Who surrendered to antivirus?
Hello! In the course of regular reading of the anti-virus blog, as well as corporate blogs of anti-virus companies, you often come across messages of the following type, which receive rabid support: Antivirus without special precautions, and for the past 7-8 years there have been almost no viruses on my machine. ” After some time, it creates a strong feeling that "who is cool, he does not need an antivirus in any form, and who does not - he has nothing to do on the habr."
Let's try to consider this question from a slightly different angle.
')
To get started, let's quickly go over the main technologies that modern antivirus systems use. For some reason, many are still convinced that the basis of any product is signature detection, which can withstand perhaps some specific samples, the company's analysts got into the lab, and then with some delay. Meanwhile, technologies have gone far ahead in the last ten years, and now the antivirus product is a complex multi-module complex that implements detection technologies using a variety of methods. They include code emulation, designed to go through packers / cryptors, and heuristic detection methods, designed to grab certain patterns of behavior, and proactive protection, and sandbox, and all the power of cloud technologies ... It often comes to the fore, the problem is not to grab too much.
Now let's see what place anti-virus systems occupy in the daily life of various representatives of our society?
The one who often has to communicate with novice users should be aware of how long it takes to develop a certain safe behavior pattern and healthy suspicion of certain things. Meanwhile, all this time a person continues to use the system and surf the Internet. So, at least for this period, he needs additional levels of protection in case of force majeure. And since our world is changing extremely quickly, and the threats do not stand still, it is always worth to be safe once again in order to avoid problems.
As is known, the main gap in any system is the person, the most difficult and, often, integral part of it. Therefore, safety training and similar events are extremely important for any company using modern systems. However, the habit is a strong thing, and if at home you can constantly influence your household, then here the person brings his ingrained habits with him, which creates an additional threat. And losses in the corporate sector can reach by no means insignificant amounts even from forced downtime or “theft” of a single mailbox.
Linux, anyway, is a good thing, but not everyone can afford to use it in everyday life. This is connected with a certain work activity, and with the lack of time / desire for the development of new technologies, and ... Okay, we will not provoke the next dismal holivary. How does an experienced user behave who does not want to waste system resources on an incomprehensible bulky product? We cut off JS support in the browser, turn off autorun flash drives on older systems, turn on auto-update for all software, especially paranoid comrades will be pampered with security policies, etc. Does it all work? Of course! Is there a panacea? Of course no. At least because no one has yet invented a panacea, while maintaining the usual active lifestyle.
- hacking of trusted sites
Even using handy utilities like the NoScript addon, you still have to trust one source or another. So their hacking and subsequent exploitation gives attackers the opportunity to penetrate the protection of even the most experienced users. The similar case (fortunately, with the advanced user) was already described on habr.
- infection with a file virus of its own exe-shnikov on a flash card
One time on my flash drive constantly hung out with a dozen utilities for the treatment of infected systems. So, it was enough to insert it into the system infected with a file virus only once and - arrived. No autorun.inf, everything is quiet and secretive. Now I use for this purpose an archive with a password.
- trusted people
What will a person do when he receives from his friend the game he has just written, which the IRL has already discussed more than once? Few will pre-bother and chase the file on the multi-scan , and meanwhile, the recent history of the new induc speaks for itself.
- office documents
We somehow got used to fear suspicious links, files with .exe and .scr extensions, scripts ... But not everyone remembers that there are currently a huge number of exploits for documents, primarily doc and pdf formats. This trend has been gaining popularity all over the world recently, since it represents an ideal attack against company employees.
There are many examples. In any of these cases, the built-in protection can be accidentally punctured by one familiar movement.
Many of us represent a system infection as something, if not trivial, then at least not dangerous. I saw a trojan in the process — I found it on a disk and deleted it, scanned the system with free utilities, and for every fireman changed all the passwords. However, you need to understand a few things.
First, such a set of actions makes sense only in the easiest cases. Malicious code can be something much more powerful than the BHO browser or the 1sass.exe hanging process. Neither Autoruns nor HijackThis will save us from file viruses, bootkits and propped office documents. GMER and RootRepeal are not always able to safely delete the rootkit file.
And secondly, the consequences of a single penetration into the system can be very, very unpleasant. This includes sending spam, including to close people. This and use of your machine as a proxy in order to organize further attacks. And the department "K" can knock on you. And finally, this is a banal loss of savings from a bank card or blackmail, for examples of which it is not necessary to go far.
Antivirus software can be treated differently. If for some users it may well become one of the main (albeit not ideal) walls in the bastion of protecting the system from external attacks, then for the grated comrades it is quite suitable as an additional guarantee of security. And the decision on whether to allocate extra CPU clock cycles to this task is made by each specific manager of his system himself.
At a minimum, I suggest not to treat antivirus products as a “sharag”, but to consider them as another useful and, in some cases, necessary tool for information security.
Let's try to consider this question from a slightly different angle.
')
Few well-known facts
To get started, let's quickly go over the main technologies that modern antivirus systems use. For some reason, many are still convinced that the basis of any product is signature detection, which can withstand perhaps some specific samples, the company's analysts got into the lab, and then with some delay. Meanwhile, technologies have gone far ahead in the last ten years, and now the antivirus product is a complex multi-module complex that implements detection technologies using a variety of methods. They include code emulation, designed to go through packers / cryptors, and heuristic detection methods, designed to grab certain patterns of behavior, and proactive protection, and sandbox, and all the power of cloud technologies ... It often comes to the fore, the problem is not to grab too much.
Now let's see what place anti-virus systems occupy in the daily life of various representatives of our society?
- Moms / Grandmothers / Girlfriends
The one who often has to communicate with novice users should be aware of how long it takes to develop a certain safe behavior pattern and healthy suspicion of certain things. Meanwhile, all this time a person continues to use the system and surf the Internet. So, at least for this period, he needs additional levels of protection in case of force majeure. And since our world is changing extremely quickly, and the threats do not stand still, it is always worth to be safe once again in order to avoid problems.
- Employees of the company
As is known, the main gap in any system is the person, the most difficult and, often, integral part of it. Therefore, safety training and similar events are extremely important for any company using modern systems. However, the habit is a strong thing, and if at home you can constantly influence your household, then here the person brings his ingrained habits with him, which creates an additional threat. And losses in the corporate sector can reach by no means insignificant amounts even from forced downtime or “theft” of a single mailbox.
- Suddenly ... habrozhitel
Linux, anyway, is a good thing, but not everyone can afford to use it in everyday life. This is connected with a certain work activity, and with the lack of time / desire for the development of new technologies, and ... Okay, we will not provoke the next dismal holivary. How does an experienced user behave who does not want to waste system resources on an incomprehensible bulky product? We cut off JS support in the browser, turn off autorun flash drives on older systems, turn on auto-update for all software, especially paranoid comrades will be pampered with security policies, etc. Does it all work? Of course! Is there a panacea? Of course no. At least because no one has yet invented a panacea, while maintaining the usual active lifestyle.
Examples of possible infection
- hacking of trusted sites
Even using handy utilities like the NoScript addon, you still have to trust one source or another. So their hacking and subsequent exploitation gives attackers the opportunity to penetrate the protection of even the most experienced users. The similar case (fortunately, with the advanced user) was already described on habr.
- infection with a file virus of its own exe-shnikov on a flash card
One time on my flash drive constantly hung out with a dozen utilities for the treatment of infected systems. So, it was enough to insert it into the system infected with a file virus only once and - arrived. No autorun.inf, everything is quiet and secretive. Now I use for this purpose an archive with a password.
- trusted people
What will a person do when he receives from his friend the game he has just written, which the IRL has already discussed more than once? Few will pre-bother and chase the file on the multi-scan , and meanwhile, the recent history of the new induc speaks for itself.
- office documents
We somehow got used to fear suspicious links, files with .exe and .scr extensions, scripts ... But not everyone remembers that there are currently a huge number of exploits for documents, primarily doc and pdf formats. This trend has been gaining popularity all over the world recently, since it represents an ideal attack against company employees.
There are many examples. In any of these cases, the built-in protection can be accidentally punctured by one familiar movement.
Effects
Many of us represent a system infection as something, if not trivial, then at least not dangerous. I saw a trojan in the process — I found it on a disk and deleted it, scanned the system with free utilities, and for every fireman changed all the passwords. However, you need to understand a few things.
First, such a set of actions makes sense only in the easiest cases. Malicious code can be something much more powerful than the BHO browser or the 1sass.exe hanging process. Neither Autoruns nor HijackThis will save us from file viruses, bootkits and propped office documents. GMER and RootRepeal are not always able to safely delete the rootkit file.
And secondly, the consequences of a single penetration into the system can be very, very unpleasant. This includes sending spam, including to close people. This and use of your machine as a proxy in order to organize further attacks. And the department "K" can knock on you. And finally, this is a banal loss of savings from a bank card or blackmail, for examples of which it is not necessary to go far.
Conclusion
Antivirus software can be treated differently. If for some users it may well become one of the main (albeit not ideal) walls in the bastion of protecting the system from external attacks, then for the grated comrades it is quite suitable as an additional guarantee of security. And the decision on whether to allocate extra CPU clock cycles to this task is made by each specific manager of his system himself.
At a minimum, I suggest not to treat antivirus products as a “sharag”, but to consider them as another useful and, in some cases, necessary tool for information security.
Source: https://habr.com/ru/post/137789/
All Articles