Why Antivirus Doesn’t Work and What to do About it?

In a previous article, I talked about how cyber crime is continuing to get more sophisticated, and how the offenders are getting away with larger amountsIn this article, we’ll look at AntiVirus software why it’s not always effective and what can be done to overcome this ineffectiveness.

Antivirus software is designed to prevent, detect and remove malicious software.

The obvious solution to removing malware and viruses is to have an updated version of AntiVirus to catch and remove them.  AntiVirus works well for existing and known malware and virus’.  But these are not so effective against new viruses, also known as “Zero Day” viruses.  Depending on your version of antivirus, they can be from 0% to 65% effective.  So, if you have the best antivirus on the market, 35% of the Zero Day malware will go undetected.

To take a random example from this week. We were called to repair a WordPress website that had been hacked.  Here we found most of the files has been altered to have a piece of malware quietly infect computers visiting the site.  As shown below only 8 out of 55 AntiVirus systems recognized this as malware. The missing offenders included some of the biggest names like Trend Micro and McAffee.

So, if AntiVirus is so ineffective what can one do?

Fortunately, there are many tools on the market to combat these kinds of threats.

Unfortunately, they tend to be lesser known and often expensive solutions.

Let’s start with finding malware.

Since most AV systems work by trying to identify bad files or processes, detection needs to be rethought to be effective.  One way to do this is to analyze processes in memory and identify ALL of them instead of just some.  Identifying a process in memory means that the file is actively running and using memory, therefore it presents a danger. An idle file cannot cause harm.

Secondly, one can not find a malicious process on its own. Trying to find a malicious process is like trying to find a needle in a haystack without knowing what a needle looks like.  This is why AntiVirus companies have such a hard time catching everything.   Every single process must be identified as: good (previously seen and known), bad (previously seen and known to be bad) and unknown (not previously seen and need to be forensically investigated).

One such AntiVirus company that takes this approach is Cyfir.  Through this approach, they were able to detect a breach at the Office of Personnel Management in the US Government, that was previously undetected by multi-layered security systems

With a solution like this in place, you can rest assured systems and data will be much safer.

With that said, not all attacks involved malware.  Stay tuned on how to thwart further would-be attackers beyond using the traditional firewall systems and password security.

If your systems are only protected by AntiVirus, and there is concern about unknown processes running, perhaps it’s time to look into the next level to secure your most important data system?

 

logo
Submit a Ticket
Follow Us
Location
Office Hours:
Mon - Fri: 8am - 6pm
Weekends: Closed
Helpdesk:
Mon - Fri: 24 hrs
Weekends: 9am - 5:30pm
Contact Us

JIG Technologies

Head Office

Toronto Address

250 Merton Street Suite 301, Toronto, ON M4S 1B1
Phone: +1 (416) 850-2684
Toll Free: 1-866-615-2786
Fax: 1-416-222-9131

Other Global Locations

Vancouver Address

1583 Marine Dr. Suite 33056 West Vancouver, BC V7V 1H0

Hong Kong Address

Flat B, 17/F 379-381 Kings Road North Point, Hong Kong