www.sophos.com/support/knowledgebase/123946.aspx

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!