Why Your Desktop Anti-Malware May Be Flawed

Why Your Desktop Anti-Malware May Be FlawedAs computer users these days, we have been bombarded by companies that claim to be able to keep our computers free from malware. However, this may not be the case.

The majority of anti-malware software uses traditional, signature-based techniques in order to detect malware. It works by your anti-malware software detecting malicious software by looking up its characteristics in the vendor’s database. If the malware is listed in the database, it is automatically unable to be executed and generally removed or quarantined. However, if it isn’t, the software will be allowed to execute.

This method of detection is implemented in the majority of anti-malware packages today, however, it is severely flawed.

Although this method of detection was ample over 10 years ago, in this modern day it is a completely different story. According to GData’s malware report in the first half of 2011, it recorded that the average number of new malware going into the wild per day is 6,881, and has most likely risen dramatically since then. With this amount of malware being distributed, the anti-malware vendors simply cannot keep up, which could lead to the end user being in danger — exactly what these companies are trying to prevent. If the end user is infected with what is known as “zero-day” malware (malicious software that is not detected by signature based anti-malware) and accesses online banking while being infected, they could be subject to identity theft. I find it overwhelming that the majority of anti-malware solutions only incorporate signature-based prevention systems, which puts their customers at a large amount of risk.

To combat this, a small amount of anti-malware vendors are using behavioral detection techniques. One of the most popular solutions is heuristic analysis, which analyses the behaviour of the malware to see whether it carries out malware-like actions. This type of detection technology is good to prevent zero-day malware, although as there is no definitive answer to whether the file in question is malicious, heuristic analysis can be inaccurate and present a large amount of false positives. Another method of detection that a small percentage of anti-malware vendors are using is a system called HIPS (Host Intrusion Prevention System). HIPS analyses the malware, and if the malware carries out a suspicious action, it will alert the user. They will then be given the choice whether to allow the software to carry out the action or block it. This technique is ideal for power users; it allows them to have complete control over what is running on their system with an increased detection ratio in most cases. The main disadvantage to this is that HIPS can seem ungainly to average computer users who just want their anti-malware software to protect their system with no fuss. For this reason, many anti-malware vendors disable HIPS out-of-the-box in their software and expect power users to enable it if they wish.

Another method of prevention that isn’t widely used is sandboxing. Sandboxing works by running software in a virtualized environment, which is completely separate from your desktop. This way, the software can still be run but cannot infect your machine and when you are done with the software, you simply clear the sandbox.

For sandboxing solutions, I suggest Sandboxie. It is a piece of sandboxing software available for Windows that is ideal for anyone, as it can be used in several different ways. Sandboxie allows you to sandbox software that you don’t trust to run in the sandbox manually, or if you are configuring a computer for someone who isn’t as competent with technology, you can use Sandboxie to automatically sandbox all applications, which in some instances could provide you with a 100% detection rating. Although Sandboxie costs €13 for a one-year license and €29 for a lifetime license, I believe this software to be ideal for anyone who has had problems due to malware infections.

There are also some anti-malware products on the market that integrate signatures, HIPS, and sandboxing technology into one package; one such product is COMODO Internet Security, a free product that I highly recommend to power users, although it may seem slightly complicated to average computer users due to its implementation of heuristics and HIPS.

I also must take this time to emphasize the fact that you must keep your anti-malware software up-to-date with the latest signatures, and I also highly recommend that you keep your operating system up-to-date with the latest patches as many pieces of malware exploit vulnerabilities in various operating systems in order to infect your system.

Personally, I believe that the major anti-malware vendors are creating a false sense of security for their users by making them believe that their software will prevent all malware infections, which simply isn’t the case. There are many free solutions available that can provide an extra layer of security to prevent attacks by cybercriminals. Also, in the past, malware developers made malware that caused your computer to do abnormal tasks, however, their focus has now been changed toward generating revenue from their malware. Today’s malware is much more discrete — the majority of average computer users wouldn’t notice that their computer is infected, proven by malware such as the Zeus trojan, a banking information stealing trojan horse that doesn’t alter the user experience so would leave the end user clueless about the malware running on their system. Don’t be the victim of an infection; be sure to update your security packages accordingly.

Oliver Charlton is a technology enthusiast who enjoys writing about security products and malware. He runs several websites that are technology and gaming related, and he is interested in the future of consumer electronics.

Image: Pixabay