Do You Use Protection?
May 2nd, 2008 · by David Bradley
I’m not trying to get a sneak peak into your private life, but am interested in your privacy and safety. If you are only using a conventional antivirus (AV) package whether that’s AntiVir (recommended), AVG (recommended) or any of the myriad other AV products, such as McAfee, f-Prot, or Norton, then you may not know that you are wide open to attack from malware particularly in between AV updates. How come, you ask?
Well, the answer lies in understanding how conventional AV software works, and how new viruses, trojans, and other nasties can circumvent it. To detect a viral attack on your computer, your standard AV package monitors computer activity against an internal database of signatures. These signatures are the “digital fingerprints” of viruses, trojans, and spyware. If the AV program spots one of these signatures being loaded into memory on your computer, it kicks into action and blocks any ensuing activity, protecting you from known malware.
However, although every threat has a unique fingerprint, your AV software can only intercept it if it has a copy of that fingerprint in its internal database. You can update your AV software on a daily business, but what happens if a new virus emerges, which is very likely, between updates when no signature has yet been identified or added to the AV update?
There are some rare AV programs that use heuristics to spot activity that might be associated with viral activity, as well as monitoring signatures, but the most commonly used repeatedly misses new viruses and can lead to false positives. ThreatFire, is apparently different. It labels itself as zero-day protection (zero-day referring to the fact that a virus can appear before standard AV software gets updated).
ThreatFire’s ActiveDefense technology closes those protection gaps. It uses behavioral analysis instead of signatures to detect malicious activity. This means it can protect you from threats so new your AV doesn’t even know about them yet.
ThreatFire’s creators, PCTools, suggest that while its software can catch those attacks between AV updates, it’s probably a good idea to run a standard security suite with AV updating at least once daily on your system. One might say it’s a case of wearing both belt and suspenders, but perhaps more appropriately for the initial tone of this piece it’s more like using a double layer of, ahem, latex.
Science News
Join me on StumbleUpon
My Facebook Page
Flickr Photos
My Twitter microblog
Network with me on LinkedIn
My reading list
Sig Figs Calc
Tech Jobs
4 responses so far ↓
sure, i use protection for one night stand…
If you’re having electronic intercourse of any kind you should use protection at all times. That’s not to say full latex body armor, but AV software and firewall with regular spyware checks.
db
I trust my computer as we have been togeather for a long time now.
seos last blog post..A few quick updates
Hi there,
As a first line of defence, our tools at http://www.processlibrary.com could be useful:
1. ProcessScanner is a free download that scans a user’s PC and tells them exactly what’s running, what each process does, what program it’s associated with and measures resource usage. You can get it here:
http://www.processlibrary.com/processscan/
2. ProcessQuickLink is a free plug-in for the Task Manager - it gives you click through info about each process in the list. http://www.processlibrary.com/quicklink
If you need any more info, please let me know - you can email me at hilaryr@uniblue.net
Leave a Comment